Key Takeaways
Echo Protocol disclosed that a compromised admin key on Monad enabled an attacker to mint millions in unauthorized supply.
The team announced on May 19 that it had regained control of its admin keys and burned the remaining 955 eBTC still held by the attacker.
Echo also confirmed that the Monad network itself was unaffected and continued operating normally.
The breach gives crypto another reminder of how quickly bridge risk can move beyond infrastructure and into lending markets when privileged controls fail.
Two numbers define the breach.
The attacker minted 1,000 eBTC, worth about $76.7 million. That figure reflects the unauthorized supply created during the attack.
Echo’s own estimate of the damage is smaller. The protocol said current findings show approximately $816,000 was impacted on Monad.
On-chain trackers said the attacker moved part of the minted eBTC into Curvance, used it as collateral, borrowed WBTC, bridged funds to Ethereum, swapped into ETH and sent 384 ETH to Tornado Cash.
Echo reported the issue came from a compromised admin key affecting its Monad deployment.
After detecting the activity, the protocol paused cross-chain functionality for Monad and upgraded the relevant contracts to restrict affected operations.
It is also reviewing admin key exposure, contract permissions, cross-chain controls, minting controls and internal security procedures.
Echo framed the breach as isolated to Monad and reported no evidence of compromise on Aptos.
The protocol also stressed that aBTC and eBTC are separate, non-bridgeable assets.
As a precaution, Echo paused Aptos bridge operations while its review continues.
Current Aptos exposure stands at about $71,000 across Echo lending markets and Hyperion liquidity pools, with no confirmed loss of funds on Aptos.
Curvance paused the affected Echo eBTC market after detecting abnormal activity.
The lending protocol said it had no evidence that hackers compromised their smart contracts.
Other markets remained operational, according to Curvance, because they were separated from the affected market.
That separation may have helped limit the fallout.
The episode shows how a wrapped or synthetic asset can become dangerous once a lending market accepts it as collateral.
Crypto bridge failures often draw attention to smart contract bugs, validator sets or message verification.
Echo’s case points to a more basic weakness: operational control.
A compromised admin key can become a minting machine, leaving teams to race against borrowed liquidity, market exposure and cross-chain movement.
Echo contained the larger threat before the attacker converted the full 1,000 eBTC into liquid funds.
After regaining control, the team burned the remaining 955 eBTC.
That response reduced the final loss.
It also leaves a harder question for bridge teams: how much power should any admin key hold over minting and cross-chain functions?
Echo said it is working with ecosystem partners and external security reviewers to confirm the full scope of the breach.
The next questions are whether any bad debt remains in affected lending markets, how user positions are handled, and what changes Echo makes to admin-key management.
The confirmed loss may be manageable. The unauthorized mint shows how much damage a compromised key can create before a protocol regains control.
Bridge infrastructure can survive code audits but still fail due to the keys that control it.
You’re All Set!
Thanks for signing up. We’ll be in touch soon with the latest insights.
