Echo Protocol Hack Autopsy: The $76 Million Exploit That Wasn’t Really a Hack

2026 DeFi losses crossed $1 billion in 4 months, with April alone draining $634 million throughout 28+ incidents, the worst month on document.

Drift ($285M) and KelpDAO ($292M) alone accounted for $577 million of April’s losses, and neither was a code exploit. 

DefiLlama’s 2026 hack breakdown tells the identical factor. 

The largest slices are LayerZero bridge exploits (18%), compromised admin keys (16%), spoof tokens (14%), and personal key compromises (11%). 

Combined, operational and key-management failures account for almost all of all stolen worth this yr. Smart contract bugs like re-entrancy and oracle manipulation barely register.

Echo Protocol simply turned the most recent knowledge level. 

On May 18, an attacker broke into the Echo Protocol on Monad and printed 1,000 faux eBTC for themselves. That’s $76.7M on paper. 

The downside is, faux tokens don’t purchase you something except you may commerce them for one thing actual. So they took a small chunk, dropped it into Curvance’s lending app as collateral, and borrowed actual Bitcoin towards it. 

Then bridged that Bitcoin to Ethereum, swapped it for ETH, and ran it by means of Tornado Cash. Final take: round $816,000. 

Everyone’s calling it $76.7 million however the actual quantity is $816,000, and why these two numbers are up to now aside is the primary story right here.

Earlier as we speak, Echo Protocol recognized unauthorized exercise involving eBTC on Monad that resulted in unauthorized minting and related fund loss.

Our investigation signifies the difficulty originated from a compromised admin key affecting the Monad deployment. Based on present…

— Echo Protocol (@EchoProtocol_) May 19, 2026

This breakdown covers what occurred, how, and what it says about DeFi safety proper now. 

The backside line: The contract was wonderful. A stolen admin key and lazy controls did the whole lot else, and that’s how most of 2026’s DeFi losses are taking place.

Post Mortem (The Summary) 

• Echo Protocol was not hacked by means of unhealthy good contract code. The attacker stole or accessed an admin key.
• That admin key managed minting rights for Echo’s eBTC token on Monad. One non-public key was sufficient to create faux Bitcoin-backed tokens.
• The attacker minted 1,000 faux eBTC, value about $76.7 million on paper. But these tokens had no actual BTC backing.
• They couldn’t money out the total quantity as a result of Monad liquidity was skinny. So they used 45 faux eBTC as collateral on Curvance.
• Curvance accepted the faux eBTC as regular collateral and let the attacker borrow actual WBTC.
• The attacker escaped with about $816,000 in actual worth, not $76.7 million.
• Echo later burned the remaining 955 faux eBTC and paused affected features.
• Monad itself was not hacked. Curvance’s primary protocol was in a roundabout way hacked both. The failure got here from Echo’s admin setup and Curvance trusting newly minted collateral.
• The core lesson: DeFi attackers are actually concentrating on keys, admins, bridges, infrastructure, and group operations greater than good contract bugs.
• Basic protections may have decreased or stopped this: multisig admin management, timelocks, mint caps, fee limits, and collateral checks.
• Echo acquired fortunate. The attacker solely failed to empty extra as a result of there was not sufficient liquidity to money out the faux tokens.

The Players

Here’s the total breakdown of what occurred, and the way. 

• Echo Protocol

A BTCFi (Bitcoin DeFi) undertaking. Their pitch: take your BTC, get a yield-bearing wrapped model of it that works in DeFi.

Their dwelling base is Aptos, the place the token known as aBTC. They hit a peak TVL of $878 million on Aptos in May 2025, at present sitting round $254 million. 

Echo expanded to Monad as a part of Monad’s mainnet ecosystem push. On Monad, their wrapped BTC token known as eBTC.

This is important: aBTC and eBTC are utterly separate, non-bridgeable belongings. They’re parallel deployments, not related. The hack hit eBTC on Monad solely.

• Monad

A brand new high-performance parallelized EVM L1. One of the hyped chains of 2025-26. Just out of the mainnet, with a number of protocols deploying contemporary.

Echo is one in every of them. Monad itself was NOT compromised in any means. Co-founder @keoneHD confirmed the community ran usually all through. It was a protocol-level failure on high of Monad.

To make clear, the Monad community isn’t affected and is working usually

Security researchers of their evaluation have decided that ~$816,000 seems to have been stolen as a results of this exploit of @EchoProtocol_ ‘s eBTC

— Keone Hon (@keoneHD) May 18, 2026

• Curvance

A lending protocol deployed on Monad. Functions like Aave however with remoted markets, the place every collateral asset lives in its personal siloed pool so a compromised asset can’t infect the remainder of the lending protocol.

They had listed eBTC as a collateral asset.

• Tornado Cash

Sanctioned ETH mixer. You ship ETH in, you get ETH out from a completely different pockets, and break the on-chain path. Standard exit device for hackers.

Exploit Alert 🚨

According to @dcfgod, @EchoProtocol_ on @monad has been exploited.

