Echo Protocol confirmed on X on May 19 that it is investigating the security incident affecting the Echo bridge on the Monad chain, and that all cross-chain transactions are suspended during the investigation. According to PeckShieldAlert’s on-chain monitoring, after the attacker obtained the Admin private key, they minted 1,000 eBTC. SlowMist founder Yu Xuan said on X that the root cause of this incident is likely that the Admin single-point private key was compromised.
Official statement confirmed by Echo Protocol
In its X post, Echo Protocol said: “We are currently investigating the security incident impacting the Echo bridge on Monad. During the investigation, all cross-chain transactions will remain paused. We will publish the latest updates in a timely manner through official channels.” As of the time of reporting, Echo Protocol has not yet released the investigation results or confirmed the total amount of attack losses.
PeckShieldAlert confirms the attack steps
Based on the complete attack flow confirmed by PeckShieldAlert’s on-chain monitoring:
· Obtain the Admin private key, directly trigger the minting function, and mint 1,000 eBTC (about $76.7 million)
· Deposit 45 eBTC (about $3.45 million) into Curvance as collateral
· Borrow approximately 11.29 WBTC (about $868k)
· Bridge the WBTC cross-chain to the Ethereum mainnet
· Swap the WBTC for ETH on Ethereum
· Send approximately 384 ETH (about $820k) to the Tornado Cash crypto mixer
PeckShieldAlert noted that the attack flow shows signs of having been “tested in advance,” indicating that the attacker had fully rehearsed the capital escape route before launching the operation.
Yu Xuan’s confirmation: technical root-cause analysis
SlowMist founder Yu Xuan said on X that the root cause of this incident is likely the compromise of the Admin single-point private key, rather than a code vulnerability in the smart contract itself. He also pointed out that if minting permissions are controlled by a single private key, once that private key is leaked, the attacker effectively gains unlimited minting power, making the entire collateral mechanism effectively meaningless.
FAQ
Why can Echo Protocol’s eBTC be “minted out of thin air”?
According to PeckShieldAlert’s analysis, eBTC is Echo Protocol’s BTC-pegged token, and its minting permissions are controlled by the Admin private key. After the attacker obtains the private key, they can directly trigger the minting function to mint large amounts of eBTC without any actual collateral, bypassing the system’s original collateral mechanism.
How much money did the attacker ultimately extract from this incident?
According to PeckShieldAlert’s on-chain tracking, the attacker ultimately sent approximately 384 ETH (about $820k) to the Tornado Cash crypto mixer. While the total value of the initially minted eBTC was about $76.7 million, the actual extracted liquid assets were obtained via Curvance lending and ultimately converted into about $820k worth of ETH.
When will Echo Protocol’s cross-chain service resume?
According to Echo Protocol’s official statement on May 19, 2026, all cross-chain transactions were suspended during the investigation, and the official said it would release the latest updates in a timely manner through official channels. As of the time of reporting, the official has not yet published a specific schedule for restoring the service.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the
Disclaimer.
