2026 DeFi losses crossed $1 billion in 4 months, with April alone draining $634 million throughout 28+ incidents, the worst month on report.
Drift ($285M) and KelpDAO ($292M) alone accounted for $577 million of April’s losses, and neither was a code exploit.
DefiLlama’s 2026 hack breakdown tells the identical factor.
The most important slices are LayerZero bridge exploits (18%), compromised admin keys (16%), spoof tokens (14%), and personal key compromises (11%).
Mixed, operational and key-management failures account for almost all of all stolen worth this 12 months. Sensible contract bugs like re-entrancy and oracle manipulation barely register.
Echo Protocol simply grew to become the most recent knowledge level.
On Might 18, an attacker broke into the Echo Protocol on Monad and printed 1,000 faux eBTC for themselves. That’s $76.7M on paper.
The issue is, faux tokens don’t purchase you something except you may commerce them for one thing actual. So that they took a small chunk, dropped it into Curvance’s lending app as collateral, and borrowed actual Bitcoin towards it.
Then bridged that Bitcoin to Ethereum, swapped it for ETH, and ran it via Twister Money. Ultimate take: round $816,000.
Everybody’s calling it $76.7 million however the actual quantity is $816,000, and why these two numbers are up to now aside is the primary story right here.
This breakdown covers what occurred, how, and what it says about DeFi safety proper now.
The underside line: The contract was superb. A stolen admin key and lazy controls did every little thing else, and that’s how most of 2026’s DeFi losses are taking place.
Submit Mortem (The Abstract)
- Echo Protocol was not hacked via unhealthy good contract code. The attacker stole or accessed an admin key.
- That admin key managed minting rights for Echo’s eBTC token on Monad. One personal key was sufficient to create faux Bitcoin-backed tokens.
- The attacker minted 1,000 faux eBTC, price about $76.7 million on paper. However these tokens had no actual BTC backing.
- They might not money out the complete quantity as a result of Monad liquidity was skinny. So that they used 45 faux eBTC as collateral on Curvance.
- Curvance accepted the faux eBTC as regular collateral and let the attacker borrow actual WBTC.
- The attacker escaped with about $816,000 in actual worth, not $76.7 million.
- Echo later burned the remaining 955 faux eBTC and paused affected features.
- Monad itself was not hacked. Curvance’s predominant protocol was indirectly hacked both. The failure got here from Echo’s admin setup and Curvance trusting newly minted collateral.
- The core lesson: DeFi attackers are actually focusing on keys, admins, bridges, infrastructure, and group operations greater than good contract bugs.
- Fundamental protections might have decreased or stopped this: multisig admin management, timelocks, mint caps, price limits, and collateral checks.
- Echo received fortunate. The attacker solely failed to empty extra as a result of there was not sufficient liquidity to money out the faux tokens.
The Gamers
Right here’s the complete breakdown of what occurred, and the way.
- Echo Protocol
A BTCFi (Bitcoin DeFi) venture. Their pitch: take your BTC, get a yield-bearing wrapped model of it that works in DeFi.
Their residence base is Aptos, the place the token is known as aBTC. They hit a peak TVL of $878 million on Aptos in Might 2025, presently sitting round $254 million.
Echo expanded to Monad as a part of Monad’s mainnet ecosystem push. On Monad, their wrapped BTC token is known as eBTC.
That is crucial: aBTC and eBTC are utterly separate, non-bridgeable belongings. They’re parallel deployments, not related. The hack hit eBTC on Monad solely.
- Monad
A brand new high-performance parallelized EVM L1. One of many hyped chains of 2025-26. Simply out of the mainnet, with a lot of protocols deploying recent.
Echo is certainly one of them. Monad itself was NOT compromised in any manner. Co-founder @keoneHD confirmed the community ran usually all through. It was a protocol-level failure on prime of Monad.
- Curvance
A lending protocol deployed on Monad. Features like Aave however with remoted markets, the place every collateral asset lives in its personal siloed pool so a compromised asset can’t infect the remainder of the lending protocol.
They’d listed eBTC as a collateral asset.
- Twister Money
Sanctioned ETH mixer. You ship ETH in, you get ETH out from a special pockets, and break the on-chain path. Normal exit device for hackers.
What Received Exploited
Echo’s eBTC token on Monad is a typical ERC-20 contract that makes use of OpenZeppelin’s role-based entry management system. That is trade customary, utilized by principally each critical DeFi venture.
Two roles matter in its setup:
- DEFAULT_ADMIN_ROLE: the grasp position. Can grant or revoke another position on the contract.
- MINTER_ROLE: can name mint() and create new eBTC tokens.
