Echo Protocol — Admin Key Compromise / eBTC Unauthorized Mint — May 18, 2026

Attacker: Attacker address not disclosed; 384 ETH (~$821K-822K) routed through Tornado Cash

Funds moved to: 1,000 eBTC unauthorized mint (~$76.7M notional); 45 eBTC deposited on Curvance as collateral; borrowed 11.29 WBTC (~$867K); bridged to Ethereum; swapped to ETH; 384 ETH (~$821K) deposited to Tornado Cash. Remaining 955 eBTC burned by Echo after key rotation.

Echo regained control of the admin key and burned the remaining 955 eBTC. Curvance paused the isolated eBTC market. Monad network and other Curvance markets unaffected.

Timeline: On 18 May 2026, an attacker compromised Echo Protocol's administrative key on Monad (access control issue, not smart contract flaw). They minted 1,000 unbacked eBTC (~$76.7M notional). Deposit of 45 eBTC ($3.45M) on Curvance, borrowing 11.29 WBTC, bridge to Ethereum, swap to ETH. Around 22:00 UTC, Curvance detected the anomaly and paused the Echo eBTC market. dcfgod (X) publicly flagged the exploit. 384 ETH (~$821K) routed via Tornado Cash. Echo suspended all cross-chain transactions. Keone Hon (Monad co-founder) confirmed 'Monad network not affected', ~$816,000 actually extracted. On 19 May 2026, Echo confirmed the admin key compromise, regained control and burned the remaining 955 eBTC. Curvance isolated markets architecture confirmed no smart contract compromised. Recurring 2026 pattern: admin key compromise on multi-chain deployments, exploitation via isolated lending markets.