Rongchai Wang
Might 19, 2026 04:25
Echo Protocol loses $76.7M by way of admin key exploit, highlighting 2026’s rising DeFi vulnerabilities as attackers goal eBTC on Monad.
Echo Protocol, a Bitcoin-focused DeFi platform working on the Monad blockchain, was exploited for $76.7 million in artificial Bitcoin (eBTC) following an admin key compromise. The assault, reported on Might 18, allowed the hacker to mint 1,000 unauthorized eBTC tokens and siphon a portion of the stolen funds via Twister Money, a privacy-focused mixing service.
Blockchain safety companies PeckShield and Lookonchain recognized that 45 eBTC—roughly $3.45 million—was used as collateral on Curvance, a DeFi lending protocol. The attacker borrowed 11.3 wrapped Bitcoin (wBTC) value $868,000, bridged the tokens to Ethereum, and transformed them into ETH earlier than routing $822,000 in ETH via Twister Money. Regardless of these efforts to obscure fund flows, the hacker nonetheless holds 955 eBTC, valued at about $73 million as of Bitcoin’s present value of $76,841.
Root Trigger: Admin Key Vulnerabilities
Blockchain developer “Marioo” revealed the exploit stemmed from an administrative non-public key compromise reasonably than a sensible contract flaw. The attacker exploited inadequate safety measures, together with the absence of multi-signature safety, timelocks, or minting limits on the eBTC contract. These operational lapses allowed the hacker to mint new tokens unchecked.
Echo Protocol has suspended all cross-chain exercise on its platform and said it’s actively investigating the breach. The Monad blockchain itself, in keeping with Monad co-founder Keone Hon, stays unaffected and continues to function usually.
Rising Tide of DeFi Exploits in 2026
The Echo Protocol hack is the most recent in a string of decentralized finance (DeFi) assaults this yr. At the very least 12 protocols have been compromised in Might alone, underscoring persistent vulnerabilities in token minting, collateral manipulation, and cross-chain processes. Notable incidents embrace the Drift Protocol and Kelp DAO exploits, which resulted in losses exceeding $285 million and $292 million, respectively.
Echo’s exploit additionally highlights a troubling sample: using DeFi infrastructure to launder stolen funds. By leveraging platforms like Curvance, attackers can convert ill-gotten belongings into different tokens and obscure their path utilizing mixers like Twister Money.
Market and Safety Implications
This assault coincides with Bitcoin buying and selling at $76,841, down 0.17% prior to now 24 hours. Whereas the worth influence of this particular exploit seems muted, the broader pattern of DeFi hacks has raised considerations amongst trade individuals. The absence of stricter operational controls—comparable to multi-sig wallets and minting price limits—continues to pose dangers for platforms managing large-scale liquidity.
For merchants, the Echo Protocol breach serves as one other reminder of the dangers related to DeFi tokens. Traders in eBTC and associated belongings ought to monitor updates from Echo Protocol’s workforce and assess potential impacts on liquidity and belief within the platform.
As investigations proceed, Echo Protocol has dedicated to offering updates via its official channels. The incident stays a stark warning for DeFi protocols: operational safety is simply as important as technical innovation.
Picture supply: Shutterstock