Echo Exploit Highlights DeFi’s Growing Access-Control Risks
Echo Protocol contained the fallout from a major exploit on its Monad deployment after attackers minted roughly 1,000 unbacked eBTC tokens in what initially appeared to be a catastrophic $77 million breach.
Summary:
- Attackers minted 1,000 fake eBTC worth roughly $76M–$77M on paper.
- The exploit stemmed from compromised admin access, not a Monad network failure.
- Actual realized losses were capped near $816,000 after emergency freezes.
The actual realized losses, however, were ultimately limited to less than $1 million after liquidity constraints and rapid protocol intervention blocked the attacker from fully cashing out the position.
⚠️ALERT: ANOTHER MAJOR HACK STRIKES CRYPTO; $76M EXPLOIT HITS MONAD
Echo Protocol on Monad was reportedly exploited after an attacker minted 1,000 eBTC worth roughly $76.6M, as per Lookonchain.
The hacker allegedly used part of the funds as collateral on Curvance to borrow… pic.twitter.com/bt8ufNbiLF
— Coin Bureau (@coinbureau) May 19, 2026
Admin Key Compromise Triggered the Attack
Security researchers from Peckshield said the exploit did not involve a flaw in the underlying eBTC smart contract logic itself.
Instead, attackers exploited weak access controls to obtain administrative privileges over Echo’s eBTC deployment.
After assigning themselves the DEFAULT_ADMIN_ROLE, the attacker granted their wallet minting permissions and created 1,000 uncollateralized eBTC tokens before removing traces of their admin access on-chain.
Monad co-founder Keone Hon later clarified that the Monad network itself was not compromised and continued operating normally throughout the incident.
Liquidity Collapse Prevented a Full Cash-Out
While the exploit initially appeared devastating due to the nominal value of the minted tokens, the attacker quickly encountered a major obstacle: insufficient liquidity.
Because Monad’s DeFi ecosystem remains relatively early-stage, there was not enough decentralized exchange liquidity available for the attacker to swap large amounts of eBTC into liquid assets.
READ MORE: Hacker Returns 90% of Funds After Renegade DeFi Exploit
Unable to dump the full position through DEX markets, the attacker pivoted toward lending infrastructure.
Curvance Became the Main Exit Route
The attacker deposited roughly 45 eBTC into Curvance as collateral and borrowed approximately 11.29 Wrapped Bitcoin.
That maneuver allowed the exploiter to extract roughly $816,000 – $867,000 in liquid value before defensive measures activated.
Curvance quickly froze the affected lending market after detecting suspicious collateral activity.
Because the platform uses isolated lending pools, the incident remained largely contained and did not spread across the broader protocol ecosystem.
Echo Burns Remaining Fake Assets
Echo Protocol moved rapidly to regain control of the compromised administrative infrastructure after the exploit was detected.
With bridges frozen and liquidity unavailable, the attacker remained trapped holding roughly 955 unsellable eBTC tokens.
The protocol ultimately intercepted and burned the remaining assets, effectively neutralizing the majority of the exploit’s theoretical value.
Security researchers said the rapid containment prevented what could have become one of the largest realized DeFi losses of 2026.
DeFi Security Focus Shifts Back to Access Controls
The incident once again highlighted how operational security failures – rather than core blockchain vulnerabilities – remain one of the largest risks across decentralized finance.
Analysts noted that many recent exploits increasingly target:
- Administrative credential management
- Multisig governance setups
- Oracle infrastructure
- Cross-chain bridge permissions
rather than attempting to directly break blockchain consensus systems themselves.
The exploit also reinforced how liquidity fragmentation across emerging ecosystems can sometimes unintentionally limit exploit profitability during attacks.
Monad Avoids Broader Contagion
Despite the initial panic surrounding the $77 million headline figure, the broader Monad ecosystem avoided systemic contagion.
No validator failures or chain-level compromises occurred, and most major infrastructure providers continued operating normally during the incident.
The quick containment also helped calm fears surrounding Monad’s rapidly expanding Bitcoin-restaking ecosystem, which has attracted growing institutional and retail attention in recent months.
The information presented in this article is intended for informational purposes only and should not be interpreted as financial, investment, or trading advice. Coinspress.com does not promote or advocate for any particular investment strategy, asset, or cryptocurrency project. Cryptocurrency markets are highly volatile and unpredictable – always perform your own research and seek guidance from a qualified financial professional before making any investment decisions.
Alexander Stefanov
Reporter at CoinsPress
Alex is Editor-in-Chief of Coinspress and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