Usually, solely Echo’s group holds these. Minting solely occurs when actual BTC will get locked someplace, and the group mints the matching eBTC. That’s the whole belief mannequin behind a wrapped token.
Right here’s the place Echo tousled.
The DEFAULT_ADMIN_ROLE sat on a single EOA, principally only a regular pockets with one personal key behind it. And the pockets had no security nets. Whoever held that key might mint as a lot as they wished, each time they wished, with nothing to gradual them down.
So the whole $254M+ Echo ecosystem on Monad was, in safety phrases, sitting behind one personal key. That key received stolen. No one’s stated how but. Might be phishing, malware on a group laptop computer, an infra breach, an insider, secrets and techniques leaked in a repo, provide chain assault via a dev device. Echo hasn’t disclosed.
The Assault Step by Step
Date: Might 18, 2026, round 5:55 PM ET
- Step 1: Attackers use the stolen admin key to grant themselves DEFAULT_ADMIN_ROLE on a recent pockets. They’re now admin too.
- Step 2: From that new admin position, they grant themselves MINTER_ROLE. They will now mint.
- Step 3: They name mint(attacker_wallet, 1000e8). 1,000 eBTC exhibits up of their pockets. Notional worth $76.7M. Actual BTC backing: zero. These tokens are utterly faux, phantom claims on Bitcoin that don’t exist anyplace.
- Step 4: They revoke the unique Echo admin and their very own admin position too. Cleanup transfer so it seems to be much less suspicious on-chain. From the skin, it simply seems to be like a random pockets holding 1,000 eBTC.
At this level, the peg is mathematically damaged. There are 1,000 extra eBTC tokens than there’s BTC backing them.
However the attacker hasn’t really taken something but. Faux tokens are nugatory except you may convert them into actual cash.
The Cashout Circulate
You may’t simply dump 1,000 faux eBTC on a DEX. Monad’s DEXs don’t have anyplace near that liquidity. You’d crash the worth to zero earlier than extracting something, and arbitrageurs would catch it immediately. So the attacker went to a lending market as a substitute.
- Step 5. Deposit 45 eBTC ($3.45M paper worth) into Curvance as collateral. Curvance accepts it as a result of, from the contract’s view, eBTC is eBTC. No oracle or verify that separates “freshly minted faux eBTC” from “legit BTC-backed eBTC.” That’s the second failure of this hack. Lending markets simply settle for new collateral at face worth with out checking the place it got here from.
- Step 6. Borrow 11.29 WBTC towards it, about $868K of actual wrapped Bitcoin. WBTC is the key BTC-on-Ethereum token, deep liquidity, absolutely backed. They now have $868K of actual worth, secured by $3.45M of faux collateral they’re by no means coming again for.
- Step 7. Bridge the WBTC to Ethereum. That’s the place liquidity lives and the place Twister works.
- Step 8. Swap WBTC to ~384 ETH on Ethereum (~$822K).
- Step 9. Run the 384 ETH via Twister Money. Path breaks. Funds land in recent wallets that may’t be traced again.
Whole actual cash out: roughly $816,000.
How Echo Responded
Inside hours of the hack going public, Echo reclaimed the admin key, burned the 955 eBTC nonetheless sitting within the attacker’s pockets (which not exists), and paused all cross-chain performance on Monad.
In addition they paused the Aptos bridge and Aptos lending although Aptos was clear, simply to be protected. Pushed a contract improve on Monad to limit the affected operations and stated they’d patch their different EVM bridge deployments too.
Curvance paused the eBTC market, confirmed that their very own contracts had been superb, and famous that their remoted market design prevented the injury from spreading to different lending swimming pools.
Keone from Monad clarified the chain was untouched and pegged the precise loss at round $816K.
The Breakdown
The hole between $76.7 million and $816,000 is the entire story. Curvance was the one viable exit, and its depth capped the borrow at roughly $868,000.
| eBTC minted | 1,000 (notional $76.7M) |
| Deposited to Curvance | 45 eBTC |
| WBTC borrowed | 11.29 (~$868K) |
| Despatched via Twister | ~384 ETH (~$822K) |
| Really stolen | ~$816K |
| eBTC burned by Echo | 955 |
| Aptos publicity | ~$71K |
| ECHO drawdown | ~11-12% |
The opposite 955 eBTC had nowhere to go till Echo burned it. Monad’s skinny liquidity saved Echo from a a lot greater loss. On Ethereum, this is able to’ve been near $76M out the door.
Why this was an operational hack, not a wise contract hack
The code wasn’t the difficulty. It labored the way in which it was presupposed to. The actual drawback was how Echo set issues up across the contract:
- The admin position was held by a single pockets as a substitute of a multisig. Stealing a single personal key was sufficient to take over the whole protocol.
