Crypto Hack Affects Echo and Monad’s eBTC Market

Echo Protocol is currently addressing a significant security incident related to its bridge on the Monad platform. Reports from on-chain analysts indicated that an attacker minted 1,000 eBTC, subsequently exploiting this mint to withdraw liquidity in WBTC through the Curvance platform.

The matter was first highlighted by on-chain analyst DCF GOD, who alerted the community that Echo “may be hacked on Monad.” They detailed a transaction involving the minting of 1,000 eBTC, which occurred on May 18 at 21:21:32 UTC.

Crypto Hack Affects Echo and Monad’s eBTC Market

Incident Overview: $76 Million in eBTC Minted

Upon further investigation by Lookonchain, the timeline of events became clearer. The analysis showed that the attacker minted 1,000 eBTC, valued at approximately $76.64 million. This individual then deposited 45 eBTC (around $3.45 million) into Curvance, borrowed 11.3 WBTC (approximately $867,000), and converted this WBTC into 385 ETH (worth about $821,000) before sending the ETH to Tornado Cash. As it stands, the attacker is estimated to still possess 955 eBTC valued at around $73.2 million.

Odysseas Lamtzidis, founder and CEO of Phylax Systems, has proposed that the trail of transactions does not indicate a flaw in Curvance’s lending protocols. Instead, he pointed towards a potential compromise in the management of admin roles on the eBTC side. He explained, “The eBTC admin granted DEFAULT_ADMIN_ROLE to 0x6A0109, who revoked admin, self-granted MINTER_ROLE, and minted 1,000 eBTC.” This raises concerns about the security of administrative controls and suggests a deeper vulnerability rather than a mere bug in the lending platform.

Echo confirmed the incident and stated they are investigating the issue without issuing a complete root-cause analysis yet. They noted, “All cross-chain transactions are currently suspended while we look into this situation. We are committed to providing updates through our official communication channels as more information becomes available.” The immediate focus is on ensuring the security of the bridge and assessing risks to the lending market.

Curvance has paused its eBTC market as a precautionary move, indicating no signs that its smart contracts were compromised. They reassured users that their other markets remain unaffected by this incident. Likewise, Monad’s network has operated normally throughout the event.

Monad CEO Keone Hon clarified that “the Monad network is not affected and is operating normally. Security researchers have determined that approximately $816,000 has been stolen due to this exploit involving Echo Protocol’s eBTC.”

Lessons from the Incident

This incident highlights a recurring issue within decentralized finance (DeFi): the vulnerability of bridging and lending systems. Allowing bridged or synthetic assets to serve as valid collateral can lead to significant liquidity issues if a security breach occurs. In this instance, the attacker utilized the minted eBTC to acquire and move substantial amounts of WBTC off the Monad network, converting it into ETH and subsequently routing the funds through a mixer.

Key questions remain regarding the response and resolution:

  • Have the unauthorized eBTC minted been neutralized?
  • Does Curvance face any potential bad debt from the WBTC borrow?
  • Which permissions or contracts connected to the bridge were involved?
  • When can cross-chain transactions safely resume?

The eBTC market on Monad now remains a focal point for users to assess the containment of the incident.

This incident occurs against a backdrop of challenges for crypto infrastructure. Just days before this security breach, THORChain experienced losses exceeding $10 million, while the Verus-Ethereum Bridge was drained of approximately $11.5 million. These events serve as cautionary reminders that the design of bridges, collateral considerations, and liquidity management are critical areas for safeguarding against attacks in the DeFi ecosystem.

Update from Echo Protocol: The team confirmed on X that they identified unauthorized activity involving eBTC on Monad, resulting in the unauthorized minting of tokens and associated fund loss. They noted, “Our investigation indicates the issue arose from a compromised admin key affecting the Monad deployment.” Presently, the loss is pegged at about $816,000, and they have regained control of the admin keys and burned the remaining minted eBTC possession in the attacker’s control.

As of now, the total cryptocurrency market cap stands at approximately $2.54 trillion.

Emily Walker
Emily Walker
Crypto News Editor

Emily brings structure, clarity, and journalistic integrity to Bitrabo’s daily news coverage. With years of experience in tech journalism, she ensures that every headline, update, and developing story is accurate and impactful. From breaking regulatory news to market movements, Emily’s editorial oversight keeps Bitrabo’s news content timely, trusted, and engaging.