BTCFi protocol Echo exploited, targeting eBTC market on Monad: onchain analysts

Quick Take
- BTCFi protocol Echo was exploited, with the attacker minting 1,000 eBTC on Monad and using it as collateral to borrow WBTC.
- The WBTC was then bridged to Ethereum, swapped to ETH, and sent to crypto mixer Tornado Cash.
We'd love your feedback.
Bitcoin-focused DeFi protocol Echo suffered an exploit on Monday, marking the latest in a wave of DeFi attacks this year. The root cause of the exploit has yet to be identified.
The exploit was first flagged by pseudonymous crypto influencer DCF GOD on X at around 5:55 p.m. on Monday, ET. Other onchain analytics accounts on the social media platform have relayed the findings with additional details.
According to Onchain Lens, the attacker minted 1,000 eBTC — Echo Protocol's bitcoin liquidity token issued on Monad — and deposited 45 eBTC to DeFi lending protocol Curvance as collateral to borrow around 11.29 WBTC, worth roughly $867,700 at the time.
The exploiter then bridged the WBTC to Ethereum and swapped the tokens into ETH (ETH). The 385 ETH was moved to the crypto mixer Tornado Cash.
The attacker still holds 955 eBTC, worth $73,2 million, according to Lookonchain. "The other 99% of the fake supply is parked on the attacker's wallet, because Monad's lending and DEX depth can't absorb more," DefiPrime Founder Nick Sawinyh wrote in a post.
Monad and Curvance have since acknowledged the exploit. Monad Co-founder Keone Hon said its security researchers are currently investigating the incident and assured that the network itself is not affected.
"Security researchers in their review have determined that ~$816,000 appears to have been stolen as a result of this exploit of [Echo Protocol's] eBTC," Hon added in a follow-up post.
Meanwhile, Curvance wrote that its fully isolated market architecture has shielded other markets from being affected, and that there is no indication of any compromise with its smart contracts. Curvance said that it paused the affected Echo eBTC market out of caution.
At around 2:30 a.m. on Tuesday, ET, Echo announced that the exploit originated from a compromised admin key affecting the Monad deployment. Echo added that it has successfully regained control of the keys and burned the 955 eBTC that the attacker had remained in their possession.
Echo Protocol is a multi-chain BTCFi protocol that launched as a bitcoin liquidity and yield platform with a large presence on Aptos.
In the latest announcement, the protocol also assured that there is no evidence of compromise on Aptos, but said it paused cross-chain functionality for the Monad deployment and Aptos bridge operations out of caution.
Before the Echo exploit, there had already been 13 security breaches on DeFi protocols this month, according to DefiLlama, including the $11.6 million exploit on Verus' Ethereum bridge that occurred on May 17.
This is a developing story.
Story updated with the latest announcement from Echo.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

