Echo Protocol is investigating a safety incident involving its bridge on Monad after crypto on-chain analysts stated an attacker minted 1,000 eBTC and used a part of the place to extract WBTC liquidity by Curvance.
The primary public alarm got here from on-chain analyst DCF GOD, who wrote that Echo “could also be hacked on Monad.” He added: “Somebody minted 1k ebtc out of nowhere, max borrowed wbtc towards it on Curvance, bridged, and twister away.” A follow-up publish pointed to a Monad transaction exhibiting a 1,000 eBTC switch on Could 18 at 21:21:32 UTC.
$76M Crypto Mint Sparks Alarm
Lookonchain later mapped the reported sequence in additional element. In response to the account, the attacker minted 1,000 eBTC, valued at about $76.64 million, deposited 45 eBTC value roughly $3.45 million into Curvance, borrowed 11.3 WBTC value about $867,000, bridged the WBTC to Ethereum, swapped it for 385 ETH value about $821,000, and deposited the ETH into Twister Money. Lookonchain stated the attacker nonetheless held 955 eBTC, valued at about $73.2 million.
Phylax Methods founder and CEO Odysseas Lamtzidis stated the transaction path pointed away from a Curvance lending flaw and towards a role-management compromise on the eBTC aspect. “Monad eBTC/Curvance hint: not a Curvance lending bug,” he wrote. “The eBTC admin granted DEFAULT_ADMIN_ROLE to 0x6A0109, who revoked admin, self-granted MINTER_ROLE, minted 1,000 eBTC, posted 45 eBTC as collateral, and borrowed ~11.296 WBTC.” Lamtzidis stated the sample “seems like admin-key/position compromise,” citing key transactions for the admin grant, mint and borrow.
Echo confirmed the incident with out publishing a root-cause evaluation. “We’re at the moment investigating a safety incident impacting the Echo bridge on Monad. All cross-chain transactions stay suspended whereas the investigation is underway. We are going to proceed to offer well timed updates by our official channels as extra data turns into out there.” The suspension makes the bridge the quick operational focus, not merely the lending market that processed the collateral.
Curvance’s publicity seems to have come by the affected Echo eBTC market. Curvance paused that market whereas the groups investigated, and cited Curvance as saying there was no indication its sensible contracts had been compromised and that its isolated-market structure meant different markets weren’t affected. Additionally, Monad’s community itself was not affected.
Monad CEO Keone Hon wrote through X: “To make clear, the Monad community will not be affected and is working usually. Safety researchers of their evaluation have decided that ~$816,000 seems to have been stolen because of this exploit of Echo Protocol’s eBTC.
The incident illustrates a well-known bridge-to-lending failure sample. As soon as a bridged or artificial asset is handled as legitimate collateral, even a partial conversion path can flip a supply-side failure into actual liquidity loss. On this case, the eBTC mint was used to borrow WBTC, transfer it off Monad, convert it into ETH, and route the funds by a mixer earlier than the broader notional place was absolutely monetized.
Echo’s subsequent replace might want to reply a number of market-facing questions: whether or not the unauthorized eBTC has been neutralized, whether or not Curvance faces dangerous debt from the WBTC borrow, which bridge permissions or contracts had been concerned, and when cross-chain transactions can safely resume. Till then, the eBTC market on Monad stays the important thing stress level for customers making an attempt to evaluate whether or not the incident was contained or merely slowed.
The Echo exploit additionally lands throughout a tough stretch for crypto infrastructure. On Could 15, THORChain has misplaced greater than $10 million throughout Bitcoin, Ethereum, BNB Chain and Base, together with 36.75 BTC and roughly $7 million in different belongings. Days later, the Verus-Ethereum Bridge was drained for about $11.5 million, with reviews saying the attacker took 103.6 tBTC, 1,625 ETH and 147,000 USDC earlier than consolidating the haul into roughly 5,402 ETH. Echo now provides markets one other reminder that bridge design, collateral acceptance and liquidity routing stay one among DeFi’s most uncovered assault surfaces.
[UPDATE from X:] Echo Protocol confirmed: “Earlier in the present day, Echo Protocol recognized unauthorized exercise involving eBTC on Monad that resulted in unauthorized minting and related fund loss. Our investigation signifies the problem originated from a compromised admin key affecting the Monad deployment. Primarily based on present findings, roughly $816K was impacted on Monad. The Monad community itself was not impacted and continues to function usually.
Since detecting the incident, we now have been actively investigating potential cross-chain publicity, coordinating with ecosystem companions, and implementing further precautionary measures. We have now efficiently regained management of our admin keys and burnt the remaining 955 eBTC that was within the attacker’s possession.”
At press time, the entire crypto market cap stood at $2.54 trillion.
Featured picture created with DALL.E, chart from TradingView.com
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluation by our workforce of prime know-how specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.