Hackers triggered a fresh alarm across the crypto market after exploiting Echo Protocol’s bridge on Monad and minting 1,000 eBTC without backing. The attacker then used part of the fake holdings as collateral on Curvance, borrowed WBTC, moved the funds to Ethereum, and funneled 384 ETH through Tornado Cash, according to blockchain investigators.
The incident renewed concerns about weaknesses inside cross-chain bridges, which remain one of decentralized finance’s biggest security risks in 2026. The incident was first reported by crypto trader DCF GOD on X.
Blockchain security firm PeckShield said the attacker extracted 384 ETH (roughly $821,700) through the laundering route. However, the widely cited $76.7 million figure reflected the temporary value of the unauthorized eBTC mint, not confirmed stolen funds. Echo Protocol suspended cross-chain activity after the breach surfaced, while Curvance paused the affected lending market to contain further exposure.
Meanwhile, Keone Hon said the Monad blockchain itself continued operating normally during the exploit. He added, “Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of @EchoProtocol_ ‘s eBTC.”
Echo and Curvance rush to contain damage
Curvance moved quickly to limit damage after detecting suspicious borrowing activity tied to Echo Protocol’s eBTC market. The lending platform froze the affected market and began working with ecosystem partners to trace the exploit. In a statement, Curvance said, “At approximately 6:00 PM EST, we were made aware of an anomaly detected in the Echo eBTC market on Curvance.”
Meanwhile, Echo Protocol halted all cross-chain transactions as investigators examined the breach. The team said bridge operations would remain suspended until the review ends. Early security discussions pointed toward a possible permissions failure or compromised admin key. However, Echo Protocol has not confirmed the exact cause of the exploit.
The attack exposed a familiar weakness inside decentralized finance infrastructure. The attacker created unbacked wrapped assets, used them as collateral, borrowed liquid funds, and shifted assets across chains before systems could respond. As a result, the exploit again highlighted how quickly liquidity can leave DeFi platforms once trust in
Bridge exploits continue to pressure DeFi
The Echo Protocol incident adds to a growing series of costly DeFi breaches that have shaken the crypto industry this month. Just days earlier, THORChain disclosed a separate exploit that drained more than $10 million from protocol-controlled wallets. Around the same period, attackers stole nearly $11.58 million from the Verus-Ethereum bridge after manipulating its cross-chain verification process.
Security firm PeckShield said hackers have stolen roughly $328.6 million from eight bridge-related attacks so far in 2026. The biggest breach struck Kelp DAO in April, when attackers drained nearly $292 million in rsETH from its bridge infrastructure.
As a result, the latest attacks have intensified concerns around cross-chain systems, which many analysts still consider one of decentralized finance’s weakest security points.
Also Read: $77M Gone in a Year: Machi Big Brother Drops Another $545K in 24H
