The decentralized finance (DeFi) ecosystem on the Monad blockchain has experienced a significant security breach involving Echo Protocol. On May 18, 2026, on-chain monitoring services, including Onchain Lens, reported that an attacker successfully exploited the protocol to mint 1,000 eBTC, valued at approximately $66.7 million. The perpetrator utilized a previously tested attack vector to drain funds through the Curvance platform, marking one of the most substantial security incidents on the Monad network to date.
Mechanism of the Echo Protocol Exploit
Analysis of the transaction history indicates that the attacker bypassed standard minting restrictions to generate 1,000 units of eBTC without providing the required underlying collateral. Following the unauthorized minting, the actor moved to liquidate the assets through Curvance, a cross-chain liquidity protocol. The sequence of the attack suggests a high degree of preparation, as the vulnerabilities appear to have been probed prior to the main execution.
- The attacker deposited 45 eBTC (worth roughly $3.45 million) into Curvance as collateral.
- Using this collateral, the actor borrowed 11.29 WBTC, valued at approximately $833,700.
- The borrowed assets were bridged from Monad to the Ethereum mainnet for further obfuscation.
Laundering via Tornado Cash and Asset Tracking
Upon reaching the Ethereum network, the attacker converted the stolen assets into ETH. Blockchain forensics show that 385 ETH, equivalent to nearly $1.27 million, was subsequently sent to Tornado Cash, a decentralized privacy protocol used to break the on-chain link between the source and destination of funds. Tornado Cash is frequently utilized by malicious actors to anonymize stolen cryptocurrency assets before withdrawal.
Despite the successful laundering of a portion of the funds, the attacker still maintains control over a significant majority of the illicitly minted eBTC. Security researchers are currently monitoring the associated wallets to identify potential movement of the remaining 955 eBTC.
The Echo Protocol exploit highlights the persistent risks associated with new liquidity bridges and synthetic asset protocols on emerging chains like Monad. As the investigation continues, users are advised to exercise caution when interacting with affected smart contracts. The incident underscores the necessity for rigorous security audits and the implementation of real-time monitoring tools to mitigate the impact of sophisticated attack vectors in the rapidly evolving DeFi landscape.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.