Echo Protocol Hack Autopsy: The $76 Million Exploit That Wasn’t Really a Hack

2026 DeFi losses crossed $1 billion in four months, with April alone draining $634 million across 28+ incidents, the worst month on record.

Drift ($285M) and KelpDAO ($292M) alone accounted for $577 million of April’s losses, and neither was a code exploit. 

DefiLlama’s 2026 hack breakdown tells the same thing. 

The biggest slices are LayerZero bridge exploits (18%), compromised admin keys (16%), spoof tokens (14%), and private key compromises (11%). 

Combined, operational and key-management failures account for the majority of all stolen value this year. Smart contract bugs like re-entrancy and oracle manipulation barely register.

Echo Protocol just became the latest data point. 

On May 18, an attacker broke into the Echo Protocol on Monad and printed 1,000 fake eBTC for themselves. That’s $76.7M on paper. 

The problem is, fake tokens don’t buy you anything unless you can trade them for something real. So they took a small chunk, dropped it into Curvance’s lending app as collateral, and borrowed real Bitcoin against it. 

Then bridged that Bitcoin to Ethereum, swapped it for ETH, and ran it through Tornado Cash. Final take: around $816,000. 

Everyone’s calling it $76.7 million but the real number is $816,000, and why those two numbers are so far apart is the main story here.

This breakdown covers what happened, how, and what it says about DeFi security right now. 

The bottom line: The contract was fine. A stolen admin key and lazy controls did everything else, and that’s how most of 2026’s DeFi losses are happening.

Post Mortem (The Summary) 

• Echo Protocol was not hacked through bad smart contract code. The attacker stole or accessed an admin key.
• That admin key controlled minting rights for Echo’s eBTC token on Monad. One private key was enough to create fake Bitcoin-backed tokens.
• The attacker minted 1,000 fake eBTC, worth about $76.7 million on paper. But those tokens had no real BTC backing.
• They could not cash out the full amount because Monad liquidity was thin. So they used 45 fake eBTC as collateral on Curvance.
• Curvance accepted the fake eBTC as normal collateral and let the attacker borrow real WBTC.
• The attacker escaped with about $816,000 in real value, not $76.7 million.
• Echo later burned the remaining 955 fake eBTC and paused affected functions.
• Monad itself was not hacked. Curvance’s main protocol was not directly hacked either. The failure came from Echo’s admin setup and Curvance trusting newly minted collateral.
• The core lesson: DeFi attackers are now targeting keys, admins, bridges, infrastructure, and team operations more than smart contract bugs.
• Basic protections could have reduced or stopped this: multisig admin control, timelocks, mint caps, rate limits, and collateral checks.
• Echo got lucky. The attacker only failed to drain more because there was not enough liquidity to cash out the fake tokens.

The Players

Here’s the full breakdown of what happened, and how. 

• Echo Protocol

A BTCFi (Bitcoin DeFi) project. Their pitch: take your BTC, get a yield-bearing wrapped version of it that works in DeFi.

Their home base is Aptos, where the token is called aBTC. They hit a peak TVL of $878 million on Aptos in May 2025, currently sitting around $254 million. 

Echo expanded to Monad as part of Monad’s mainnet ecosystem push. On Monad, their wrapped BTC token is called eBTC.

This is critical: aBTC and eBTC are completely separate, non-bridgeable assets. They’re parallel deployments, not connected. The hack hit eBTC on Monad only.

• Monad

A new high-performance parallelized EVM L1. One of the hyped chains of 2025-26. Just out of the mainnet, with lots of protocols deploying fresh.

Echo is one of them. Monad itself was NOT compromised in any way. Co-founder @keoneHD confirmed the network ran normally throughout. It was a protocol-level failure on top of Monad.

• Curvance

A lending protocol deployed on Monad. Functions like Aave but with isolated markets, where each collateral asset lives in its own siloed pool so a compromised asset can’t infect the rest of the lending protocol.

They had listed eBTC as a collateral asset.

• Tornado Cash

Sanctioned ETH mixer. You send ETH in, you get ETH out from a different wallet, and break the on-chain trail. Standard exit tool for hackers.

