Executive summary
On 18 May 2026, Echo Protocol, a restaking and liquid staking project deploying on Monad, was exploited via admin key compromise. An attacker gained control of the management key for Echo's eBTC contract (0xd691b0af…), granted themselves unlimited minting permissions, and minted 1,000 eBTC with a nominal value of approximately $76.7 million.
In practice, the attack converted far less: the attacker used 45 eBTC as collateral on Curvance, extracted 11.29 WBTC, and routed the proceeds to Ethereum before moving them through Tornado Cash. The realised loss was approximately $816,000, orders of magnitude below the minted nominal. Echo regained control of the management key and destroyed the remaining 955 eBTC.
What happened
eBTC is Echo Protocol's bridged/wrapped Bitcoin product deployed on Monad. Like most wrapped asset implementations, its supply is governed by minting permissions, admin-controlled access that determines who can create new units of the token. That access was the target.
The attacker compromised Echo's management private key and used it to grant minting rights to an attacker-controlled address. With those rights in hand, 1,000 eBTC were minted to the attacker in a single transaction.
The attacker then faced a conversion problem: dumping 1,000 eBTC on available liquidity would have collapsed the price to near zero, recovering little. Instead, they used 45 eBTC as collateral on Curvance, borrowed against it, and converted the borrowed position to 11.29 WBTC. The remaining 955 eBTC, with no feasible liquidation path, was left in the attacker wallet.
After Echo's team regained access to the management key, they used the same minting permission system to burn the remaining 955 eBTC, limiting the protocol's long-term insolvency exposure. The 45 eBTC used as Curvance collateral and the 11.29 WBTC extracted represent the confirmed on-chain loss.
The liquidity ceiling as an accidental circuit breaker
One of the more operationally interesting aspects of this incident is why the loss was contained at $816K despite 1,000 eBTC being minted at ~$76.7M nominal. The answer is market microstructure: there was not enough eBTC liquidity on Monad to absorb a full exit. The attacker's own position was limited by the amount of collateral-backed leverage they could extract without destroying the price of the asset they held.
This is not a deliberate safety mechanism, it was an accidental constraint of operating a relatively new wrapped asset on a new chain with shallow liquidity. Protocols should not rely on it. A more established protocol with deeper eBTC markets could have seen dramatically higher losses from the same exploit.
What defenders can learn
Admin key security is protocol security. For any protocol where privileged operations, minting, pausing, upgrading, are controlled by an EOA or a small multisig, the security of those private keys is the binding constraint. If the keys are compromised, the smart contracts are compromised. HSMs, multi-party signing, and key management audits are infrastructure-level requirements, not optional hardening.
Minting permissions should require multiple independent approvals. A design where a single management key can grant unlimited minting access, and that minting access can then be exercised immediately, has no defence-in-depth. Minting privilege grants should require a timelock, a threshold signature, or both. Any mint above a defined size should trigger an automatic pause pending review.
Collateralised lending protocols amplify admin key risks. The Curvance step in this attack was the mechanism that converted minted tokens into real value. If protocols with significant TVL accept newly minted wrapped assets as collateral without circuit breakers on novel or anomalous mint events, they inherit the key risk of every protocol whose tokens they accept. Deposit caps and mint-event monitoring at the collateral acceptance layer are meaningful mitigations.
Rapid response to regain admin access matters. Echo's ability to destroy the remaining 955 eBTC after regaining the management key prevented a larger-scale solvency crisis. Having documented incident response procedures, including how to execute emergency burns or pauses, and practising them reduces the time between detection and containment.
Key details
- Date: 18 May 2026
- Realised loss: ~$816K (45 eBTC → 11.29 WBTC via Curvance)
- Nominal minted: 1,000 eBTC (~$76.7M at time of mint)
- Chain: Monad (with proceeds routed to Ethereum)
- eBTC contract:
0xd691b0af… - Attacker address:
0x6a0109d3… - Mint transaction:
0x2cc97307… - Exit route: Curvance → WBTC → Ethereum → Tornado Cash
- Remaining 955 eBTC: Burned by Echo Protocol after key recovery
Further reading
If your protocol issues wrapped assets, manages admin key infrastructure, or accepts third-party tokens as collateral, the risk surface extends well beyond your smart contracts. Security4Web3 can help you map your key management architecture, model admin key compromise scenarios, and design the access controls and monitoring that make a difference when it matters.