Echo Protocol was hit by a major exploit on the Monad network after attackers minted 1,000 eBTC worth about $76.7 million.
Earlier today, Echo Protocol identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss.
Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current…
— Echo Protocol (@EchoProtocol_) May 19, 2026
Suspected admin key leak led to massive eBTC mint
Security researchers from Arisk said the incident was likely caused by a stolen admin private key, not a flaw in the smart contract code.
🧵1/4
🚨 Arisk安全警报 🚨
Echo Protocol(Monad 链)协议遭到攻击2026 年 5 月 19 日凌晨,Echo Protocol 在 Monad 链上的 eBTC 合约发生异常大额铸造事件。攻击者成功铸造了 1,000 eBTC(当前价值约 7,670 万美元)。… pic.twitter.com/By3IN9Syjv
— Arisk 中文 (@Arisk_io) May 19, 2026
According to on-chain records, the attacker gained access to the protocol’s admin wallet, removed existing permissions, and gave themselves minting rights before creating the eBTC tokens from a zero address.
Crazy — another hack just happened!
According to @dcfgod, @EchoProtocol_ on Monad was exploited.
The hacker:
minted 1,000 $eBTC ($76.64M) on Monad;
deposited 45 $eBTC ($3.45M) into Curvance;
borrowed 11.3 $WBTC ($867K) from Curvance;
bridged the 11.3 $WBTC to Ethereum and… pic.twitter.com/YeGiUFGS1j— Lookonchain (@lookonchain) May 19, 2026
The attack quickly raised concerns because it showed how much control admin wallets still have over some DeFi protocols.
Funds moved across chains and into Tornado Cash
After minting the tokens, the attacker began moving funds through different platforms and blockchains. Researchers said part of the eBTC was used as collateral on Curvance to borrow WBTC. The funds were then bridged from Monad to Ethereum through cross-chain systems.
Once on Ethereum, the assets were swapped into ETH and later moved through several wallets before entering Tornado Cash. Security teams are still tracking the wallets because most of the stolen eBTC has not yet been fully sold or moved.
Attack puts focus back on DeFi wallet security
The exploit has renewed concerns about security practices in decentralized finance, especially around admin wallets and privileged access.
Many DeFi attacks in recent years have come from stolen keys rather than coding mistakes. This makes internal wallet protection just as important as smart contract audits.
The incident may also increase pressure on projects building on Monad to improve multi-signature systems, wallet controls, and permission management.
For now, the attack is being viewed as a protocol-level security failure rather than a problem with the Monad blockchain itself.
Meanwhile, the VerusCoin Ethereum bridge was exploited too, resulting in the loss of approximately $11.58 million in digital assets, including ETH, tBTC v2, and USDC.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