What Got Exploited

Echo’s eBTC token on Monad is a standard ERC-20 contract that uses OpenZeppelin’s role-based access control system. This is industry standard, used by basically every serious DeFi project. 

Two roles matter in its setup:

• DEFAULT_ADMIN_ROLE: the master role. Can grant or revoke any other role on the contract.
• MINTER_ROLE: can call mint() and create new eBTC tokens.

Normally, only Echo’s team holds these. Minting only happens when real BTC gets locked somewhere, and the team mints the matching eBTC. That’s the entire trust model behind a wrapped token.

Here’s where Echo messed up. 

The DEFAULT_ADMIN_ROLE sat on a single EOA, basically just a normal wallet with one private key behind it. And the wallet had no safety nets. Whoever held that key could mint as much as they wanted, whenever they wanted, with nothing to slow them down.

So the entire $254M+ Echo ecosystem on Monad was, in security terms, sitting behind one private key. That key got stolen. Nobody’s said how yet. Could be phishing, malware on a team laptop, an infra breach, an insider, secrets leaked in a repo, supply chain attack through a dev tool. Echo hasn’t disclosed.

The Attack Step by Step

Date: May 18, 2026, around 5:55 PM ET 

• Step 1: Attackers use the stolen admin key to grant themselves DEFAULT_ADMIN_ROLE on a fresh wallet. They’re now admin too.
• Step 2: From that new admin role, they grant themselves MINTER_ROLE. They can now mint.
• Step 3: They call mint(attacker_wallet, 1000e8). 1,000 eBTC shows up in their wallet. Notional value $76.7M. Real BTC backing: zero. These tokens are completely fake, phantom claims on Bitcoin that don’t exist anywhere.
• Step 4: They revoke the original Echo admin and their own admin role too. Cleanup move so it looks less suspicious on-chain. From the outside, it just looks like a random wallet holding 1,000 eBTC.

At this point, the peg is mathematically broken. There are 1,000 more eBTC tokens than there is BTC backing them.

But the attacker hasn’t actually taken anything yet. Fake tokens are worthless unless you can convert them into real money.

The Cashout Flow

You can’t just dump 1,000 fake eBTC on a DEX. Monad’s DEXs don’t have anywhere close to that liquidity. You’d crash the price to zero before extracting anything, and arbitrageurs would catch it instantly. So the attacker went to a lending market instead.

• Step 5. Deposit 45 eBTC ($3.45M paper value) into Curvance as collateral. Curvance accepts it because, from the contract’s view, eBTC is eBTC. No oracle or check that separates “freshly minted fake eBTC” from “legit BTC-backed eBTC.” That’s the second failure of this hack. Lending markets just accept new collateral at face value without checking where it came from.
• Step 6. Borrow 11.29 WBTC against it, about $868K of real wrapped Bitcoin. WBTC is the major BTC-on-Ethereum token, deep liquidity, fully backed. They now have $868K of real value, secured by $3.45M of fake collateral they’re never coming back for.
• Step 7. Bridge the WBTC to Ethereum. That’s where liquidity lives and where Tornado works.
• Step 8. Swap WBTC to ~384 ETH on Ethereum (~$822K).
• Step 9. Run the 384 ETH through Tornado Cash. Trail breaks. Funds land in fresh wallets that can’t be traced back.

Total real money out: approximately $816,000.

How Echo Responded

Within hours of the hack going public, Echo reclaimed the admin key, burned the 955 eBTC still sitting in the attacker’s wallet (which no longer exists), and paused all cross-chain functionality on Monad. 

They also paused the Aptos bridge and Aptos lending even though Aptos was clean, just to be safe. Pushed a contract upgrade on Monad to restrict the affected operations and said they’d patch their other EVM bridge deployments too.

Curvance paused the eBTC market, confirmed that their own contracts were fine, and noted that their isolated market design prevented the damage from spreading to other lending pools.

Keone from Monad clarified the chain was untouched and pegged the actual loss at around $816K.

The Breakdown

The gap between $76.7 million and $816,000 is the whole story. Curvance was the only viable exit, and its depth capped the borrow at approximately $868,000. 