The attacker reportedly minted 1,000 $eBTC value $76.7M and used a beforehand examined exploit move to extract funds by means of Curvance.

So far, the exploiter has:

• Deposited 45 $eBTC ($3.45M)… pic.twitter.com/933n9bbq3X

— Onchain Lens (@OnchainLens) May 18, 2026

What Got Exploited

Echo’s eBTC token on Monad is a commonplace ERC-20 contract that makes use of OpenZeppelin’s role-based entry management system. This is business commonplace, utilized by mainly each severe DeFi undertaking. 

Two roles matter in its setup:

• DEFAULT_ADMIN_ROLE: the grasp function. Can grant or revoke some other function on the contract.
• MINTER_ROLE: can name mint() and create new eBTC tokens.

Normally, solely Echo’s group holds these. Minting solely occurs when actual BTC will get locked someplace, and the group mints the matching eBTC. That’s your complete belief mannequin behind a wrapped token.

Here’s the place Echo tousled. 

The DEFAULT_ADMIN_ROLE sat on a single EOA, mainly simply a regular pockets with one non-public key behind it. And the pockets had no security nets. Whoever held that key may mint as a lot as they wished, every time they wished, with nothing to sluggish them down.

So your complete $254M+ Echo ecosystem on Monad was, in safety phrases, sitting behind one non-public key. That key acquired stolen. Nobody’s mentioned how but. Could be phishing, malware on a group laptop computer, an infra breach, an insider, secrets and techniques leaked in a repo, provide chain assault by means of a dev device. Echo hasn’t disclosed.

The Attack Step by Step

Date: May 18, 2026, round 5:55 PM ET 

• Step 1: Attackers use the stolen admin key to grant themselves DEFAULT_ADMIN_ROLE on a contemporary pockets. They’re now admin too.
• Step 2: From that new admin function, they grant themselves MINTER_ROLE. They can now mint.
• Step 3: They name mint(attacker_wallet, 1000e8). 1,000 eBTC reveals up of their pockets. Notional worth $76.7M. Real BTC backing: zero. These tokens are utterly faux, phantom claims on Bitcoin that don’t exist anyplace.
• Step 4: They revoke the unique Echo admin and their very own admin function too. Cleanup transfer so it appears much less suspicious on-chain. From the skin, it simply appears like a random pockets holding 1,000 eBTC.

At this level, the peg is mathematically damaged. There are 1,000 extra eBTC tokens than there may be BTC backing them.

But the attacker hasn’t truly taken something but. Fake tokens are nugatory except you may convert them into actual cash.

The Cashout Flow

You can’t simply dump 1,000 faux eBTC on a DEX. Monad’s DEXs don’t have anyplace near that liquidity. You’d crash the worth to zero earlier than extracting something, and arbitrageurs would catch it immediately. So the attacker went to a lending market as a substitute.

• Step 5. Deposit 45 eBTC ($3.45M paper worth) into Curvance as collateral. Curvance accepts it as a result of, from the contract’s view, eBTC is eBTC. No oracle or examine that separates “freshly minted faux eBTC” from “legit BTC-backed eBTC.” That’s the second failure of this hack. Lending markets simply settle for new collateral at face worth with out checking the place it got here from.
• Step 6. Borrow 11.29 WBTC towards it, about $868K of actual wrapped Bitcoin. WBTC is the key BTC-on-Ethereum token, deep liquidity, absolutely backed. They now have $868K of actual worth, secured by $3.45M of faux collateral they’re by no means coming again for.
• Step 7. Bridge the WBTC to Ethereum. That’s the place liquidity lives and the place Tornado works.
• Step 8. Swap WBTC to ~384 ETH on Ethereum (~$822K).
• Step 9. Run the 384 ETH by means of Tornado Cash. Trail breaks. Funds land in contemporary wallets that may’t be traced again.

Total actual cash out: roughly $816,000.

How Echo Responded

Within hours of the hack going public, Echo reclaimed the admin key, burned the 955 eBTC nonetheless sitting within the attacker’s pockets (which now not exists), and paused all cross-chain performance on Monad. 

They additionally paused the Aptos bridge and Aptos lending though Aptos was clear, simply to be secure. Pushed a contract improve on Monad to limit the affected operations and mentioned they’d patch their different EVM bridge deployments too.

Curvance paused the eBTC market, confirmed that their very own contracts had been wonderful, and famous that their remoted market design prevented the injury from spreading to different lending swimming pools.

Keone from Monad clarified the chain was untouched and pegged the precise loss at round $816K.

The Breakdown

The hole between $76.7 million and $816,000 is the entire story. Curvance was the one viable exit, and its depth capped the borrow at roughly $868,000. 

eBTC minted	1,000 (notional $76.7M)
Deposited to Curvance	45 eBTC
WBTC borrowed	11.29 (~$868K)
Sent by means of Tornado	~384 ETH (~$822K)
Actually stolen	~$816K
eBTC burned by Echo	955
Aptos publicity	~$71K
ECHO drawdown	~11-12%

The different 955 eBTC had nowhere to go till Echo burned it. Monad’s skinny liquidity saved Echo from a a lot larger loss. On Ethereum, this is able to’ve been near $76M out the door.

