Eilmeldung
DERussland startet schwere Angriffe auf ukrainische Städte vor Nato-TreffenCN基隆幼兒園虐童案:市府公布涉案教保員姓名,幼兒園面臨停業處分RUКарантин по бешенству введен в двух селах Амурской областиKR김포경찰, 또래 여학생 폭행 혐의 10대 3명 입건KR국민의힘, 지방선거 후 의장단 선출 과정서 '해당행위' 조사 착수CN马来西亚深圳总商会:做深马经贸文化往来“超级联系人”PLUSA rozmowy o stałej bazie wojskowej w PolsceRUТрамп встретится с Зеленским на саммите НАТО в ТурцииKR대한축구협회장 선거, '안갯속'…정몽규 사퇴 후폭풍CN桃園市大坪數中古屋交易急凍,中小坪數產品成市場主流DERussland startet schwere Angriffe auf ukrainische Städte vor Nato-TreffenCN基隆幼兒園虐童案:市府公布涉案教保員姓名,幼兒園面臨停業處分RUКарантин по бешенству введен в двух селах Амурской областиKR김포경찰, 또래 여학생 폭행 혐의 10대 3명 입건KR국민의힘, 지방선거 후 의장단 선출 과정서 '해당행위' 조사 착수CN马来西亚深圳总商会:做深马经贸文化往来“超级联系人”PLUSA rozmowy o stałej bazie wojskowej w PolsceRUТрамп встретится с Зеленским на саммите НАТО в ТурцииKR대한축구협회장 선거, '안갯속'…정몽규 사퇴 후폭풍CN桃園市大坪數中古屋交易急凍,中小坪數產品成市場主流
Newsgather
BackEcho Protocol Exploited for $77M in Unauthorized eBTC Mint, $816K Laundered via Tornado Cash
Echo Protocol Exploited for $77M in Unauthorized eBTC Mint, $816K Laundered via Tornado Cash
Dringend
Decrypt19.05.2026Crypto4 dk okuma

Echo Protocol Exploited for $77M in Unauthorized eBTC Mint, $816K Laundered via Tornado Cash

Auf einen Blick

  • Echo Protocol's Monad deployment suffered an exploit, allowing an attacker to mint $77 million in unauthorized eBTC.
  • Approximately $816,000 was laundered through Tornado Cash.
  • The issue stemmed from a compromised admin key, impacting only the Monad deployment.

KI-generierte Zusammenfassung

Warum es wichtig ist

Echo Protocol, a Bitcoin liquidity aggregation and yield infrastructure layer, was targeted in an exploit on its Monad blockchain deployment. An attacker minted unauthorized eBTC, valued at approximately $77 million, and laundered a portion through Tornado Cash. The incident highlights vulnerabilities in DeFi protocols, particularly those relying on off-chain components and centralized key management.

Schriftgröße

Bitcoin liquidity aggregation and yield infrastructure layer, Echo Protocol, was hit by an exploit on its deployment on the Monad blockchain after an attacker minted 1,000 unauthorized eBTC worth approximately $77 million, with around $816,000 ultimately laundered through coin mixer Tornado Cash.

Blockchain security firm PeckShield flagged the incident, citing onchain sleuth dcfgod, noting the attacker "minted 1k $eBTC ($76.7M) &, utilizing the tested flow, deposited 45 $eBTC ($3.45M) into Curvance."

The hacker then borrowed approximately 11.29 WBTC ($867,700) against the collateral, bridged the WBTC to Ethereum, swapped them for ETH, and sent 384 ETH (~$821,700) to Tornado Cash.

Echo Protocol confirmed the breach in a Tuesday tweet, saying its investigation "indicates the issue originated from a compromised admin key affecting the Monad deployment."

"Based on current findings, approximately $816K was impacted on Monad. The Monad network itself was not impacted and continues to operate normally," the team said, adding it has "successfully regained control of our admin keys and burnt the remaining 955 eBTC that was in the attacker's possession."

Decrypt has reached out to Echo Protocol for comment.

The exploit follows a familiar admin-key pattern that has plagued cross-chain protocols, where a single compromised credential can unlock minting privileges across an entire deployment.

Echo said the incident "appears isolated to Monad," with "no evidence of compromise on Aptos."

The team noted that aBTC on Aptos and eBTC on Monad are separate, non-bridgeable assets, with current Aptos exposure limited to approximately $71,000 across Echo lending markets and Hyperion liquidity pools, and no confirmed loss of funds on that chain.

eBTC is Echo's wrapped Bitcoin representation on Monad, while aBTC is its counterpart on Aptos, both designed to bring BTC liquidity into DeFi applications on those chains.

Misha Putiatin, co-founder of Symbiotic and smart contract security firm Statemind, told Decrypt that the industry should expect more incidents of this kind as protocols lean harder on off-chain components.

"As DeFi protocols become increasingly dependent on off-chain infrastructure, we're likely to see a resurgence of 'Web2.5' style attacks targeting centralized key management, databases, and operational infrastructure," Putiatin said.

Calling it a “balancing act,” he said systems with “more involved management” become increasingly vulnerable to social engineering and infrastructure attacks compared with “fully permissionless systems.”

Putiatin said centralized and off-chain components of DeFi protocols have historically been "treated as secondary risk areas," but expects that to shift.

"We'll likely see far more focus on operational infrastructure, key management, and internal security frameworks, similar to how smart contract audits became standard after the 2021 exploit cycle," he said.

Precautionary measures

Echo has paused cross-chain functionality for the Monad deployment and completed an upgrade of the relevant Monad contracts "to restrict affected operations and strengthen control over sensitive functions."

The Aptos bridge has been fully paused as a precaution despite no observed impact, and Echo Aptos Lending has been suspended for security.

The team said it is also upgrading its EVM-series bridge deployments "to further strengthen cross-chain controls and reduce operational risk."

Attacks on DeFi

The Echo Protocol breach adds to mounting pressure on DeFi security after recent exploits at THORChain and TrustedVolumes, as well as last month's $293 million infrastructure-linked attack on KelpDAO, attributed to North Korea's Lazarus Group.

Worauf zu achten ist

KI-Ausblick — Möglichkeiten, keine Fakten

  • Increased focus on securing off-chain infrastructure and admin key management within DeFi protocols.

    Sehr wahrscheinlich · Innerhalb von Monaten

  • Further exploits targeting similar vulnerabilities in other DeFi protocols.

    Wahrscheinlich · Innerhalb von Monaten

Offene Fragen

  • What specific vulnerabilities in the admin key management allowed for the exploit?
  • Will Echo Protocol compensate affected users?
  • What further security measures will be implemented to prevent future exploits?
  • What is the total value of funds lost across all affected pools?

Verwandte Themen

This article was originally published by Decrypt.

Ähnliche Meldungen

Mehr zu diesem Themabitcoin