The other 955 eBTC had nowhere to go until Echo burned it. Monad’s thin liquidity saved Echo from a much bigger loss. On Ethereum, this would’ve been close to $76M out the door.

Why this was an operational hack, not a smart contract hack

The code wasn’t the issue. It worked the way it was supposed to. The real problem was how Echo set things up around the contract:

• The admin role was held by a single wallet instead of a multisig. Stealing a single private key was enough to take over the entire protocol.
• There was no time lock. When the attacker granted themselves admin and then minter rights, those changes went live immediately. No delay, no window for the team to notice and respond.
• The contract had no maximum supply. Minting 1,000 eBTC with zero BTC backing was technically allowed by the rules of the contract itself.
• No rate limit either. The attacker minted the entire 1,000 in a single transaction, rather than being forced to spread it out.
• Curvance accepted the freshly minted eBTC as collateral without checking whether it was legitimately backed. The lending market just saw eBTC tokens in a wallet and treated them the same as real ones.

None of these are obscure or experimental fixes. Multisigs, timelocks, mint caps, and supply checks are stuff serious DeFi protocols have been shipping for years. Echo just didn’t bother with any of them.

May 2026 looks like this

Echo is the 14th hack this month. The year so far:

Approximately $328.6 million lost to bridge hacks in 2026 across 8 incidents. None of these were Solidity bugs. Keys, signers, RPC endpoints, off-chain verifiers, that’s where the money is leaving now. The attackers moved up the stack. A few from this year worth paying attention to:

• Drift (April): Not a technical exploit. UNC4736 (North Korea) spent six months social engineering Drift employees, then drained $285M in 12 minutes. Six months of prep, 12 minutes of execution. That’s a military op, not a hack.
• KelpDAO (17 days later): Same group, completely different vector. They poisoned LayerZero’s RPC infrastructure and forged cross-chain messages for $292M. State-sponsored teams running multiple playbooks in parallel.
• AI is showing up too: Google confirmed the first AI-powered mass exploit on May 11 (AI found a zero-day and wrote bypass code for 2FA). GoPlus reported a 231% MoM jump in Web3 losses partly tied to AI. CrowdStrike puts the average eCrime breakout time at 29 minutes, with the fastest at 27 seconds. The attack side is automating, defense mostly isn’t.
• Resolv Labs (March): Admin key compromise on a stablecoin issuer. Attacker minted 80M unbacked USR, drained $25M, and USR depegged by 80%. Same root cause as Echo, completely different protocol type. The pattern doesn’t care what you’re building.

Ondo Finance put it bluntly in their post-incident analysis: “there is no single class of vulnerability to defend against.” That’s the part most protocols still haven’t internalized.

So when Echo got drained through a stolen admin key, it didn’t happen in a vacuum. It happened during the most hostile threat environment DeFi has ever seen, and the protocol was set up as if it were still 2022.

So what?

DeFi spent the last five years getting good at smart contract security. Audits, bug bounties, formal verification, all of it. 

So the attackers stopped targeting the code and started targeting everything else. Keys, infrastructure, employees, signers. None of that gets audited.

For any wrapped BTC protocol, the only security question that actually matters is who can mint, and how hard is it for someone to take that power from them. 

If the answer is “a multisig with a timelock, a mint cap, and a lending market that checks where new collateral came from,” you have a real protocol. If the answer is “one wallet with one key,” you have $254M sitting there waiting to be taken. Echo was the second kind.

The damage doesn’t stay in one place either. Aave wasn’t hacked in April, but it lost $5.4B in TVL within 48 hours of the KelpDAO exploit anyway. People just panicked and pulled their money out of everything. That’s what happens now. One protocol gets hit and the whole sector gets repriced.

The fixes are not new. They’ve been around for years. Multisig the admin, timelock the changes, cap the supply, check the collateral. It’s just that none of it makes a protocol more competitive on the front end, so nobody ships it until they’re the next headline. 

Echo got off easy because Monad’s liquidity was too thin for the attacker to fully cash out. The next protocol probably won’t have that excuse.

The post Echo Protocol Hack Autopsy: The $76 Million Exploit That Wasn’t Really a Hack appeared first on BeInCrypto.

Source link