Rongchai Wang
Might 19, 2026 04:25
Echo Protocol loses $76.7M through admin key exploit, highlighting 2026’s rising DeFi vulnerabilities as attackers goal eBTC on Monad.
Echo Protocol, a Bitcoin-focused DeFi platform operating on the Monad blockchain, was exploited for $76.7 million in artificial Bitcoin (eBTC) following an admin key compromise. The assault, reported on Might 18, allowed the hacker to mint 1,000 unauthorized eBTC tokens and siphon a portion of the stolen funds by means of Twister Money, a privacy-focused mixing service.
Blockchain safety companies PeckShield and Lookonchain recognized that 45 eBTC—roughly $3.45 million—was used as collateral on Curvance, a DeFi lending protocol. The attacker borrowed 11.3 wrapped Bitcoin (wBTC) value $868,000, bridged the tokens to Ethereum, and transformed them into ETH earlier than routing $822,000 in ETH by means of Twister Money. Regardless of these efforts to obscure fund flows, the hacker nonetheless holds 955 eBTC, valued at about $73 million as of Bitcoin’s present worth of $76,841.
Root Trigger: Admin Key Vulnerabilities
Blockchain developer “Marioo” revealed the exploit stemmed from an administrative non-public key compromise reasonably than a sensible contract flaw. The attacker exploited inadequate safety measures, together with the absence of multi-signature safety, timelocks, or minting limits on the eBTC contract. These operational lapses allowed the hacker to mint new tokens unchecked.
Echo Protocol has suspended all cross-chain exercise on its platform and acknowledged it’s actively investigating the breach. The Monad blockchain itself, based on Monad co-founder Keone Hon, stays unaffected and continues to function usually.
Rising Tide of DeFi Exploits in 2026
The Echo Protocol hack is the newest in a string of decentralized finance (DeFi) assaults this yr. A minimum of 12 protocols have been compromised in Might alone, underscoring persistent vulnerabilities in token minting, collateral manipulation, and cross-chain processes. Notable incidents embrace the Drift Protocol and Kelp DAO exploits, which resulted in losses exceeding $285 million and $292 million, respectively.
Echo’s exploit additionally highlights a troubling sample: the usage of DeFi infrastructure to launder stolen funds. By leveraging platforms like Curvance, attackers can convert ill-gotten belongings into different tokens and obscure their path utilizing mixers like Twister Money.
Market and Safety Implications
This assault coincides with Bitcoin buying and selling at $76,841, down 0.17% up to now 24 hours. Whereas the worth impression of this particular exploit seems muted, the broader development of DeFi hacks has raised considerations amongst business contributors. The absence of stricter operational controls—akin to multi-sig wallets and minting fee limits—continues to pose dangers for platforms managing large-scale liquidity.
For merchants, the Echo Protocol breach serves as one other reminder of the dangers related to DeFi tokens. Traders in eBTC and associated belongings ought to monitor updates from Echo Protocol’s workforce and assess potential impacts on liquidity and belief within the platform.
As investigations proceed, Echo Protocol has dedicated to offering updates by means of its official channels. The incident stays a stark warning for DeFi protocols: operational safety is simply as essential as technical innovation.
Picture supply: Shutterstock
