Echo Protocol has regained control of an admin key after attackers exploited its Monad deployment and used it to mint about $816,000 worth of unauthorized eBTC. In response, the project paused cross-chain activity, updated the affected smart contracts, and burned 955 eBTC that were traced back to the attacker.
The incident has raised fresh concerns about operational security in decentralized finance systems, where weak controls can quickly lead to large-scale losses.
In a series of posts on X, Echo said the incident started after attackers gained access to an admin key tied to its Monad infrastructure. Although hackers minted unauthorized eBTC tokens, the Monad blockchain itself continued operating normally throughout the attack. Meanwhile, Echo stated that Aptos systems showed no direct compromise. As a result, the team launched a wider review covering bridge security, minting permissions, and cross-chain controls.
Admin key weakness triggered the breach
Echo Protocol said a compromised admin key tied to its Monad deployment triggered the exploit that led to unauthorized eBTC minting. The protocol also confirmed that $816K was impacted on Monad. However, the project stressed that the Monad blockchain itself did not suffer any technical failure during the incident. The clarification came as developers and security researchers examined how the attack escalated so quickly.
Blockchain developer Marioo later pointed to several operational weaknesses that may have amplified the damage. According to the researcher, Echo relied on a single-signature admin system without a timelock safeguard. Additionally, the platform lacked minting caps and issuance limits for newly created eBTC tokens. Marioo also claimed Curvance failed to verify collateral backing for newly minted assets before allowing borrowing activity.
Meanwhile, blockchain security firm PeckShield said the attacker extracted 384 ETH, worth roughly $821,700, through laundering routes linked to the exploit. However, researchers later clarified that the widely circulated $76.7 million figure reflected temporary unauthorized minting activity rather than confirmed losses. As a result, investigators narrowed the estimated stolen amount to about $816,000.
Monad co-founder Keone Hon also addressed concerns surrounding the incident. He stated, “Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of @EchoProtocol_ ‘s eBTC.”
Echo ended the thread by reiterating that they are “performing a comprehensive review of the affected Monad deployment and related bridge infrastructure, including admin key exposure, contract permissions, cross-chain controls, minting controls, and operational security procedures.” The protocol also mentioned coordinating with ecosystem partners and external security reviewers to confirm the incident’s scope and review further mitigation steps.
Curvance and ecosystem partners respond
Curvance moved quickly after detecting suspicious borrowing activity tied to Echo Protocol’s eBTC market. The lending platform froze the affected market and began tracing fund movements alongside ecosystem partners. In a statement, Curvance said, “At approximately 6:00 PM EST, we were made aware of an anomaly detected in the Echo eBTC market on Curvance.”
The incident also renewed concerns about weak safeguards across newly launched DeFi lending markets. DefiPrime founder Nick Sawinyh warned that many platforms still lack clear controls around collateral issuance and admin permissions. He stated, “If your lender can’t tell you which keys can produce that collateral, neither can you.”
Moreover, the Echo exploit adds to a growing wave of DeFi security breaches this year. Earlier this month, Verus Protocol lost roughly $11.6 million after attackers targeted its Ethereum bridge infrastructure. THORChain also halted trading activity recently following reports of a suspected exploit. Meanwhile, Transit Finance disclosed a separate smart contract attack that resulted in losses nearing $1.88 million.
Also Read: AI Financial $271M WLFI Hit Sparks Going-Concern Warning for Trump Crypto Play
