Echo Protocol Pauses Monad Bridge After Admin Key Breach Sparks $816K Loss

Echo Protocol Pauses Monad Bridge After Admin Key Breach Sparks $816K Loss

Briefly

"An attacker compromised an administrative key tied to Echo Protocol’s deployment on the Monad blockchain network and used it to mint 1,000 eBTC tokens valued at about $76.7 million. The attacker granted their own wallet minting privileges, then deposited 45 eBTC as collateral into the Curvance decentralized lending protocol. Using that collateral, the attacker borrowed 11.29 WBTC, bridged the borrowed assets to Ethereum, swapped them for ETH, and sent about 385 ETH into Tornado Cash."

"The breach initially saw the hacker mint 1,000 eBTC tokens with an estimated value of $76.7 million. However, because the localized decentralized lending markets lacked the deep liquidity required to absorb or cash out the massive influx of fake tokens, the actual realized losses were limited to approximately $816,000. Low liquidity on Monad shielded the market, limiting actual losses from a fake $76.7 million eBTC mint."

"Echo Protocol confirmed the security incident via its official social media channels, stating that the bridge infrastructure on Monad had been temporarily suspended to prevent further unauthorized activity. Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment, Echo Protocol said in a statement. Developers noted that the exploit stemmed from an operational and access-control failure regarding key management, rather than a flaw in the protocol."

"Echo Protocol is now upgrading its bridge security and contract permission controls to stop future lapses. The platform is a decentralized finance (DeFi) protocol focused on bitcoin liquidity. The incident involved unauthorized minting of synthetic assets enabled by compromised administrative access, followed by collateralization, borrowing, bridging, swapping, and laundering through Tornado Cash."