Echo Protocol Exploited on Monad; 1,000 eBTC Minted

An exploit of Echo Protocol on the Monad network resulted in the minting of 1,000 eBTC, roughly $76.64 million in tokenized Bitcoin. Echo Protocol suspended all cross‑chain transactions and Curvance paused the affected market while teams and on‑chain analysts traced the flow of funds. The incident raised May’s running total of crypto hacks to 14.

On‑chain analyst dcfgod first flagged the activity and security firm PeckShield mapped the laundering path. According to tracing, the exploiter deposited 45 eBTC, about $3.45 million, into Curvance and borrowed 11.29 wrapped Bitcoin (WBTC). The borrowed assets were bridged to Ethereum, swapped for Ether, and 384 ETH was sent to the privacy service Tornado Cash.

Curvance posted a status update on X reporting the anomaly was detected at approximately 6:00 PM EST and that there was no sign of a compromise to Curvance’s smart contracts. The platform added that its market architecture isolates risk to individual markets and that no other markets appear affected. Curvance wrote that the affected market was paused while its team investigates alongside ecosystem partners.

Echo Protocol confirmed the incident on X and said it had suspended all cross‑chain transfers while investigators work to determine the cause and scope. The project said it will provide updates through official channels as more information becomes available.

Monad chief executive Keone Hon clarified that the Monad network itself was not affected. Hon wrote on X that security researchers estimate about $816,000 appears to have been stolen in the exploit of Echo Protocol’s eBTC.

The Echo Protocol incident follows two other recent decentralized finance breaches. On May 15, THORChain reported a vault breach that drained more than $10 million. Security researchers identified an exploit of the Verus‑Ethereum bridge three days later that resulted in roughly $11.58 million in losses.

Investigators are focused on tracking the minted eBTC and subsequent swaps to determine whether the attacker exploited a protocol flaw, a minting loophole or oracle manipulation. PeckShield’s mapping and other on‑chain tracing aim to identify the route of funds and potential recipient addresses. The use of Tornado Cash adds complexity to recovery efforts by obscuring transaction history.

At present, Echo Protocol has halted cross‑chain activity and Curvance has suspended the individual eBTC market to limit further exposure. Both teams say they are working with security firms and ecosystem partners to investigate and will share further findings when available.