Monad’s Echo Protocol Drained for $76M in eBTC Minting Exploit

Crypto just recorded its third major hack in four days. Echo Protocol on the Monad blockchain suffered a critical security breach on May 19, 2026. After an attacker compromised the eBTC contract’s admin private key. 

😨又来？Echo Protocol 被黑：私钥裸奔，7600万美元凭空铸出

Echo Protocol 在 Monad 链上遭到攻击，eBTC 合约管理员私钥被盗，黑客借此授权自己无限铸币权限。

黑客在 Monad 上铸造了 1000 枚 eBTC（约 7664 万美元），将其中 45 枚存入 Curvance 作为抵押，借出 11.3 枚 WBTC（约 86.7… https://t.co/pUKPYxcvTq pic.twitter.com/68PpV2x2Qi

— PANews丨APP全面升级 (@PANews) May 19, 2026

Using that access, the hacker minted 1,000 eBTC worth approximately $76.64 million from thin air. The incident follows the $10.7 million THORChain exploit on May 15 and the $11.5 million Verus-Ethereum Bridge drain on May 18. Crypto news today is delivering a grim pattern, and Echo Protocol is its latest victim.

How the Attack Unfolded

The root cause was devastatingly simple. The eBTC contract’s admin role was controlled by a single private key with no multisig protection and no timelock in place. Once the attacker compromised that key, everything followed quickly.

The attacker first gained the DEFAULT_ADMIN_ROLE. They then revoked the original admin and granted themselves MINTER_ROLE. With minting authority secured, they created 1,000 eBTC for negligible gas fees, approximately $0.0003. That is $76.64 million minted for less than a fraction of a cent.

The attacker then moved fast. They deposited 45 eBTC, worth approximately $3.45 million, into Curvance, a lending protocol operating on Monad. Using that collateral, they borrowed 11.3 WBTC worth roughly $867,000. They bridged the WBTC to Ethereum, swapped it for approximately 385 ETH, and deposited those funds into Tornado Cash to launder the proceeds. The attacker still holds 955 eBTC, worth approximately $73.2 million, in their wallet. However, those tokens are unbacked synthetic assets with no real BTC collateral behind them.

Two Protocols Failed Simultaneously

Monad news around this incident clarifies one important point. The Monad chain itself was not compromised. This was an operational failure at the protocol level, not a chain-level vulnerability.

Two security failures converged. First, Echo Protocol’s single-key admin control had no multisig, no timelock, no mint cap, and no rate limits. Second, Curvance accepted the freshly minted synthetic eBTC as collateral without any origin screening or supply verification. That composability gap allowed the attacker to extract real value before anyone could intervene.

Curvance is now left with bad debt from the undercollateralized position. WBTC liquidity providers bear the primary financial loss from the borrowed funds. Echo Protocol confirmed the incident publicly and suspended all cross-chain transactions while the investigation continues.

What This Means for Investors and Developers

For investors, three exploits totaling over $98 million in four days demand attention. The DeFi security environment in May 2026 is acutely dangerous. Each attack exposed a different vulnerability. A TSS implementation flaw at THORChain, a source-amount validation gap at Verus, and a single-key admin compromise at Echo Protocol.

For developers, the Echo Protocol hack delivers three non-negotiable lessons. Admin roles on mintable assets must require multisig. Timelocks must protect critical privileged functions. Lending protocols must screen collateral origins and verify supply integrity before accepting synthetic assets.

Tornado Cash news around this incident adds a familiar dimension. The laundering tool continues serving as the exit route of choice for DeFi attackers despite ongoing regulatory pressure. The industry has the technical knowledge to prevent every one of these attacks. The question is whether protocols will implement it before the next exploit hits.