The Bitcoin-focused DeFi protocol Echo has halted cross-chain operations following an attack on the bridge within the Monad network. The incident was triggered by the unauthorized issuance of 1,000 eBTC liquidity tokens.
gm @EchoProtocol_ may be hacked on @monad
Someone minted 1k ebtc out of nowhere, max borrowed wbtc against it on @Curvance, bridged, and tornado away
— DCF GOD (@dcfgod) May 18, 2026
The BTCFi platform team confirmed that the incident was caused by the compromise of an administrative key within the Monad network. The actual damage amounted to approximately $816,000.
Earlier today, Echo Protocol identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss.
Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current…
— Echo Protocol (@EchoProtocol_) May 19, 2026
“Monad was not affected and continues to operate normally,” representatives of the protocol stated.
By the time of writing, developers had regained control over the administrative key and burned 955 eBTC that remained in the hacker’s wallet.
According to analysts at Onchain Lens, the attacker initially deposited 45 eBTC as collateral in the lending protocol Curvance to borrow approximately 11.29 WBTC.
Exploit Alert 🚨
According to @dcfgod, @EchoProtocol_ on @monad has been exploited.
The attacker reportedly minted 1,000 $eBTC worth $76.7M and used a previously tested exploit flow to extract funds through Curvance.
So far, the exploiter has:
• Deposited 45 $eBTC ($3.45M)… pic.twitter.com/933n9bbq3X
— Onchain Lens (@OnchainLens) May 18, 2026
The hacker transferred the obtained funds to the Ethereum network, exchanged them for ETH, and withdrew through the mixer Tornado Cash.
Monad founder Keone Hon clarified that the network’s core infrastructure was not affected:
“The issue is solely related to the application and the bridge.”
Curvance representatives stated that the isolated architecture of their markets prevented the attack from spreading to other assets. As a precaution, the protocol has suspended the Echo eBTC pool.
The Echo team continues to investigate with ecosystem partners and is working on implementing additional security measures before resuming bridge operations.
In April, Kelp was hacked with a loss of $292 million, allegedly by the Lazarus Group. The incident was the largest in the DeFi sector since the beginning of the year.
In May, attackers extracted $10 million from the cross-chain protocol THORChain. The project’s developers confirmed the hack and denied the launch of a compensation program.