Unauthorized eBTC Mint Pressures Echo Token and DeFi Markets

Echo Protocol paused cross-chain transactions after an attacker minted around 1,000 unauthorized eBTC on its Monad blockchain deployment. The unauthorized supply was valued at roughly $76.7 million. The exploit quickly pressured the protocol’s token, with the Echo token falling 12% after the incident became public.

The incident did not appear to involve a breach of the Monad blockchain itself. Monad co-founder Keone Hon said the network was operating normally, while researchers estimated that the actual value extracted was far smaller than the headline mint figure.

Unauthorized eBTC Mint Creates Large Notional Exposure

The attack centered on eBTC, a Bitcoin-linked asset used within Echo Protocol’s DeFi ecosystem. On-chain investigators said the attacker minted roughly 1,000 eBTC without authorization, then used part of that supply in lending markets.

The key distinction is between the value of the unauthorized mint and the amount the attacker appears to have successfully extracted. While the unauthorized eBTC was valued near $76.7 million, the realized extraction appeared much smaller. The attacker reportedly deposited 45 eBTC into Curvance and borrowed about 11.29 WBTC worth roughly $868,000.

Funds Moved Through Ethereum and Tornado Cash

After borrowing the WBTC, the attacker bridged the assets to Ethereum and swapped them into ETH. Blockchain security firm PeckShield estimated that about 384 ETH, worth roughly $822,000, was later sent to Tornado Cash.

That flow suggests the Echo Protocol exploit created a much larger theoretical risk than the amount immediately cashed out. Limited liquidity also appeared to reduce the attacker’s ability to offload the full unauthorized supply at scale.

Admin-Key Risk Under Scrutiny

Early analysis suggested the incident stemmed from privileged access tied to Echo’s deployment rather than a failure in Monad’s core network. Several reports cited blockchain developer Marioo, who said the eBTC contract appeared to operate as intended. He stated that operational weaknesses may have allowed the incident to escalate.

Those reported weaknesses included a single-signature admin role, no timelock, no minting cap, and limited checks around newly minted collateral. For non-technical users, the issue is straightforward: if one privileged role can mint new assets, a compromise can create immediate pressure across connected DeFi markets.

>>> Read more: Arbitrum DAO Approves $71M ETH Release Amid Court Fight

Curvance Market Paused as Precaution

Curvance said it paused the affected Echo eBTC market while teams investigated the incident. The lending protocol also said its isolated market structure prevented the issue from spreading to other markets. Its own smart contracts did not appear to be compromised.

Echo Protocol confirmed the cause of the incident and said it had regained control of the affected keys before burning the remaining 955 eBTC still held by the attacker. The move reduced the risk of additional unauthorized collateral entering the market.

The Echo Protocol exploit was the 14th reported crypto security breach in May 2026. The incident followed the THORChain vault breach on May 15, which drained more than $10 million. It also came days after the Verus-Ethereum bridge exploit on May 17, which caused roughly $11.58 million in losses. The incident is the latest major DeFi hack to renew scrutiny around privileged access controls, bridge security, and collateral verification across DeFi platforms.