Echo Protocol suffers $76 million exploit in eBTC minting attack on Monad

Echo Protocol is the latest decentralized finance (DeFi) platform to be hacked, suffering an exploit worth around $77 million.

The Bitcoin-focused DeFi protocol suffered an attack in which about 1,000 unauthorised eBTC ($77 million) were minted on the Monad blockchain, PeckShield posted on X on Tuesday.

The attacker used a compromised admin key to mint tokens, then borrowed wrapped bitcoin (WBTC) worth $3.45 million against funds in the money market and the reward layer at Curvance, and then laundered them through crypto mixer Tornado Cash.

Echo Protocol said it had regained control of the admin keys and burnt the remaining 955 eBTC that the attacker still held.

"We have paused cross-chain functionality for the Monad deployment and completed an upgrade of the relevant Monad contract to restrict affected operations and strengthen control over sensitive functions," Echo said on X.

Echo Protocol is a platform giving users liquidity and yield on bitcoin holdings through synthetic representations of BTC such as eBTC. Its primary home is the Aptos network, but it subsequently expanded to other chains, including Monad.

"Although the Aptos bridge has not been affected, we have fully paused Aptos bridge operations as a precautionary measure while our review continues," Echo Protocol added.

The attack is the latest in a streak of such malicious activity affecting decentralized protocols in recent weeks, the largest of which hit Drift Protocol and KelpDAO for well over $200 million apiece.