%20Incident%20.jpg)
On 18 May 2026, an attacker obtained the private key of an Echo Protocol administrator account on the Monad network. Using that access, they granted themselves minting rights and issued 1,000 eBTC — nominally valued at approximately $76.7M — without depositing any backing collateral. By depositing 45 of those tokens into the Curvance lending protocol, the attacker borrowed ~11.29 WBTC in real, liquid assets (~$867K) before the protocol could respond. The WBTC was subsequently bridged to Ethereum, swapped into ETH, and routed through Tornado Cash. Echo Protocol has since revoked admin rights on the compromised address and burned the remaining unbacked tokens.
Key headline figures: 1,000 eBTC minted fraudulently at a notional value of ~$76.7M; ~$867K in real assets extracted as ~11.29 WBTC via Curvance; ~384 ETH confirmed into Tornado Cash on 19 May 2026.
Key finding for financial institution clients: This exploit did not involve a smart contract bug. The vulnerability was entirely operational — a single administrator EOA with uncapped minting authority and no multi-signature safeguard. Any wallet or protocol that accepted eBTC as collateral, payment, or asset backing during 18–19 May was potentially exposed.
Containment status as of 22 May 2026: Echo Protocol has revoked admin privileges on the compromised address and burned the 955 remaining unbacked eBTC that were never deposited into Curvance. The ~$867K in real assets (WBTC → ETH) has been moved through Tornado Cash and is at present unrecovered. Law enforcement referral status is unconfirmed at time of writing.
Phase 1 — Admin Private Key Compromised (18 May 2026, pre-exploit)
The attacker obtained the private key of an Echo Protocol administrator EOA. The method of compromise — phishing, exposed deployment environment, or insider access — has not been publicly confirmed. The key controlled wallet-level authority to assign minting permissions within Echo Protocol's access control system.
Phase 2
— Minting Rights Self-Granted (18 May 2026, step 1)
Using the stolen key, the attacker called Echo Protocol's access control functions to designate their own wallet as an authorized minter. From the smart contract's perspective, this was a valid operation executed by a valid admin — because the cryptographic signature was genuine. No contract logic was violated.
— 1,000 eBTC Minted Without Collateral (18 May 2026, step 2)
The attacker minted 1,000 eBTC to their own address — structurally identical to legitimately issued tokens but entirely unbacked. Nominal value at time of mint: approximately ~$76.7M. No Bitcoin or other collateral was deposited.
Phase 3
— 45 eBTC Deposited into Curvance (18 May 2026, step 3)
Rather than depositing all 1,000 eBTC at once — which would have caused severe slippage and likely triggered risk flags — the attacker began with 45 eBTC (~$3.45M in oracle-evaluated collateral). This smaller position allowed them to probe the lending market's response and avoid exhausting available liquidity.
— 11.29 WBTC Borrowed, ~$867K (18 May 2026, step 4)
Curvance's price oracle evaluated the 45 eBTC deposit as ~$3.45M in valid collateral — it had no mechanism to distinguish legitimately-issued eBTC from unbacked tokens. Against that evaluated collateral, Curvance authorized a loan of ~11.29 WBTC: real, liquid, wrapped Bitcoin. The attacker withdrew immediately.
Phase 4
— Bridge to Ethereum and Swap to ETH (18 May 2026, step 5)
The WBTC was bridged off Monad to Ethereum (~215 ETH received; ~360K USDC also transacted via DeFi swap on 18 May). The WBTC was swapped for ETH, converting into the native Ethereum asset and removing one layer of token-specific traceability. The exploiter wallet consolidated ~385 ETH on 19 May.
— 384 ETH Routed Through Tornado Cash (19 May 2026, step 6)
The ETH was sent to Tornado Cash, breaking the on-chain link between deposit and withdrawal addresses by pooling funds from many users. ~384 ETH was confirmed entering Tornado Cash on 19 May 2026. At time of writing, the post-withdrawal destination of those funds is unattributed.
Remediation — Admin Rights Revoked, Remaining Tokens Burned (post 19 May 2026)
Echo Protocol revoked admin privileges on the compromised address and burned the 955 eBTC that were never deposited — removing the remaining fraudulent supply. The ~$867K in extracted real assets remains unrecovered.
The attacker's path across both networks: Echo eBTC minting contract on Monad issued 1,000 unbacked eBTC to the attacker wallet. 45 eBTC were deposited into Curvance as collateral. Curvance returned ~11 WBTC (~$867K) as a loan against that collateral. The WBTC was bridged to Ethereum and swapped — producing ~215 ETH and ~360K USDC via DeFi swap, with an additional ~169 ETH from a second swap leg. The exploiter consolidated ~385 ETH on 19 May before sending 384 ETH into Tornado Cash. Post-mix destination is unknown. The 955 eBTC never deposited into Curvance were subsequently burned by Echo Protocol.
The playbook itself is the bigger concern — and it's not new. Minting unbacked tokens, using them as collateral to borrow real assets, and exiting in minutes is a well-worn pattern that continues to catch protocols off guard. The earliest signal is unusual collateral deposits shortly after a new token is issued — by the time the borrow and bridge happen, it's already too late.
eBTC: Echo Protocol's synthetic Bitcoin token on the Monad network, normally backed 1:1 by BTC collateral.
Curvance: Decentralized lending protocol that accepted eBTC as collateral and authorized a WBTC loan against oracle-evaluated collateral value.
Tornado Cash: Ethereum-based privacy mixer, previously OFAC-sanctioned, that breaks on-chain transaction linkage by pooling and redistributing funds.
EOA (Externally Owned Account): A standard private-key-controlled EVM wallet, as opposed to a smart contract account.
Oracle: External price feed read by a lending protocol to determine asset value for collateral and borrowing calculations.
Multi-sig: A smart contract wallet requiring M-of-N private key signatures before executing a transaction, preventing single-key compromise.
