Echo Protocol eBTC Exploit: $77M Minted via Admin Key Compromise
Echo Protocol's synthetic Bitcoin token eBTC was exploited after an attacker minted 1,000 eBTC worth $77M through an admin private key compromise. The hacker laundered a small portion via Curvance and Tornado Cash, while the Monad network remains unaffected.
Quick Take
Attacker minted 1,000 eBTC ($77M) via compromised admin private key.
Only 45 eBTC laundered so far; 955 eBTC ($73M) still in attacker wallet.
Root cause: single-signature admin, no timelock, no supply cap.
Part of broader DeFi hack surge; 12 protocols compromised in May alone.
Market Impact Analysis
BearishMajor DeFi exploit undermines confidence in bridging and synthetic assets; $77M unauthorized minting may pressure Bitcoin DeFi tokens.
Speculation Analysis
Key Takeaways
- An attacker minted 1,000 eBTC worth $76.7M after compromising Echo Protocol's admin private key.
- Only 45 eBTC has been laundered so far; 955 eBTC remains in the attacker's wallet.
- The exploit was caused by a single-signature admin with no timelock, minting cap, or rate limit.
- The incident is part of a DeFi exploit surge, with 12 protocols hit in May alone.
What Happened
Echo Protocol's synthetic Bitcoin token eBTC was exploited on Tuesday. An attacker minted 1,000 eBTC—worth approximately $76.7 million—by compromising the admin private key. The protocol immediately suspended all cross-chain transactions while investigating. The hack did not affect the underlying Monad network, which continues to operate normally. A portion of the funds was moved through DeFi platforms: the attacker deposited 45 eBTC into Curvance and borrowed 11.3 wrapped Bitcoin, then bridged and swapped for ETH before sending 384 ETH to Tornado Cash. The vast majority of stolen funds remain untouched.
The Numbers
The attacker minted 1,000 eBTC, instantly creating $76.7M in unauthorized value. Only about 5% has been moved: 45 eBTC ($3.45M) was deposited into Curvance, enabling a loan of 11.3 wBTC ($868K). After bridging to Ethereum, the attacker swapped for ETH and sent 384 ETH ($822K) through Tornado Cash. The remaining 955 eBTC (~$73M) sits in the attacker's wallet, according to DeBank. This leaves 95% of the illicit mint still under the attacker's control.
Why It Happened
The exploit was not a smart contract flaw. The eBTC contract functioned as coded. Instead, it was an operational security failure: the admin role used a single-signature key, no timelock delayed transactions, and there was no cap on minting or rate limit. The absence of a supply sanity check at Curvance allowed freshly minted eBTC to be used as collateral. Blockchain developer Marioo noted the root cause was entirely operational, highlighting critical gaps in administrative controls.
Broader Impact
The exploit adds to a wave of DeFi security incidents this month, with at least 12 protocols compromised including THORChain and Transit Finance. It shakes confidence in Bitcoin bridging and synthetic assets, especially those relying on single-signature admin models. While Monad's infrastructure remained untouched, the event may accelerate demand for multisig and timelock standards across DeFi.
What to Watch Next
- Monitor the attacker's wallet for further laundering attempts—any movement could signal distribution or dump plans.
- Echo Protocol's incident report and recovery strategy will be critical for user confidence and potential reimbursement.
- Watch for ecosystem-wide security upgrades, especially on Monad, as protocols revisit admin key management.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
