Echo Protocol halts eBTC cross‑chain transfers after unauthorized mint of 1,000 tokens

Echo Protocol said it suspended cross-chain transfers after an unauthorized mint created 1,000 eBTC on its Monad deployment late Sunday, an incident that put tens of millions of dollars in nominal token value at issue and prompted at least one connected DeFi market to halt activity.

The mint occurred at about 21:21:32 UTC on May 18, according to on-chain records cited by DefiPrime and visible on Monad explorers. At prevailing bitcoin prices, the newly created eBTC — a bitcoin-pegged token used in decentralized finance — was worth roughly $76 million to $77 million on paper. But on-chain analysts said the amount actually extracted so far appears far smaller, at about $820,000 to $870,000. The attacker was still reported to hold roughly 955 eBTC after the initial cash-out transactions, leaving a much larger pool of unbacked tokens still outstanding.

Security firms and on-chain analysts, including PeckShield and Lookonchain, said the transaction pattern suggests the attacker gained privileged access to the eBTC contract on Monad, granted themselves minting rights, minted 1,000 eBTC and then revoked the admin role. That sequence is consistent with an admin-key compromise or another takeover of a privileged role, analysts said. Echo Protocol had not published a full technical post-mortem as of this reporting, and the root cause has not been officially confirmed.

Analysts said the attacker’s observed cash-out route involved depositing about 45 eBTC into Curvance, a DeFi lending protocol, as collateral, borrowing about 11.29 WBTC, bridging it to Ethereum, swapping it into ether and then sending about 384 ETH to Tornado Cash, a crypto mixing service. That on-chain trail is the basis for estimates that the realized loss was under $1 million, even though the unauthorized mint created far more nominal exposure.

Echo Protocol said in a social post that it was investigating “a security incident impacting the Echo bridge on Monad” and added: “All cross-chain transactions remain suspended while the investigation is underway.” Curvance said it detected an anomaly in the Echo eBTC market, paused that market and found no indication that Curvance’s own smart contracts were compromised. Reporting on the incident also said Monad itself was not compromised. The newer EVM-compatible layer-1 blockchain continued operating normally, according to comments attributed to Monad co-founder Keone Hon.

The distinction matters because this was not a failure of the Monad network itself, but a protocol-level incident affecting Echo’s Monad deployment. Echo Protocol issues eBTC as a token designed to track bitcoin’s value and be used across DeFi applications. When a token like that is accepted as collateral in lending markets, risk can spread beyond the issuer if unbacked tokens are deposited and used to borrow other assets. That is why Curvance’s market pause was a key part of the immediate response.

For now, the known facts are narrower than the headline number might suggest: 1,000 eBTC were minted without authorization, creating about $76 million to $77 million in nominal value, but on-chain tracking indicates only a fraction of that appears to have been converted into other assets so far. At the time of writing, Echo had not released a full forensic explanation of how the unauthorized mint occurred or how it planned to address the remaining unbacked eBTC.