In the complex world of decentralized finance, the most sophisticated systems can be undone by the simplest of breaches. Echo Protocol, a Bitcoin DeFi platform known for its innovations in liquidity aggregation and yield generation, faced such a reality when an attacker exploited its admin key.

On the Monad blockchain, the attacker minted 1,000 unauthorized synthetic Bitcoin (eBTC), valued at about $76.7 million. This act of unauthorized minting was a major blow to the Echo Protocol, which is deployed on Monad, a high-performance, layer-1, EVM-compatible blockchain. According to Cointelegraph, the security incident has resulted in the suspension of all cross-chain transactions while Echo Protocol investigates.

But what makes this breach particularly concerning isn't just the financial scale. The root cause wasn't a flaw in smart contract coding; it was operational oversight. Blockchain developer "Marioo" pointed out that the vulnerabilities included the lack of a minting supply cap, a single signature for the admin role, and no timelock — essentially, a door left wide open. These operational vulnerabilities highlight the importance of robust administrative controls in decentralized systems.

The attacker didn't waste time. Cointelegraph reported they deposited 45 eBTC into Curvance, a DeFi lending and liquidity protocol, borrowing 11.3 wrapped Bitcoin (wBTC) and eventually converting it to Ethereum, with 384 ETH sent to Tornado Cash. Yet, most of the loot remains untouched. DeBank noted the hacker still holds 955 eBTC, around $73 million.

More from Coin Times

CRYPTO

DeFi Chaos — AI Exploits Shatter $20 Billion in Value

DeFi loses over $20B as AI-driven exploits expose vulnerabilities.

The incident is part of a larger trend of increasing DeFi protocol breaches. In a month fraught with DeFi security breaches, Echo Protocol's situation is just one of 12 reported exploits. This includes significant losses from Drift Protocol's $285 million loss to Kelp DAO's $292 million hack, marking 2026 as a particularly challenging year for DeFi security.

Curvance and Monad co-founder Keone Hon both emphasized their systems remain uncompromised, with Monad network operations continuing normally. Curvance confirmed that there was no compromise with its own smart contracts, although it did pause the affected market for investigation. Meanwhile, Monad's network operations remain unaffected, as clarified by co-founder Keone Hon.

Amidst these exploits, the DeFi community is left grappling with the question of security. The repeated breaches underscore the need for improved operational defenses. The importance of implementing security measures such as minting supply caps, multiple signatures for admin roles, and timelocks cannot be overstated. These measures could potentially prevent unauthorized access and reduce the risk of future exploits.

Echo Protocol stated that it would provide updates through its official channels as more information becomes available. The case of Echo Protocol serves as a stark reminder of the vulnerabilities in decentralized finance systems, where a single point of failure can lead to significant financial losses. As the investigation unfolds, the DeFi community is watching closely to see how Echo Protocol will address these vulnerabilities and what steps will be taken to prevent similar incidents in the future.