Crypto Hack Hits Echo As Monad’s eBTC Market Faces Fallout

Echo Protocol is investigating a safety incident involving its bridge on Monad after crypto on-chain analysts stated an attacker minted 1,000 eBTC and used a part of the place to extract WBTC liquidity by Curvance.

The first public alarm got here from on-chain analyst DCF GOD, who wrote that Echo “could also be hacked on Monad.” He added: “Someone minted 1k ebtc out of nowhere, max borrowed wbtc towards it on Curvance, bridged, and twister away.” A follow-up put up pointed to a Monad transaction exhibiting a 1,000 eBTC switch on May 18 at 21:21:32 UTC.

$76M Crypto Mint Sparks Alarm

Lookonchain later mapped the reported sequence in additional element. According to the account, the attacker minted 1,000 eBTC, valued at about $76.64 million, deposited 45 eBTC value roughly $3.45 million into Curvance, borrowed 11.3 WBTC value about $867,000, bridged the WBTC to Ethereum, swapped it for 385 ETH value about $821,000, and deposited the ETH into Tornado Cash. Lookonchain stated the attacker nonetheless held 955 eBTC, valued at about $73.2 million.

Phylax Systems founder and CEO Odysseas Lamtzidis said the transaction path pointed away from a Curvance lending flaw and towards a role-management compromise on the eBTC aspect. “Monad eBTC/Curvance hint: not a Curvance lending bug,” he wrote. “The eBTC admin granted DEFAULT_ADMIN_ROLE to 0x6A0109, who revoked admin, self-granted MINTER_ROLE, minted 1,000 eBTC, posted 45 eBTC as collateral, and borrowed ~11.296 WBTC.” Lamtzidis stated the sample “seems like admin-key/function compromise,” citing key transactions for the admin grant, mint and borrow.

Echo confirmed the incident with out publishing a root-cause evaluation. “We are at the moment investigating a safety incident impacting the Echo bridge on Monad. All cross-chain transactions stay suspended whereas the investigation is underway. We will proceed to supply well timed updates by our official channels as extra data turns into accessible.” The suspension makes the bridge the quick operational focus, not merely the lending market that processed the collateral.

Curvance’s publicity seems to have come by the affected Echo eBTC market. Curvance paused that market whereas the groups investigated, and cited Curvance as saying there was no indication its good contracts had been compromised and that its isolated-market structure meant different markets weren’t affected. Also, Monad’s community itself was not affected.

Monad CEO Keone Hon wrote by way of X: “To make clear, the Monad community just isn’t affected and is working usually. Security researchers of their overview have decided that ~$816,000 seems to have been stolen on account of this exploit of Echo Protocol’s eBTC.

The incident illustrates a well-recognized bridge-to-lending failure sample. Once a bridged or artificial asset is handled as legitimate collateral, even a partial conversion path can flip a supply-side failure into actual liquidity loss. In this case, the eBTC mint was used to borrow WBTC, transfer it off Monad, convert it into ETH, and route the funds by a mixer earlier than the broader notional place was absolutely monetized.

Echo’s subsequent replace might want to reply a number of market-facing questions: whether or not the unauthorized eBTC has been neutralized, whether or not Curvance faces dangerous debt from the WBTC borrow, which bridge permissions or contracts had been concerned, and when cross-chain transactions can safely resume. Until then, the eBTC market on Monad stays the important thing strain level for customers attempting to evaluate whether or not the incident was contained or merely slowed.

The Echo exploit additionally lands throughout a tough stretch for crypto infrastructure. On May 15, THORChain has misplaced greater than $10 million throughout Bitcoin, Ethereum, BNB Chain and Base, together with 36.75 BTC and roughly $7 million in different belongings. Days later, the Verus-Ethereum Bridge was drained for about $11.5 million, with studies saying the attacker took 103.6 tBTC, 1,625 ETH and 147,000 USDC earlier than consolidating the haul into roughly 5,402 ETH. Echo now offers markets one other reminder that bridge design, collateral acceptance and liquidity routing stay one in every of DeFi’s most uncovered assault surfaces.

[UPDATE from X:] Echo Protocol confirmed: “Earlier at this time, Echo Protocol recognized unauthorized exercise involving eBTC on Monad that resulted in unauthorized minting and related fund loss. Our investigation signifies the problem originated from a compromised admin key affecting the Monad deployment. Based on present findings, roughly $816K was impacted on Monad. The Monad community itself was not impacted and continues to function usually.

Since detecting the incident, now we have been actively investigating potential cross-chain publicity, coordinating with ecosystem companions, and implementing extra precautionary measures. We have efficiently regained management of our admin keys and burnt the remaining 955 eBTC that was within the attacker’s possession.”

At press time, the overall crypto market cap stood at $2.54 trillion.