Echo Protocol has recovered an important administrative key after hackers compromised its Monad system and created approximately $816,000 worth of fake eBTC. As a result, the project temporarily stopped all activity between different blockchains, fixed the vulnerable smart contracts, and destroyed 955 eBTC identified as belonging to the attacker.
This event highlights ongoing worries about security in decentralized finance. Because these systems often lack strong safeguards, they’re vulnerable to significant financial losses.
Echo explained on X that the issue began when attackers got access to an administrative key for its Monad system. While hackers created fake eBTC tokens, the Monad blockchain continued to function without interruption. Echo also confirmed that Aptos systems weren’t directly affected. In response, the team is now thoroughly reviewing the security of its bridges, how tokens are created, and controls for moving assets between blockchains.
Earlier today, Echo Protocol detected suspicious activity on Monad involving eBTC. This resulted in the unauthorized creation of new tokens and a loss of funds. Our investigation shows the problem stemmed from a compromised administrative key that controls the Monad system.
— Echo Protocol (@EchoProtocol_) May 19, 2026
Admin key weakness triggered the breach
Echo Protocol explained that an attacker gained access through a compromised administrative key for their Monad system, leading to the unauthorized creation of eBTC tokens. Approximately $816,000 worth of tokens were affected. However, the project emphasized that the Monad blockchain continued to function normally throughout the incident. This explanation was provided as developers and security experts investigated the rapid spread of the attack.
Blockchain developer Marioo identified several issues that likely worsened the impact of the incident. He explained that Echo used a simple admin system, making it vulnerable, and didn’t have safeguards to delay changes. Furthermore, there were no limits on how many new eBTC tokens could be created. Marioo also noted that Curvance didn’t confirm sufficient collateral was in place before allowing users to borrow against the new tokens.
The Twitter account @EchoProtocol_ was hacked. This wasn’t due to a flaw in their code, but because the attacker gained access to a private administrative key.
The attacker created 1,000 eBTC from nothing, used it as collateral on Curvance, borrowed WBTC, and then transferred the WBTC to another network.
Below is a detailed breakdown of the attack, including transaction IDs. The first step involved the key handover…
— Marioo (@MarioY00) May 18, 2026
Security firm PeckShield reported that the attacker initially took 384 ETH, valued around $821,700, by moving the stolen funds through various channels. However, researchers later determined that the earlier estimate of $76.7 million in losses was inaccurate, as it included temporary, unauthorized creation of tokens. The investigation now estimates the actual stolen amount to be approximately $816,000.
As an analyst following the situation, I’ve been looking into the recent incident, and Monad co-founder Keone Hon has confirmed that security researchers believe around $816,000 was stolen due to an exploit targeting eBTC on the Echo Protocol.
Just to be clear, the Monad network isn’t impacted and is working as usual. Security researchers have found that about $816,000 was taken due to a security issue with eBTC from Echo Protocol.
— Keone Hon (@keoneHD) May 18, 2026
Echo concluded the discussion by stating they’re thoroughly investigating the recent issue with the Monad deployment and its related systems. This includes examining how administrative keys were handled, contract access, processes for moving assets between chains, how new tokens are created, and overall security practices. They are also working with other projects in the ecosystem and independent security experts to fully understand the extent of the problem and identify additional ways to prevent similar incidents in the future.
Curvance and ecosystem partners respond
Curvance acted swiftly after noticing unusual borrowing activity in the Echo Protocol’s eBTC market. They immediately paused the market and are working with others in the crypto community to track where the funds went. According to Curvance, they first became aware of the problem around 6:00 PM EST.
The recent event has also raised worries about insufficient security measures in new DeFi lending platforms. Nick Sawinyh, founder of DefiPrime, cautioned that many of these platforms don’t have adequate systems for managing collateral and controlling who has administrative access. He explained that if the platform itself can’t identify the keys that create collateral, users won’t be able to either.
The recent Echo hack is part of a larger trend of security problems in the DeFi world this year. Just earlier in November, Verus Protocol suffered a loss of around $11.6 million due to an attack on its system for connecting to Ethereum. THORChain temporarily stopped trading after a possible hack was detected. And Transit Finance recently announced a smart contract attack that cost them nearly $1.88 million.
Read More
- HYPE PREDICTION. HYPE cryptocurrency
- PI PREDICTION. PI cryptocurrency
- ONDO PREDICTION. ONDO cryptocurrency
- USD ZAR PREDICTION
- DOGE PREDICTION. DOGE cryptocurrency
- USD INR PREDICTION
- Silver Rate Forecast
- FIL PREDICTION. FIL cryptocurrency
- Circle & Bybit: A New Era of USDC?
- Binance Buys 3,600 BTC: A Galactic Emergency Fund for Crypto
2026-05-19 15:49