Echo Protocol exploit on Monad mints 1,000 eBTC, $816K taken

An attacker exploited Echo Protocol on the Monad network on Monday, minting 1,000 eBTC, using 45 eBTC as collateral to borrow about 11.29 WBTC, and converting part of the funds into ETH before moving 385 ETH to the mixer Tornado Cash. On-chain activity shows roughly $816,000 was removed during the incident.

The activity was first flagged on social media at about 5:55 p.m. ET and was then traced by on-chain analytics. Data compiled from the blockchain shows the attacker deposited 45 eBTC to a Curvance lending market as collateral to borrow about 11.29 WBTC, which was worth roughly $867,700 at the time.

The borrowed WBTC was bridged to Ethereum, swapped for ETH, and 385 ETH was sent to Tornado Cash. On-chain records indicate the attacker still holds about 955 eBTC that remain in the attacker’s wallet and are not absorbed by current Monad liquidity.

Monad co-founder Keone Hon wrote in a public update, “Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of Echo Protocol's eBTC.” He added that the Monad network itself is not affected and that security researchers are investigating the incident.

Curvance confirmed it paused the Echo eBTC market as a precaution and said its fully isolated market architecture protected other markets from impact. The platform noted there is no indication that its lending smart contracts were compromised.

An on-chain analyst observed that the majority of the newly minted eBTC remains in the attacker’s wallet because Monad’s lending and decentralized exchange liquidity could not absorb the full amount. DefiPrime founder Nick Sawinyh wrote that “the other 99% of the fake supply is parked on the attacker's wallet, because Monad's lending and DEX depth can't absorb more.”

Echo Protocol acknowledged the issue and is cooperating with ongoing investigations. Protocol teams and security researchers have not publicly identified the root cause of the exploit.

This incident follows multiple security breaches in decentralized finance this month, including a May 17 exploit of the Verus Ethereum bridge that resulted in a $11.6 million loss. Security teams and on-chain analysts continue to monitor the flow of funds and any further attempts to move or launder assets.

Investigators are tracking transactions on-chain and protocol teams have advised users to avoid interacting with the affected eBTC market and to follow official project channels for updates while reviews continue.