Hassan Maishera
TL;DR
-
BTCFi protocol Echo was exploited on Monday.
-
The attacker minted 1,000 eBTC on Monad and used it as collateral to borrow WBTC.
Echo Becomes the Latest DeFi Protocol to Get Hacked
Bitcoin-focused DeFi protocol Echo suffered an exploit on Monday, making it the latest DeFi protocol to suffer an attack this year.
The root cause of the exploit has yet to be identified. The attack was first reported by pseudonymous crypto influencer DCF GOD on X at around 5:55 p.m. on Monday, ET.
According to Onchain Lens, the attacker minted 1,000 eBTC — Echo Protocol's bitcoin liquidity token issued on Monad — and deposited 45 eBTC to DeFi lending protocol Curvance as collateral to borrow around 11.29 WBTC, worth roughly $867,700 at the time.
The report added that the hacker proceeded to bridge the WBTC to Ethereum and swapped the tokens into ETH. The 385 ETH was moved to the crypto mixer Tornado Cash.
Exploit Alert 🚨
— Onchain Lens (@OnchainLens) May 18, 2026
According to @dcfgod, @EchoProtocol_ on @monad has been exploited.
The attacker reportedly minted 1,000 $eBTC worth $76.7M and used a previously tested exploit flow to extract funds through Curvance.
So far, the exploiter has:
• Deposited 45 $eBTC ($3.45M)… pic.twitter.com/933n9bbq3X
Lookonchain added that the hacker still holds 955 eBTC, worth $73,2 million. DefiPrime Founder Nick Sawinyh pointed out that the other 99% of the fake supply is parked on the attacker's wallet, because Monad's lending and DEX depth can't absorb more.
Monad and Curvance have since acknowledged the exploit. Monad Co-founder Keone Hon stated that its security researchers are currently investigating the incident and assured that the network itself is not affected.
Hon revealed that security researchers have calculated that $816,000 have been stolen from this attack.
We're aware of an incident related to @EchoProtocol_ 's eBTC on Monad, and security researchers are investigating https://t.co/3L1pe3IaDu
— Keone Hon (@keoneHD) May 18, 2026
Meanwhile, Curvance wrote that its fully isolated market architecture has shielded other markets from being affected, and that there is no indication of any compromise with its smart contracts.
Furthermore, the protocol stated that it paused the affected Echo eBTC market out of caution.
Echo revealed a few hours ago that the attack was a result of a compromised admin key affecting the Monad deployment. Echo added that it has successfully regained control of the keys and burned the 955 eBTC that the attacker had remained in their possession.
The protocol assured users that there is no evidence of compromise on Aptos, but said it paused cross-chain functionality for the Monad deployment and Aptos bridge operations out of caution
Echo Protocol is a multi-chain BTCFi protocol that launched as a Bitcoin liquidity and yield platform with a large presence on Aptos.
This latest development comes as several DeFi protocols have lost millions of dollars to attackers in recent weeks.
Over the weekend, Verus Ethereum bridge faced an exploit that targeted its Ethereum bridge, with attackers draining roughly $11.58 million in crypto assets, according to multiple blockchain security firms.
Kelp DAO, Wasabi Protocol, and Drift Protocol were among the top breaches that occurred over the past eight weeks.
