{"id":97215,"date":"2026-05-19T12:42:27","date_gmt":"2026-05-19T09:42:27","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=97215"},"modified":"2026-05-19T12:45:18","modified_gmt":"2026-05-19T09:45:18","slug":"echo-protocol-suffers-816000-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/echo-protocol-suffers-816000-hack\/","title":{"rendered":"Echo Protocol Suffers $816,000 Hack"},"content":{"rendered":"<p>The Bitcoin-focused DeFi protocol Echo has halted <a href=\"https:\/\/forklog.com\/en\/news\/what-are-cross-chain-bridges\">cross-chain<\/a> operations following an attack on the bridge within the <a href=\"https:\/\/forklog.com\/en\/news\/how-monad-works-an-ethereum-and-solana-rival-with-10000-tps\">Monad<\/a> network. The incident was triggered by the unauthorized issuance of 1,000 eBTC liquidity tokens.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">gm <a href=\"https:\/\/twitter.com\/EchoProtocol_?ref_src=twsrc%5Etfw\">@EchoProtocol_<\/a> may be hacked on <a href=\"https:\/\/twitter.com\/monad?ref_src=twsrc%5Etfw\">@monad<\/a> <\/p>\n<p>Someone minted 1k ebtc out of nowhere, max borrowed wbtc against it on <a href=\"https:\/\/twitter.com\/Curvance?ref_src=twsrc%5Etfw\">@Curvance<\/a>, bridged, and tornado away<\/p>\n<p>\u2014 DCF GOD (@dcfgod) <a href=\"https:\/\/twitter.com\/dcfgod\/status\/2056493905680720238?ref_src=twsrc%5Etfw\">May 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The <a href=\"https:\/\/forklog.com\/en\/news\/btcfi-stalled-evolution-or-a-temporary-setback\">BTCFi<\/a> platform team confirmed that the incident was caused by the compromise of an administrative key within the Monad network. The actual damage amounted to approximately $816,000.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Earlier today, Echo Protocol identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss.<\/p>\n<p>Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current\u2026<\/p>\n<p>\u2014 Echo Protocol (@EchoProtocol_) <a href=\"https:\/\/twitter.com\/EchoProtocol_\/status\/2056623150620873200?ref_src=twsrc%5Etfw\">May 19, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cMonad was not affected and continues to operate normally,\u201d representatives of the protocol stated.<\/em><\/p>\n<\/blockquote>\n<p>By the time of writing, developers had <a href=\"https:\/\/x.com\/EchoProtocol_\/status\/2056623150620873200\">regained<\/a> control over the administrative key and burned 955 eBTC that remained in the hacker&#8217;s wallet.\u00a0<\/p>\n<p>According to analysts at Onchain Lens, the attacker initially deposited 45 eBTC as collateral in the lending protocol Curvance to borrow approximately 11.29 WBTC.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Exploit Alert \ud83d\udea8<\/p>\n<p>According to <a href=\"https:\/\/twitter.com\/dcfgod?ref_src=twsrc%5Etfw\">@dcfgod<\/a>, <a href=\"https:\/\/twitter.com\/EchoProtocol_?ref_src=twsrc%5Etfw\">@EchoProtocol_<\/a> on <a href=\"https:\/\/twitter.com\/monad?ref_src=twsrc%5Etfw\">@monad<\/a> has been exploited.<\/p>\n<p>The attacker reportedly minted 1,000 <a href=\"https:\/\/twitter.com\/search?q=%24eBTC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$eBTC<\/a> worth $76.7M and used a previously tested exploit flow to extract funds through Curvance.<\/p>\n<p>So far, the exploiter has:<\/p>\n<p>\u2022 Deposited 45 <a href=\"https:\/\/twitter.com\/search?q=%24eBTC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$eBTC<\/a> ($3.45M)\u2026 <a href=\"https:\/\/t.co\/933n9bbq3X\">pic.twitter.com\/933n9bbq3X<\/a><\/p>\n<p>\u2014 Onchain Lens (@OnchainLens) <a href=\"https:\/\/twitter.com\/OnchainLens\/status\/2056522722461761612?ref_src=twsrc%5Etfw\">May 18, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The hacker transferred the obtained funds to the Ethereum network, exchanged them for ETH, and withdrew through the mixer <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">Tornado Cash<\/a>.\u00a0<\/p>\n<p>Monad founder Keone Hon <a href=\"https:\/\/x.com\/keoneHD\/status\/2056506185973436648\">clarified<\/a> that the network&#8217;s core infrastructure was not affected:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThe issue is solely related to the application and the bridge.\u201d<\/em><\/p>\n<\/blockquote>\n<p>Curvance representatives <a href=\"https:\/\/x.com\/Curvance\/status\/2056501191492747561\">stated<\/a> that the isolated architecture of their markets prevented the attack from spreading to other assets. As a precaution, the protocol has suspended the Echo eBTC pool.<\/p>\n<p>The Echo team continues to investigate with ecosystem partners and is working on implementing additional security measures before resuming bridge operations.<\/p>\n<p>In April, Kelp <a href=\"https:\/\/forklog.com\/en\/news\/kelp-and-aave-begin-asset-recovery-after-hack\">was hacked<\/a> with a loss of $292 million, allegedly by the Lazarus Group. The incident was the largest in the DeFi sector since the beginning of the year.\u00a0<\/p>\n<p>In May, attackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-extract-10-million-from-thorchain\">extracted<\/a> $10 million from the cross-chain protocol THORChain. The project&#8217;s developers <a href=\"https:\/\/forklog.com\/en\/news\/thorchain-team-reveals-details-of-10-million-hack\">confirmed<\/a> the hack and denied the launch of a compensation program.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Echo Protocol halted cross-chain operations following an attack on the Monad network bridge, triggered by unauthorized issuance of 1,000 eBTC liquidity tokens.<\/p>\n","protected":false},"author":1,"featured_media":97216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Echo Protocol halted operations after a $816,000 hack.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1784,44,1712],"class_list":["post-97215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-btcfi","tag-cybercrime","tag-monad"],"aioseo_notices":[],"amp_enabled":true,"views":"11","promo_type":"1","layout_type":"1","short_excerpt":"Echo Protocol halted operations after a $816,000 hack.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=97215"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97215\/revisions"}],"predecessor-version":[{"id":97217,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/97215\/revisions\/97217"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/97216"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=97215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=97215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=97215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}