A Bitcoin-focused DeFi project, Echo Protocol, suffered a security breach on Monday after an attacker minted unbacked tokens and extracted real value through a lending market. The incident adds to a growing list of DeFi exploits this month and raises renewed concerns about access control design in newly deployed ecosystems.

The exploit first surfaced at around 5:55 p.m. ET after pseudonymous X user DCF GOD flagged suspicious mint activity. Several onchain tracking accounts followed with transaction analysis that outlined how the attacker created and leveraged fake assets.

Unauthorized mint creates $77 million in fake supply

Onchain Lens data shows that the attacker minted 1,000 eBTC on the Monad network. At Bitcoin prices near $77,000 at the time, the unauthorized mint represented roughly $77 million in synthetic value. The token, eBTC, serves as Echo Protocol’s wrapped Bitcoin asset designed for use in lending and liquidity strategies.

The exploit did not rely on complex market manipulation. The attacker obtained elevated permissions on the token contract. They granted themselves admin rights, assigned minting privileges, and then issued the tokens directly to their wallet. The role escalation sequence completed within a short set of transactions.

The exact method used to gain the initial admin role remains unclear. Echo Protocol later confirmed that the incident originated from a compromised admin key tied to its Monad deployment.

Lending markets used for extraction

The attacker avoided direct selling due to limited liquidity. Instead, they used a lending route to extract real assets. According to Onchain Lens, about 45 eBTC was deposited into Curvance as collateral. This allowed the attacker to borrow approximately 11.29 WBTC, valued near $867,700 at the time.

The borrowed funds moved off-chain infrastructure soon after. The attacker bridged the WBTC to Ethereum, converted it into ETH, and transferred 385 ETH to Tornado Cash. This step obscured the transaction trail and reduced recovery chances.

Blockchain tracker Lookonchain reported that the attacker retained 955 eBTC in their wallet, worth over $73 million at peak valuation. The funds remained largely idle due to insufficient liquidity across Monad’s lending pools and decentralized exchanges.

Nick Sawinyh, founder of DefiPrime, described the situation in a post:

"The other 99% of the fake supply is parked on the attacker's wallet, because Monad's lending and DEX depth can't absorb more."

Protocol responses and containment

Monad and Curvance acknowledged the incident shortly after detection. Monad co-founder Keone Hon stated that the network itself was not affected. He confirmed that security researchers had identified approximately $816,000 in realized losses tied to the exploit.

Curvance emphasized that its smart contracts operated as intended. The platform highlighted its isolated market structure, which prevented contagion across other lending pools. The team paused the affected eBTC market as a precaution.

Curvance stated:

"Due to Curvance’s fully isolated market architecture, no other markets are impacted. Out of an abundance of caution, the affected market has been paused while our team actively investigates the situation alongside ecosystem partners."

Echo Protocol later announced that it had regained control of the compromised admin keys. The team burned the remaining 955 eBTC still held by the attacker. It also suspended cross-chain functionality linked to Monad and paused bridge operations with Aptos.

The project added that there is no evidence of compromise on its Aptos deployment.

Part of a broader pattern in DeFi exploits

The Echo incident follows at least 13 DeFi-related breaches recorded this month, according to DefiLlama. A recent example includes a $11.6 million exploit targeting the Verus Ethereum bridge on May 17.

This attack shares structural similarities with previous incidents. Unauthorized minting tied to privileged roles has appeared in other exploits this year. The pattern shows that a single point of control can compromise an entire asset system when safeguards such as multisignature controls or timelocks are absent.

The financial damage in this case remains limited compared to earlier exploits. Liquidity constraints on Monad reduced the attacker’s ability to convert fake assets into real value at scale. However, the design weakness mirrors larger incidents across more mature ecosystems.

Market reaction and next steps

The exploit triggered a sharp reaction in Echo’s native token. According to CoinGecko data, ECHO fell more than 12% following the news and traded near $0.0049 at the time of reporting.

Outstanding questions remain. Echo Protocol has yet to provide a full breakdown of how the admin key was compromised. Curvance must determine how to address the resulting bad debt within its eBTC market.

The attacker’s wallet continues to be monitored. Any movement of funds could offer further insight into recovery options or additional risks.

The incident highlights a recurring issue in DeFi infrastructure. Systems that rely on privileged roles without layered protections face elevated risk. Newer ecosystems, where contracts launch without hardened operational controls, remain particularly exposed.

DeFi App Legend to Shut Down after Two Years | HODL FM NEWS
DeFi app Legend will shut down after failing to scale despite funding and user traction, as sector pressures and shifting user demand reshape crypto platforms.
hodl-post-imageHODL FM News: The Wildest Ride in the Crypto MarketKristian Koch
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.