Meet the Top 101 in Crypto
News
4 min read

Echo Protocol’s $76.7M Unauthorized Mint Raises Bridge Security Questions

Published 19 May 2026
Alex Shilina
Authors
Edited by Insha Zia

Key Takeaways

  • Echo Protocol said a compromised admin key led to unauthorized eBTC minting on Monad.
  • The attacker minted 1,000 eBTC, creating roughly $76.7 million in notional exposure.
  • Echo said approximately $816,000 was impacted on Monad.
  • The team said it regained control of the admin keys and burned the remaining 955 eBTC held by the attacker.
  • Curvance paused the affected Echo eBTC market after detecting abnormal activity.

Echo Protocol disclosed that a compromised admin key on Monad enabled an attacker to mint millions in unauthorized supply.

The team announced on May 19 that it had regained control of its admin keys and burned the remaining 955 eBTC still held by the attacker.

Echo also confirmed that the Monad network itself was unaffected and continued operating normally.

The breach gives crypto another reminder of how quickly bridge risk can move beyond infrastructure and into lending markets when privileged controls fail.

Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
Opened in 2018
Promotions
Deposit $100, Get an Extra $300 in GOLD!
Coins
Shiba Inu Bitcoin PAX Gold Ampleforth Ethereum +70
Promotions
Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.
Coins
Bitcoin Ethereum Tether USD Coin Solana +76
Opened in 2017
Promotions
Experience a 1-minute swap on a non-custodial platform.
Coins
Bitcoin Ethereum Tether Build'N'Build USD Coin +217
Show More

A $76.7 Million Mint, An $816,000 Hit

Two numbers define the breach.

The attacker minted 1,000 eBTC, worth about $76.7 million. That figure reflects the unauthorized supply created during the attack.

Echo’s own estimate of the damage is smaller. The protocol said current findings show approximately $816,000 was impacted on Monad.

On-chain trackers said the attacker moved part of the minted eBTC into Curvance, used it as collateral, borrowed WBTC, bridged funds to Ethereum, swapped into ETH and sent 384 ETH to Tornado Cash.

Echo Says Admin Key Was Compromised

Echo reported the issue came from a compromised admin key affecting its Monad deployment.

After detecting the activity, the protocol paused cross-chain functionality for Monad and upgraded the relevant contracts to restrict affected operations.

It is also reviewing admin key exposure, contract permissions, cross-chain controls, minting controls and internal security procedures.

Echo framed the breach as isolated to Monad and reported no evidence of compromise on Aptos.

The protocol also stressed that aBTC and eBTC are separate, non-bridgeable assets.

As a precaution, Echo paused Aptos bridge operations while its review continues.

Current Aptos exposure stands at about $71,000 across Echo lending markets and Hyperion liquidity pools, with no confirmed loss of funds on Aptos.

Curvance Moves To Contain The Damage

Curvance paused the affected Echo eBTC market after detecting abnormal activity.

The lending protocol said it had no evidence that hackers compromised their smart contracts.

Other markets remained operational, according to Curvance, because they were separated from the affected market.

That separation may have helped limit the fallout.

The episode shows how a wrapped or synthetic asset can become dangerous once a lending market accepts it as collateral.

Admin Keys Put Bridge Risk Back In Focus

Crypto bridge failures often draw attention to smart contract bugs, validator sets or message verification.

Echo’s case points to a more basic weakness: operational control.

A compromised admin key can become a minting machine, leaving teams to race against borrowed liquidity, market exposure and cross-chain movement.

Echo contained the larger threat before the attacker converted the full 1,000 eBTC into liquid funds.

After regaining control, the team burned the remaining 955 eBTC.

That response reduced the final loss.

It also leaves a harder question for bridge teams: how much power should any admin key hold over minting and cross-chain functions?

What To Watch Next

Echo said it is working with ecosystem partners and external security reviewers to confirm the full scope of the breach.

The next questions are whether any bad debt remains in affected lending markets, how user positions are handled, and what changes Echo makes to admin-key management.

The confirmed loss may be manageable. The unauthorized mint shows how much damage a compromised key can create before a protocol regains control.

Bridge infrastructure can survive code audits but still fail due to the keys that control it.

Alex Shilina

PhD, researcher and writer exploring AI, blockchain, and the philosophy of tech, with a focus on DeScAI, governance, and trust.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status