Echo Protocol Hacked for $76.7M in Admin Key Exploit
Decentralized financial protocol Eco Protocol was exploited after an attacker spent around 1,000 unauthorized eBTC on the protocol deployed on the Monad blockchain.
Blockchain security firm PeckShield and analytics platform Lookonchain both reported This incident suggests that on Tuesday, a hacker created 1,000 synthetic bitcoins (EBCC) worth $76.7 million.
“We are currently investigating a security issue affecting Monad on the Echo Bridge. All cross-chain transactions remain blocked,” Echo Protocol said on Tuesday.
This latest exploit comes in a month that has seen at least 12 other protocols breached, including THORChain, the Verus Protocol Ethereum Bridge, Transit Finance, Trusted Volus and Ekubo.
According to PeckShield, the attacker attempted to fake some of the loot by depositing 45 eBTC worth of $3.45 million into DeFi lending and liquidity management protocol Curvance.
The attacker then borrowed 11.3 bundles of Bitcoin (wBTC) worth $868,000, linked the tokens to Ethereum, exchanged them for ETH, and sent 384 ETH worth $822,000 to Tornado's cash mixing service.
The attacker still holds 955 eBTC worth $73 million. basis to Debank
EcoProtocol is a Bitcoin DeFi platform focused on Bitcoin liquidity pooling, liquidity pooling, replenishment and product generation. It creates integrated, liquid BTC assets such as eBTC to bridge and deploy users in DeFi for additional production. The protocol is built on Monad, a high-performance, layer-1, EVM-compatible blockchain.
The hacker still keeps 95% of the stolen crypto. Source: Debank
Administrator's private key is compromised.
Blockchain Developer “Mario” reported This was not a smart contract mistake, but a manager's private key agreement, and the root cause was “operational, not technical.”
The EBTC contract “worked exactly as designed,” he added, adding that its vulnerabilities included a single signature for the administrator role, no time lock, no supply capital or price limit, and no “supply purity assurance” by Curvance for the newly created container.
Related: Hackers used AI to create a zero-day attack to bypass 2FA: Google
Curve reported The Echo eBTC market confirmed that it was aware of the “anomaly” found on Curvance and that there was no compromise with its own smart contracts. He stopped the affected market for investigation.
Monad co-founder Keone Hon Explained. On X, “The Monad network has not been affected and is working normally.”
Meanwhile, Echo Protocol said it will provide updates through official channels as more information becomes available.
DeFi hacking is on the rise in 2026.
The year has been challenging for DeFi security Dozens of protocols are used Locking services for hundreds of millions in crypto and over 20 protocols.
Two of the biggest hacks this year Sliding protocol285 million dollars were lost and Kelp DaoExploited for $292 million in April.
Monday verus protocol ethereum bridge Exploited Hacker steals at least $11.6 million in crypto via fake chain transmission message.
Decentralized liquidity protocol THORChain halted trading on Friday after blockchain investigator ZackXBT reported it as suspicious. 10 million dollars exploitation.
Meanwhile, Transit Finance suffered a botched smart contract exploit that resulted in the loss of $1.88 million last week.
Magazine: The Defy Billion Dollar Secret: Insiders Responsible for Hacking
