Echo Protocol Hacked on Monad: 1,000 eBTC ($76M) Minted - News 2026

— By Whatsertrade in news

Echo Protocol Hacked on Monad: 1,000 eBTC ($76M) Minted - News 2026

Echo Protocol on Monad was exploited via apparent infinite-mint vulnerability. Attacker minted 1,000 eBTC ($76.7M notional), deposited 45 eBTC into Curvance, borrowed ~11.29 WBTC ($867.7K). First major DeFi exploit on Monad mainnet, confirmed by PeckShield.

Echo Protocol, a Bitcoin-aligned liquid restaking and yield protocol deployed on Monad, has been hit by what appears to be an infinite-mint exploit that produced 1,000 eBTC out of thin air, a notional valuation of approximately $76.7 million at the time of the incident. The breach was first publicly flagged by PeckShield and represents the first major DeFi exploit recorded on Monad mainnet since its launch.

The attacker did not stop at minting. According to PeckShield's on-chain trace, the exploiter deposited 45 of the freshly minted eBTC into Curvance as collateral and borrowed approximately 11.29 WBTC (around $867,700) against it. That borrowed WBTC is the only piece of the loss that translates directly into externally realized value, though the existence of 1,000 phantom eBTC in circulation has serious knock-on consequences for any market or protocol that accepted eBTC at face value.

Quick take: Attacker minted 1,000 eBTC ($76.7M notional) on Echo Protocol (Monad), deposited 45 eBTC into Curvance, borrowed ~11.29 WBTC ($867.7K). First major DeFi exploit on Monad mainnet. Vulnerability pattern: infinite mint via flawed collateral or minting logic. Confirmed by PeckShield.

What happened: timeline of the Echo Protocol exploit

  • Initial mint: The attacker executed a transaction or sequence of transactions that resulted in the minting of 1,000 eBTC without depositing the corresponding underlying BTC collateral.
  • Curvance deposit: 45 eBTC of the minted supply was transferred to Curvance, where it was used as collateral against a borrow position.
  • WBTC borrow: The attacker drew approximately 11.29 WBTC, worth around $867,700 at the time of the exploit, from the Curvance market.
  • PeckShield alert: The exploit was flagged publicly on Twitter, prompting Echo Protocol and Curvance to respond and assess the blast radius.

The notional value of the minted supply is the most arresting figure, but it is also misleading if read in isolation. eBTC has a finite real-world liquidity profile, and 1,000 freshly minted tokens cannot be exited at the listed mark price. The amount actually monetized so far is the WBTC borrowed against the deposited collateral.

Technical details: the infinite-mint pattern

Infinite-mint exploits typically arise from one of three common bug classes in collateralized token systems:

  1. Missing or incorrect collateral checks: The mint function fails to verify that the corresponding underlying asset has actually been deposited.
  2. Decimal or unit confusion: A scaling mismatch allows a small deposit to mint a much larger amount.
  3. Reentrancy or state-update ordering: The internal accounting updates after, rather than before, an external call, allowing recursive minting.

Without a full post-mortem from Echo Protocol, the precise class of bug cannot be confirmed publicly. PeckShield's initial trace points to a flaw in the mint logic itself rather than in the bridging or wrapping layer, which would narrow the search to the eBTC issuance contract.

Confirmed exploit metrics
  • Minted out of thin air: 1,000 eBTC
  • Notional value: ~$76.7M at incident time
  • Deposited to Curvance: 45 eBTC
  • Borrowed WBTC: ~11.29 WBTC (~$867.7K)
  • Chain: Monad mainnet
  • Source: PeckShield on-chain alert

The first major Monad mainnet exploit

Monad launched its mainnet earlier in 2026 with a heavy focus on high-throughput EVM execution and significant marketing momentum across the DeFi ecosystem. The chain attracted a wave of native deployments and forks of established Ethereum protocols, with several teams launching new derivatives or restaking primitives optimized for Monad's execution model.

The Echo Protocol exploit is significant because it is the first major loss event on a Monad-native protocol since the chain went live. Newly launched chains often go through an early phase where audited Ethereum-native code is ported or adapted, and the adaptation process introduces subtle changes that can defeat the original audit assumptions. Monad's specific execution semantics, parallel execution model, and any differences in fee or gas accounting all create surface area for new bug classes.

Why Curvance matters in this incident

Curvance is a lending market that accepted eBTC as collateral. From Curvance's perspective, the deposited tokens were valid eBTC by every on-chain metric available: they conformed to the eBTC contract, they were transferrable, and they reported the correct balance. Curvance's risk parameters then allowed the attacker to draw WBTC against them.

This is the standard composability risk pattern in DeFi. A bug in the issuance contract of any wrapped or synthetic asset can cascade into every lending market, DEX, and structured product that accepts that asset at face value. Curvance is not a separate security failure here, but a downstream venue that materialized the exploiter's economic gain.

Sources and verification

  • PeckShield: Initial public alert via @peckshield with on-chain transaction references.
  • Echo Protocol: Project communications via @EchoProtocol_.
  • Curvance: Affected downstream lending venue, public communications expected to follow.
  • Monad explorer: All exploit transactions are visible on the Monad mainnet block explorer.

Market impact and broader context

The immediate market impact is concentrated in three vectors: Echo Protocol's own native token and TVL, Curvance's BTC market parameters, and the broader perception of risk on Monad mainnet. Each will require independent assessment over the coming days.

