Bitcoin-focused DeFi project Echo Protocol faced a major security breach. The attack came after a series of exploits that have hit the DeFi market in recent weeks. Initial details began spreading after the incident was reported on X by an account known in the crypto community as DCF GOD.
According to security teams examining on-chain data, the attacker minted 1,000 eBTC worth around $76.7 million on the Monad network. While this eBTC supply was reportedly not backed by real collateral, the exact technical vulnerability behind the attack has not yet been identified. Experts are evaluating whether the incident may have stemmed from a private key compromise, a deployment error, or a smart contract-related weakness.
The attacker later used part of these assets as collateral through Curvance. According to shared data, the attacker deposited 45 eBTC, worth roughly $3.45 million, into Curvance and borrowed 11.29 WBTC in return. This amount was valued at around $867,000 at the time of the attack.
The borrowed WBTC was then transferred to the Ethereum network, converted into ETH, and around 385 ETH was reportedly sent to Tornado Cash. Tornado Cash is known as a mixing service used to obscure the trail of funds. For this reason, the transfer was interpreted as an attempt to launder the assets obtained by the attacker.
955 eBTC Still Remains in the Wallet
According to blockchain tracking platform Lookonchain, the attacker still holds around 955 eBTC in their wallet. This amount is said to be worth more than $73 million. OnChain Lens also noted that the attacker still appears to control a significant amount of the minted eBTC.
Following the incident, statements came from both Monad and Curvance. Monad co-founder Keone Hon said the attack did not affect the Monad network itself and that the network continues to operate normally. Hon also stated that security researchers are investigating the incident related to Echo Protocol’s eBTC asset on Monad.
Curvance, meanwhile, said there was no sign that its own smart contracts had been exploited or compromised. The protocol stated that the affected market had been paused as a precaution and that the investigation was continuing alongside ecosystem partners. Curvance also emphasized that, thanks to its fully isolated market architecture, other markets were not affected by the attack.
According to the company’s statement, the incident was limited to the eBTC/WBTC market on Monad. Major DeFi platforms such as Aave, Morpho, Spark, and Fluid were not affected by the attack. While these statements suggest that the risk did not turn into a broader liquidity crisis, market participants remain cautious until the technical details of the incident become clear.
ECHO Price Falls
After news of the attack broke, the ECHO token came under heavy selling pressure. The token fell more than 12% during the day, dropping to around $0.0049. The project team said it was investigating the security incident and had temporarily suspended all cross-chain transactions.
The Echo Protocol attack became the third major security incident in the DeFi market within just a few days. Earlier, more than $10 million was reportedly stolen from THORChain, while the Verus-Ethereum Bridge attack resulted in the loss of around $11.5 million in assets. With these incidents, the number of DeFi security breaches recorded in May rose to 14.
According to DeFiLlama data, the DeFi sector had already faced 13 different attacks this month before the Echo incident. In recent years, lending protocols, cross-chain bridges, and collateral markets have become some of the main targets for attackers. Losses suffered by uninsured lending protocols over the past six years are estimated to have approached $7.7 billion.
In April, the DeFi ecosystem also saw more than $600 million in losses following major attacks involving projects such as Drift and KelpDAO. Nexus Mutual founder Hugh Karp said many of the recent hacks were caused by operational failures, pointing to a serious mismatch between risk management and insurance coverage.
