coin-img-ETHETH-0.39%coin-img-BTCBTC+0.03%coin-img-SOLSOL+0.19%coin-img-SOULCORESOULCORE+0.00%coin-img-DATAVLTDATAVLT-57.93%coin-img-NEUROVERIFYNEUROVERIFY+24.22%coin-img-XRPXRP-0.56%coin-img-USDCUSDC+0.02%coin-img-ETHETH-0.39%coin-img-BTCBTC+0.03%coin-img-SOLSOL+0.19%coin-img-SOULCORESOULCORE+0.00%coin-img-DATAVLTDATAVLT-57.93%coin-img-NEUROVERIFYNEUROVERIFY+24.22%coin-img-XRPXRP-0.56%coin-img-USDCUSDC+0.02%coin-img-ETHETH-0.39%coin-img-BTCBTC+0.03%coin-img-SOLSOL+0.19%coin-img-SOULCORESOULCORE+0.00%coin-img-DATAVLTDATAVLT-57.93%coin-img-NEUROVERIFYNEUROVERIFY+24.22%coin-img-XRPXRP-0.56%coin-img-USDCUSDC+0.02%coin-img-ETHETH-0.39%coin-img-BTCBTC+0.03%coin-img-SOLSOL+0.19%coin-img-SOULCORESOULCORE+0.00%coin-img-DATAVLTDATAVLT-57.93%coin-img-NEUROVERIFYNEUROVERIFY+24.22%coin-img-XRPXRP-0.56%coin-img-USDCUSDC+0.02%

Echo Protocol hit by security breach on Monad after unauthorized eBTC minting

Echo Protocol, a Bitcoin liquidity protocol, said it has contained a security incident affecting its deployment on the Monad chain after an attacker minted eBTC without authorization and moved funds crosschain. CoinDesk reported that the attacker first minted 1,000 eBTC and used part of it as collateral to borrow assets before transferring them across chains. Echo Protocol said its current investigation indicates the actual impact is about $8.16 million, with the exploit path involving minting and crosschain transfers. Onchain security firm PeckShield, citing researcher information, estimated the attacker minted roughly $76.7 million worth of eBTC and deposited 45 eBTC into Curvance. The attacker then borrowed about 11.29 WBTC, bridged the funds to Ethereum, swapped into ETH, and ultimately sent 384 ETH to Tornado Cash. Echo Protocol later said on social media that the root cause was compromised administrative keys tied to its Monad deployment. The team said Monad's network was not affected and continues to operate normally, and added it has regained management control. Echo Protocol said it has recovered the management keys and destroyed the remaining 955 eBTC still held by the attacker. The team said the incident appears limited to Monad, with no evidence of compromise on Aptos. It also noted that eBTC on Monad and aBTC on Aptos are separate assets and cannot be bridged directly. Echo Protocol put current Aptos-side exposure at about $71,000 across the Echo lending market and the Hyperion liquidity pool, with no confirmed loss of funds so far. Echo Protocol has suspended crosschain functionality for the Monad deployment and completed a related contract upgrade aimed at restricting affected operations and tightening control over sensitive permissions. Despite reporting no anomalies on Aptos, the team also paused the Aptos bridge and shut down the Echo Aptos Lending service. It said it is upgrading its EVM-series bridge deployments to strengthen crosschain controls and reduce operational risk. The incident underscores DeFi protocols' dependence on offchain infrastructure and centralized key management. Recent security events involving THORChain, TrustedVolumes, and KelpDAO have also renewed attention on operational and permission-management risks across DeFi.
Selected
BTC
BTC-0.26%
ETH
ETH-0.46%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.