Key Takeaways
DeFi platform Echo Protocol lost approximately $77 million after an attacker minted 1,000 unauthorized eBTC on the Monad network, according to on-chain security analysts. The incident, which occurred on May 18, marks the third major DeFi exploit in less than a week, adding to a growing list of security breaches in the sector.
The exploit was first flagged by on-chain analyst dcfgod and subsequently detailed by security firm PeckShield. “We are currently investigating a security incident impacting the Echo bridge on Monad,” Echo Protocol confirmed in a statement on X, adding that all cross-chain transactions were suspended.
The attacker laundered a portion of the funds by depositing 45 eBTC (worth ~$3.45 million) into the lending protocol Curvance to borrow 11.29 WBTC. The assets were then bridged to Ethereum, swapped for 384 ETH, and sent to the privacy mixer Tornado Cash, PeckShield data shows. As of 06:00 UTC, the attacker’s wallet still holds approximately 955 eBTC, worth over $73 million.
This exploit was not the result of a smart contract bug but rather a failure in operational security, according to blockchain developer “Marioo.” The analysis pointed to a single-signature admin role with no timelock, no minting supply cap, and a lack of sanity checks by partner protocols. Both Monad’s CEO Keone Hon and Curvance confirmed their own systems were not compromised. Curvance has paused the affected eBTC market out of caution. The incident follows recent multi-million dollar hacks on THORChain and the Verus-Ethereum Bridge, highlighting persistent vulnerabilities in the decentralized finance space.
This article is for informational purposes only and does not constitute investment advice.
