Echo Protocol Exploit Sees Hacker Mint Unauthorised eBTC Worth $76.7 Million

Protocol regains admin control after the attacker launders part of the stolen crypto assets.

Advertisement
Written by Rahul Dhingra, Edited by Manas Mitul | Updated: 19 May 2026 18:26 IST
Highlights
  • Hacker minted nearly 1,000 unauthorised eBTC tokens
  • Echo Protocol later burned 955 eBTC held by the attacker
  • Curvance paused the affected market during the investigation

Blockchain investigators linked the exploit to a compromised admin key

Photo Credit: Unsplash/FlyD

Echo Protocol, a decentralised finance (DeFi) protocol deployed on the Monad blockchain, was hacked after an attacker managed to mint around 1,000 unauthorised eBTC on the protocol. Blockchain analytics platform Lookonchain and security firm PeckShield both reported the exploit on Tuesday, observing that the hacker minted these eBTC worth around $76.7 million (roughly Rs. 741 crore). The attacker attempted to launder a part of this loot by depositing 45 eBTC worth around $3.45 million (roughly Rs. 33.3 crore) into DeFi lending and liquidity management protocol, Curvance. 

Security Firms Say Exploit Stemmed From Admin Key Compromise, Not Smart Contract Bug

After the initial attack, the attacker borrowed another 11.3 wrapped Bitcoin (eBTC) worth $868,000 (roughly Rs. 8.3 crore) against it, bridged the said tokens to Ethereum, swapped them for ETH, and sent 384 ETH worth about $822,000 (roughly Rs. 7.9 crore) to the Tornado Cash mixing service. However, the team later stated that it had regained control of the admin key and burned 955 eBTC held by the attacker. This latest exploit adds to the growing list of protocols compromised by fraudulent actors, including THORchain, Verus Protocol's Ethereum bridge, Transit Finance, TrustedVolumes, and Ekubo. 

Advertisement

In a post on X, blockchain developer “Marioo” reported that it was not a smart contract bug, but an admin key compromise, and the root cause of the exploit was operational and not technical. The company said that the eBTC contract was working as per the design, and added that the vulnerabilities included a single signature for the admin role, no timelock, no minting supply cap or rate limit, and no “supply sanity check” by Curvance for the freshly minted collateral.

Curvance, too, shared a statement on the issue. "At this time, there is no indication of any compromise with Curvance's smart contracts," the platform said on X. "Due to Curvance's fully isolated market architecture, no other markets are impacted. Out of an abundance of caution, the affected market has been paused while our team actively investigates the situation alongside ecosystem partners.”

Advertisement

Meanwhile, Echo Protocol said it would share more updates as the investigation progressed. 

This is not the first protocol to deal with an exploit in this week; Verus Protocol's Ethereum bridge was reportedly exploited on Monday when a hacker was able to fraudulently transfer out at least $11.5 million (roughly Rs. 110 crore) in cryptocurrency through a fake cross-chain transfer message. Another protocol exposed due to bad actors was THORchain, when the decentralised liquidity protocol paused all trading operations. The halt came after a blockchain investigator flagged a suspected exploit of more than $10 million (roughly Rs. 96.5 crore) that likely left the protocol exposed across Bitcoin, Ethereum, BNB Chain, and Base. 

Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. iPhone 18 Pro Max Might Arrive With Apple's Biggest Battery Yet
  2. Alienware 15 Arrives in India as Dell's Most Affordable Gaming Laptop Yet
  3. Samsung Galaxy S25 Ultra to Drop Below Rs. 85,000 in Amazon's Prime Day Sale
  4. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  5. Best Mobiles To Grab During The Flipkart GOAT Sale
  6. Amazon Prime Day Mobile Offers 2026: Best Deals on OnePlus, Nothing and More
  7. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  8. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 30,000
  9. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  10. Huion's 2026 India Lineup Defines Next-Gen Creativity
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.