For Echo Protocol, the path back to user trust requires a published postmortem, identification of the specific bug class, redeployment of the affected contracts under fresh audits, and likely some form of compensation plan for affected users if any holders of legitimate eBTC face value impairment. The phantom 1,000 eBTC in circulation has to be reconciled, typically through either a contract migration or an explicit burn coordinated with all affected venues.

For Monad as a chain, the exploit is a stress test of the ecosystem's incident-response coordination. Chains earn long-term DeFi trust through how they handle the first major incident, not through marketing in the absence of incidents. Speed and transparency of communication from Echo Protocol, Curvance, and Monad core teams will set the tone for how institutional capital allocates to Monad-native protocols over the next quarter.

Risk implications for users

Risk note: Any user holding eBTC, providing liquidity in eBTC pairs, or exposed to eBTC through structured products on Monad should treat the asset as compromised until Echo Protocol publishes a confirmed remediation plan. The phantom supply means the on-chain accounting is no longer trustworthy.

Concrete steps for affected users:

  • Withdraw from eBTC pools: Liquidity providers in eBTC pairs face IL risk as the market repricing unfolds.
  • Avoid accepting eBTC as collateral: Any borrowing or lending protocol still accepting eBTC has undefined exposure until the supply is reconciled.
  • Wait for postmortem: Do not redeploy capital into Echo Protocol until the team publishes root-cause analysis and audited remediation.
  • Reassess Monad-native exposure: Review whether other Monad-native protocols share code patterns or libraries with Echo Protocol's compromised contracts.

Where to track Echo Protocol and Monad activity

For live on-chain pair data and security scanning across Monad and other supported networks, DEXTools provides standard tooling. Monitoring eBTC pair liquidity and trading volume in the hours and days following the exploit gives a direct read on how the market is pricing the phantom supply.

For protocol-level updates, watch the official Twitter accounts of Echo Protocol and Curvance, as well as PeckShield's ongoing reporting on any new attacker activity or fund movement.

What the Monad ecosystem needs to do next

This is a coordination moment for Monad as a chain ecosystem, not just a single-protocol incident. Several specific responses will determine whether the Echo Protocol exploit becomes a one-off or the start of a pattern:

  • Cross-protocol audit sweep: Other Monad-native protocols that share code patterns, libraries, or auditors with Echo Protocol should accelerate independent review of their issuance and collateral logic.
  • Oracle and price feed review: Any lending market on Monad accepting eBTC or similar wrapped assets needs to confirm its price-feed configuration cannot be manipulated by a phantom supply event.
  • Bug bounty expansion: Monad-native protocols with material TVL should publish or expand bug bounties at meaningful sizing to reduce the asymmetric incentive that favors blackhat over whitehat disclosure.
  • Public incident communication: Monad's core teams and ecosystem coordinators should publish a coordinated postmortem that addresses not just Echo Protocol but the broader implications for the chain's DeFi stack.

The first major exploit on any chain shapes how institutional capital evaluates that chain for the following year. Monad's positioning as a high-performance EVM chain is technically sound, but technical performance alone does not translate into trusted DeFi infrastructure. Trust is earned through how the ecosystem handles incidents, not through their absence.

The composability premium and its risk

Echo Protocol's exploit illustrates a structural feature of modern DeFi that often goes underappreciated until something breaks. The economic value of a wrapped or synthetic asset is multiplicative: a single token can flow simultaneously through lending markets, DEX pools, derivative platforms, and structured products, each of which extends additional credit or liquidity against it. This is the composability premium that makes DeFi capital-efficient.

The flip side is that the risk is multiplicative too. A bug in any single issuance contract cascades into every downstream venue that accepts the asset at face value. Curvance was not at fault in this incident, but Curvance materialized the attacker's economic gain because it had no way to distinguish legitimate eBTC from phantom eBTC. As eBTC and similar assets accumulate more integrations over time, the blast radius of any future issuance bug grows proportionally.

The structural lesson is that wrapped-asset issuers carry a level of systemic responsibility that is often not reflected in their security budgets. Echo Protocol's eventual remediation will need to address not just the immediate bug but also the broader question of how confidence in eBTC's 1:1 backing can be re-established for every downstream venue.

Frequently asked questions

What happened to Echo Protocol?

Echo Protocol on Monad was exploited via an apparent infinite-mint bug, allowing an attacker to mint 1,000 eBTC ($76.7M notional) without depositing the corresponding underlying collateral.

How much real value was extracted?

The attacker deposited 45 of the minted eBTC into Curvance as collateral and borrowed approximately 11.29 WBTC, worth around $867,700 at the time of the exploit. That is the realized loss in externally tradable value.

Is this the first major hack on Monad?

Yes. This is the first major DeFi exploit reported on Monad mainnet since the chain launched.

Who confirmed the exploit?

PeckShield publicly flagged the exploit via on-chain monitoring and posted the initial details on Twitter. Echo Protocol's own communications and downstream venue Curvance are expected to follow.

What should eBTC holders do?

Treat eBTC as compromised until Echo Protocol publishes a confirmed postmortem and remediation plan. Withdraw from eBTC pools, avoid using it as collateral, and do not redeploy capital into Echo Protocol until the affected contracts are audited and redeployed.