Echo Protocol (Monad) Hack 2026 — $816K Exploit Analysis

Admin key compromise of Echo Protocol's eBTC contract on Monad allowed minting of 1,000 eBTC ($76.6M), but shallow liquidity limited realized losses to $816K, laundered through Tornado Cash.

Details

Full Description

On May 18-19 2026, Echo Protocol on the Monad blockchain suffered an admin key compromise of its eBTC (Elastic Bitcoin) contract. The attacker gained the DEFAULT_ADMIN_ROLE, revoked the original admin's access, and granted themselves the MINTER_ROLE — enabled by the contract's single-admin design with no multisig protection, no timelock, and no mint cap. They minted 1,000 eBTC nominally worth $76.64M. However, due to the shallow liquidity on the nascent Monad ecosystem, the attacker could only realize approximately $816K in value. They deposited 45 eBTC as collateral on Curvance, borrowed 11.3 WBTC (~$868K), bridged the WBTC to Ethereum, swapped to 384-385 ETH, and routed through Tornado Cash. Monad CEO Keone Hon confirmed the realized loss at approximately $816K and clarified that the Monad blockchain itself was unaffected. Echo Protocol subsequently suspended cross-chain activity, and the team regained admin key control, burning the remaining 955 eBTC.

Laundering Analysis

The $816K realized from the exploit was laundered through a multi-step process: 45 eBTC deposited as collateral on Curvance protocol -> 11.3 WBTC (~$868K) borrowed -> bridged to Ethereum -> swapped to 384-385 ETH -> routed through Tornado Cash for privacy obfuscation. The attacker's choice to use Curvance for borrowing rather than direct DEX swaps suggests awareness of on-chain slippage monitoring. The Tornado Cash routing makes recovery of the laundered $816K highly unlikely.

Sources

Related Hacks

Back to Browse