Echo Protocol: The $77M Admin Key That Minted eBTC

A compromised admin key let an attacker mint 1,000 eBTC worth $77 million on Monad. The hacker borrowed $3.45M in WBTC and laundered $822K through Tornado Cash before Echo burned the rest.

The Monad deployment where 1,000 eBTC were minted out of thin air.

On May 18, 2026, onchain sleuth dcfgod noticed something impossible. Echo Protocol’s Monad deployment had just minted 1,000 eBTC from nowhere. That’s $77 million in synthetic Bitcoin - with no real BTC backing it. Someone had the keys they shouldn’t have.

Echo Protocol is a Bitcoin DeFi platform that gives users liquidity and yield on their BTC holdings through wrapped tokens like eBTC on Monad and aBTC on Aptos. It expanded to multiple chains, promising liquid staking, restaking, and yield aggregation. At Bitcoin’s price of roughly $77,000, each eBTC was supposed to be fully collateralized. The system worked as designed - until it didn’t.

The exploit wasn’t a smart contract bug. Blockchain developer Marioo quickly determined the root cause: a compromised admin private key. The eBTC contract had a single-signature admin role, no timelock, no minting supply cap, and no rate limit. Once the attacker had that key, they granted themselves the DEFAULT_ADMIN_ROLE and MINTER_ROLE, revoked the original admin, and started minting.

They created 1,000 eBTC worth $76.7 million. Then they tested the waters. Using the freshly minted collateral, they deposited 45 eBTC ($3.45 million) into Curvance, a DeFi money market. Against that, they borrowed 11.3 wrapped Bitcoin (WBTC) worth about $868,000. They bridged the WBTC to Ethereum, swapped it for ETH, and sent 384 ETH - roughly $822,000 - into Tornado Cash, the sanctioned crypto mixer. The remaining 955 eBTC sat untouched in their wallet.

PeckShield and Lookonchain flagged the attack on Tuesday, May 19. Echo Protocol confirmed the breach, saying a compromised admin key on the Monad deployment was responsible. “The Monad network itself was not impacted and continues to operate normally,” Monad co-founder Keone Hon clarified. Echo quickly regained control of its admin keys and burned the 955 eBTC still in the attacker’s possession, erasing $73 million in unauthorized tokens. They paused cross-chain functionality on Monad, upgraded the relevant contract to tighten sensitive functions, and halted Aptos bridge operations as a precaution despite no confirmed loss there.

The aftermath exposed familiar weaknesses. “We’re likely to see a resurgence of ‘Web2.5’ style attacks targeting centralized key management,” said Misha Putiatin, co-founder of Symbiotic and security firm Statemind. Protocols that depend on off-chain infrastructure invite social engineering and infrastructure attacks, he said. The Echo eBTC exploit added to a brutal 2026 for DeFi security: Drift Protocol had lost $285 million months earlier, Kelp DAO bled $292 million, and dozens of other projects shuttered after breaches.

For all the chaos, the hacker only walked away with about $822,000 in clean ETH. The real damage was to trust - yet another protocol where a single admin key became a single point of failure. The eBTC contract worked exactly as designed. That was the problem.

The code was flawless. The key was not. And in DeFi, that distinction keeps costing millions.