- There was no time lock. When the attacker granted themselves admin after which minter rights, these modifications went reside instantly. No delay, no window for the group to note and reply.
- The contract had no most provide. Minting 1,000 eBTC with zero BTC backing was technically allowed by the principles of the contract itself.
- No price restrict both. The attacker minted the whole 1,000 in a single transaction, moderately than being compelled to unfold it out.
- Curvance accepted the freshly minted eBTC as collateral with out checking whether or not it was legitimately backed. The lending market simply noticed eBTC tokens in a pockets and handled them the identical as actual ones.
None of those are obscure or experimental fixes. Multisigs, timelocks, mint caps, and provide checks are stuff critical DeFi protocols have been delivery for years. Echo simply didn’t hassle with any of them.
Might 2026 seems to be like this
Echo is the 14th hack this month. The 12 months up to now:
| Protocol | Loss | Vector |
| KelpDAO (Apr) | $292M | RPC poisoning + DDoS (Lazarus) |
| Drift | $285M | Social engineering (Lazarus, UNC4736) |
| THORChain (Might 15) | $10M+ | Vault breach |
| Verus bridge (Might 17) | $11.6M | Cross-chain verification |
| Echo (Might 18) | $816K | Admin key |
| Transit Finance | $1.88M | Deprecated contract |
Roughly $328.6 million misplaced to bridge hacks in 2026 throughout 8 incidents. None of those had been Solidity bugs. Keys, signers, RPC endpoints, off-chain verifiers, that’s the place the cash is leaving now. The attackers moved up the stack. Just a few from this 12 months price taking note of:
- Drift (April): Not a technical exploit. UNC4736 (North Korea) spent six months social engineering Drift workers, then drained $285M in 12 minutes. Six months of prep, 12 minutes of execution. That’s a army op, not a hack.
- KelpDAO (17 days later): Identical group, utterly totally different vector. They poisoned LayerZero’s RPC infrastructure and cast cross-chain messages for $292M. State-sponsored groups operating a number of playbooks in parallel.
- AI is exhibiting up too: Google confirmed the primary AI-powered mass exploit on Might 11 (AI discovered a zero-day and wrote bypass code for 2FA). GoPlus reported a 231% MoM bounce in Web3 losses partly tied to AI. CrowdStrike places the typical eCrime breakout time at 29 minutes, with the quickest at 27 seconds. The assault facet is automating, protection largely isn’t.
- Resolv Labs (March): Admin key compromise on a stablecoin issuer. Attacker minted 80M unbacked USR, drained $25M, and USR depegged by 80%. Identical root trigger as Echo, utterly totally different protocol kind. The sample doesn’t care what you’re constructing.
Ondo Finance put it bluntly of their post-incident evaluation: “there isn’t a single class of vulnerability to defend towards.” That’s the half most protocols nonetheless haven’t internalized.
So when Echo received drained via a stolen admin key, it didn’t occur in a vacuum. It occurred throughout probably the most hostile menace setting DeFi has ever seen, and the protocol was arrange as if it had been nonetheless 2022.
So what?
DeFi spent the final 5 years getting good at good contract safety. Audits, bug bounties, formal verification, all of it.
So the attackers stopped focusing on the code and began focusing on every little thing else. Keys, infrastructure, workers, signers. None of that will get audited.
For any wrapped BTC protocol, the one safety query that truly issues is who can mint, and the way exhausting is it for somebody to take that energy from them.
If the reply is “a multisig with a timelock, a mint cap, and a lending market that checks the place new collateral got here from,” you have got an actual protocol. If the reply is “one pockets with one key,” you have got $254M sitting there ready to be taken. Echo was the second form.
The injury doesn’t keep in a single place both. Aave wasn’t hacked in April, but it surely misplaced $5.4B in TVL inside 48 hours of the KelpDAO exploit anyway. Individuals simply panicked and pulled their cash out of every little thing. That’s what occurs now. One protocol will get hit and the entire sector will get repriced.
The fixes should not new. They’ve been round for years. Multisig the admin, timelock the modifications, cap the provision, verify the collateral. It’s simply that none of it makes a protocol extra aggressive on the entrance finish, so no person ships it till they’re the subsequent headline.
Echo received off straightforward as a result of Monad’s liquidity was too skinny for the attacker to totally money out. The following protocol most likely gained’t have that excuse.
The publish Echo Protocol Hack Post-mortem: The $76 Million Exploit That Wasn’t Actually a Hack appeared first on BeInCrypto.