Why this was an operational hack, not a good contract hack

The code wasn’t the difficulty. It labored the way in which it was presupposed to. The actual downside was how Echo set issues up across the contract:

• The admin function was held by a single pockets as a substitute of a multisig. Stealing a single non-public key was sufficient to take over your complete protocol.
• There was no time lock. When the attacker granted themselves admin after which minter rights, these modifications went dwell instantly. No delay, no window for the group to note and reply.
• The contract had no most provide. Minting 1,000 eBTC with zero BTC backing was technically allowed by the principles of the contract itself.
• No fee restrict both. The attacker minted your complete 1,000 in a single transaction, reasonably than being compelled to unfold it out.
• Curvance accepted the freshly minted eBTC as collateral with out checking whether or not it was legitimately backed. The lending market simply noticed eBTC tokens in a pockets and handled them the identical as actual ones.

None of those are obscure or experimental fixes. Multisigs, timelocks, mint caps, and provide checks are stuff severe DeFi protocols have been delivery for years. Echo simply didn’t hassle with any of them.

May 2026 appears like this

Echo is the 14th hack this month. The yr up to now:

Protocol	Loss	Vector
KelpDAO (Apr)	$292M	RPC poisoning + DDoS (Lazarus)
Drift	$285M	Social engineering (Lazarus, UNC4736)
THORChain (May 15)	$10M+	Vault breach
Verus bridge (May 17)	$11.6M	Cross-chain verification
Echo (May 18)	$816K	Admin key
Transit Finance	$1.88M	Deprecated contract

Approximately $328.6 million misplaced to bridge hacks in 2026 throughout 8 incidents. None of those had been Solidity bugs. Keys, signers, RPC endpoints, off-chain verifiers, that’s the place the cash is leaving now. The attackers moved up the stack. A number of from this yr value listening to:

• Drift (April): Not a technical exploit. UNC4736 (North Korea) spent six months social engineering Drift staff, then drained $285M in 12 minutes. Six months of prep, 12 minutes of execution. That’s a army op, not a hack.
• KelpDAO (17 days later): Same group, utterly completely different vector. They poisoned LayerZero’s RPC infrastructure and solid cross-chain messages for $292M. State-sponsored groups working a number of playbooks in parallel.
• AI is displaying up too: Google confirmed the primary AI-powered mass exploit on May 11 (AI discovered a zero-day and wrote bypass code for 2FA). GoPlus reported a 231% MoM bounce in Web3 losses partly tied to AI. CrowdStrike places the typical eCrime breakout time at 29 minutes, with the quickest at 27 seconds. The assault aspect is automating, protection largely isn’t.
• Resolv Labs (March): Admin key compromise on a stablecoin issuer. Attacker minted 80M unbacked USR, drained $25M, and USR depegged by 80%. Same root trigger as Echo, utterly completely different protocol kind. The sample doesn’t care what you’re constructing.

Ondo Finance put it bluntly of their post-incident evaluation: “there isn’t any single class of vulnerability to defend towards.” That’s the half most protocols nonetheless haven’t internalized.

So when Echo acquired drained by means of a stolen admin key, it didn’t occur in a vacuum. It occurred throughout essentially the most hostile menace surroundings DeFi has ever seen, and the protocol was arrange as if it had been nonetheless 2022.

So what?

DeFi spent the final 5 years getting good at good contract safety. Audits, bug bounties, formal verification, all of it. 

So the attackers stopped concentrating on the code and began concentrating on the whole lot else. Keys, infrastructure, staff, signers. None of that will get audited.

For any wrapped BTC protocol, the one safety query that really issues is who can mint, and the way laborious is it for somebody to take that energy from them. 

If the reply is “a multisig with a timelock, a mint cap, and a lending market that checks the place new collateral got here from,” you may have a actual protocol. If the reply is “one pockets with one key,” you may have $254M sitting there ready to be taken. Echo was the second form.

The injury doesn’t keep in a single place both. Aave wasn’t hacked in April, but it surely misplaced $5.4B in TVL inside 48 hours of the KelpDAO exploit anyway. People simply panicked and pulled their cash out of the whole lot. That’s what occurs now. One protocol will get hit and the entire sector will get repriced.

The fixes usually are not new. They’ve been round for years. Multisig the admin, timelock the modifications, cap the provision, examine the collateral. It’s simply that none of it makes a protocol extra aggressive on the entrance finish, so no one ships it till they’re the following headline. 

Echo acquired off simple as a result of Monad’s liquidity was too skinny for the attacker to completely money out. The subsequent protocol in all probability gained’t have that excuse.

The publish Echo Protocol Hack Autopsy: The $76 Million Exploit That Wasn’t Really a Hack appeared first on BeInCrypto.