In a significant breach of security, the decentralized finance platform Echo Protocol has fallen victim to a hacking incident that saw the unauthorized minting of eBTC, totaling an astonishing $77 million. This exploit, attributed to a compromised admin key, highlights the ongoing vulnerabilities within the DeFi space and raises questions about security protocols amid a surge in similar attacks.
On May 19, 2026, both PeckShield and Lookonchain, renowned blockchain security firms, confirmed that the hacker exploited Echo Protocol, which operates on the Monad blockchain, to mint approximately 1,000 synthetic Bitcoin. In a striking move, the hacker immediately laundered nearly 5% of the loot through Tornado Cash, a mixing service known for obscuring transaction trails. As of now, the attacker retains 955 eBTC, valued at approximately $73 million.
Echo Protocol, which focuses on Bitcoin liquidity aggregation, liquid staking, and yield generation, has placed a suspension on all cross-chain transactions as they investigate the breach. "We are currently investigating a security incident impacting the Echo bridge on Monad," the protocol stated on its official channels.
The attack, described by blockchain developer “Marioo” as a result of operational failure rather than a smart contract bug, underscores the necessity for improved security protocols. The protocol's admin role was secured by a single private key without a timelock, no cap on minting supply, and a lack of sanity checks for minted collateral. Marioo emphasized that the eBTC contract functioned as designed, but the vulnerabilities were operationally grounded.
Curvance, a DeFi lending and liquidity management platform used during the laundering, reported an anomaly in the Echo eBTC market but confirmed its own smart contracts were not compromised. The affected market has since been paused for further investigation.
Monad co-founder Keone Hon reassured users that the Monad network remains unaffected and continues to function normally. As the investigation proceeds, Echo Protocol has promised to keep its community informed of developments.
This incident marks just the latest in a worrying trend for the DeFi sector, which has seen over a dozen protocols exploited in recent weeks, including substantial thefts from Drift Protocol and Kelp DAO, which suffered losses of $285 million and $292 million, respectively, in 2026 alone. With numerous platforms shuttering due to security concerns, the industry faces an urgent call for enhanced protective measures.
As more information about the Echo Protocol exploit comes to light, industry stakeholders are eagerly watching how the situation will unfold amidst an ever-evolving landscape of cryptocurrency security threats.
Source: Cointelegraph
