Echo Protocol, a Bitcoin liquidity and synthetic asset protocol built on the Monad ecosystem, suffered a major exploit after attackers minted approximately 1,000 eBTC tokens worth nearly $76.7 million through a compromised administrator key tied to its Monad deployment.

The exploit was first flagged by on-chain analysts and blockchain security researchers who identified abnormal minting activity involving Echo’s eBTC market on Monad. According to multiple security reports, the attacker minted unbacked eBTC tokens before using part of the position as collateral within decentralized finance protocols to extract additional assets.

Blockchain investigators said the attacker deposited approximately 45 eBTC into the Curvance lending protocol and borrowed around 11.29 wrapped Bitcoin before bridging assets from Monad to Ethereum. The funds were later swapped into Ether and partially routed through Tornado Cash in an attempt to obscure transaction trails. Security researchers estimate roughly $816,000 worth of assets were successfully siphoned from the ecosystem before mitigation measures were implemented.

Echo Protocol later confirmed the incident in an official statement, saying the exploit originated from an administrator key compromise connected to its Monad-based eBTC deployment rather than a flaw within the Monad blockchain itself. The project said it regained control of the compromised administrator key and burned 955 eBTC that remained under attacker control.

Cross-Chain Transactions Suspended During Investigation

Following the exploit, Echo Protocol suspended all cross-chain transactions tied to the Monad deployment while investigations continue. The team stated that it is upgrading bridge contracts and strengthening permission control systems as part of ongoing remediation efforts.

Echo Protocol emphasized that the incident appears isolated to the Monad deployment and that Aptos-based assets tied to the project were not directly affected. The protocol said its Aptos-based aBTC and Monad-based eBTC products operate independently without direct bridging functionality between the two systems.

The exploit reignited broader concerns around security risks in cross-chain infrastructure and synthetic asset protocols. Analysts noted that bridge systems and administrator key management remain among the most vulnerable components in decentralized finance architecture, particularly as protocols expand across multiple blockchain ecosystems.

Monad itself stated that the network’s core infrastructure was not compromised. Security researchers and ecosystem contributors continue monitoring associated wallets for additional suspicious activity or further laundering attempts involving the remaining funds.

DeFi Security Concerns Intensify

The Echo Protocol exploit adds to a growing number of major decentralized finance security incidents during May. Blockchain analytics firms noted that the Echo incident marked at least the fourteenth publicly reported crypto exploit of the month, underscoring ongoing concerns around smart contract security and bridge architecture.

Security firms tracking the exploit said the incident highlights the operational risks tied to centralized administrator permissions within ostensibly decentralized systems. Several researchers pointed to compromised private keys and insufficient access control protections as recurring causes behind recent DeFi attacks.

The attack also drew attention to the increasing complexity of cross-chain exploit strategies. By leveraging lending markets, synthetic assets, bridges, and privacy infrastructure across multiple networks, attackers continue demonstrating sophisticated laundering techniques that complicate recovery efforts for affected protocols.

Despite the incident, Monad developers and ecosystem participants stressed that the exploit was isolated to Echo Protocol’s deployment architecture rather than the underlying Layer 1 blockchain itself. Investigations into the full scope of the exploit and potential recovery options remain ongoing.