Major Exploit: Echo Protocol Suffers $77 Million Loss in eBTC Hack

In a stunning breach shaking the foundations of decentralized finance, the Echo Protocol has suffered a staggering $77 million loss due to an exploit that involved minting unauthorized synthetic Bitcoin, known as eBTC. The incident highlights an escalating trend in the cryptocurrency sector, with security vulnerabilities leading to significant financial losses and raising urgent questions about the integrity of digital finance.

The attack, reported by blockchain security firms PeckShield and Lookonchain, revealed that an assailant manipulated the protocol's administrative access to mint approximately 1,000 eBTC, valued at around $76.7 million. Approximately 5% of the stolen funds have since been laundered through the notorious Tornado Cash mixing service, while the hacker retains 955 eBTC, equating to over $73 million in current value.

Echo Protocol has halted all cross-chain transactions on its platform, which operates on the Monad blockchain. In a statement released on Tuesday, the organization declared, "We are currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway." The hack marks just the latest in a series of breaches within the decentralized finance environment, which has seen over a dozen protocols compromised this month alone.

Details of the Exploit

According to PeckShield’s findings, the adversary conducted a complex scheme to launder their ill-gotten gains. After minting the eBTC, the hacker deposited 45 eBTC—approximately $3.45 million—into the DeFi lending service Curvance, subsequently borrowing 11.3 wrapped Bitcoin (wBTC) against it and converting the funds into Ethereum, which were then sent to Tornado Cash.

On further investigation, experts clarified that the breach stemmed not from a technical bug, but from a failure to secure the administrative private keys. Blockchain developer “Marioo” emphasized, “The vulnerabilities included a single signature for the admin role, no timelock, no minting supply cap or rate limit, and no ‘supply sanity check’ by Curvance for the freshly minted collateral.” This operational oversight underscores the increasing need for robust security measures within DeFi platforms.

Meanwhile, Curvance issued a statement confirming its smart contracts’ security integrity, claiming the anomaly had been detected solely within the Echo eBTC market. In reaction to the exploit, Curvance paused its market for further investigation, as Echo Protocol continues to provide updates through official channels.

A Vulnerable Landscape

This breach occurs amidst a tumultuous 2026 for decentralized finance, with multiple platforms experiencing similar fates. High-profile exploits include the Drift Protocol's loss of $285 million and Kelp DAO's $292 million compromise, illustrating a growing wave of attacks that have compelled many protocols to shutter their services.

Industry observers are increasingly concerned about the implications of these breaches. The need for stringent security protocols is urgent, as the influx of digital currencies into DeFi continues to attract both investors and malicious actors alike.

As the investigation into Echo Protocol unfolds, the cryptocurrency community watches closely, hoping for strengthened defenses and an end to the troubling trend of exploits that continue to plague this burgeoning sector.

For ongoing updates on the situation, stakeholders are advised to monitor Echo Protocol's official communications.

Source: Cointelegraph

Source: CoinTelegraph DeFi