TLDR:
- Echo Protocol’s admin key was compromised on Monad, leading to $816K in unauthorized eBTC minting losses.
- The team regained admin key control and burned 955 eBTC still held by the attacker after the breach.
- Aptos was not directly compromised, though $71K in exposure was found across lending and liquidity pools.
- Monad and Aptos bridge functions were paused and contracts upgraded to block further unauthorized access.
Echo Protocol confirmed a security breach that led to unauthorized eBTC minting on the Monad network. A compromised admin key was identified as the source of the incident.
The breach resulted in approximately $816,000 in losses on Monad. The team moved quickly to regain control of the admin key and burned 955 eBTC still held by the attacker.
Exposure on Aptos is currently estimated at around $71,000, with no confirmed fund loss on that chain.
Admin Key Compromise Leads to Unauthorized Minting
Echo Protocol identified “unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss.”
The investigation traced the issue to a compromised admin key on the Monad deployment. Based on findings, approximately $816,000 was affected on Monad. The Monad network itself was not affected and continued operating normally.
The team moved quickly once the breach was discovered. In an official update, Echo Protocol confirmed it had “successfully regained control of our admin keys.”
The team also burned the remaining 955 eBTC still in the attacker’s possession. These actions helped stop further unauthorized activity.
During the investigation, the team checked for cross-chain exposure. The protocol stated the incident “appears isolated to Monad,” with no evidence of compromise on Aptos.
It also noted that aBTC on Aptos and eBTC on Monad are “separate, non-bridgeable assets.” This distinction helped contain the breach effectively.
However, some limited exposure on Aptos was still identified. The team noted that exposure is “limited to approximately $71K across Echo lending markets and Hyperion liquidity pools.”
No confirmed loss of funds was observed on Aptos at that time. The team continued its cross-chain review as a precaution.
Bridge Operations Paused as Security Review Continues
Following the breach, Echo Protocol announced it had “paused cross-chain functionality for the Monad deployment.” The team also completed an upgrade of the relevant Monad contracts.
This upgrade was designed to restrict affected operations and strengthen control over sensitive functions. These measures formed part of a broader response effort.
As an added precaution, the Aptos bridge was also taken offline. The team noted that “the Aptos bridge has not been affected” but paused it as a precaution.
Echo Aptos Lending was similarly paused for security. A comprehensive review of related infrastructure is still ongoing.
The team also warned users to stay away from unofficial channels. Echo Protocol stated that users “should not interact with any unofficial links, claim pages, refund forms, or recovery portals.”
The protocol confirmed it “will never request seed phrases, private keys, or direct wallet transfers.” All official updates will come through verified channels only.
A full review of the Monad deployment and bridge infrastructure is now underway. This covers “admin key exposure, contract permissions, cross-chain controls, minting controls, and operational security procedures.”
External security reviewers are coordinating with the team to confirm the full scope. Further updates will be shared as the investigation progresses.
