In just four months of 2026, DeFi losses have already surpassed $1 billion. April was especially devastating, with over $634 million lost across more than 28 incidents—making it the worst month ever recorded.
Two projects, Drift ($285M) and KelpDAO ($292M), were responsible for $577 million of that April total—and neither breach involved exploiting code vulnerabilities.
Data from DeFiLlama’s 2026 hack analysis confirms this trend.
The leading causes of exploits include LayerZero bridge attacks (18%), compromised admin keys (16%), fake token schemes (14%), and private key theft (11%).
Together, failures in operational security and key management now make up the bulk of stolen funds this year. Classic smart contract flaws like re-entrancy or oracle manipulation are barely visible on the charts.
Echo Protocol is the latest addition to this troubling pattern.
On May 18, an attacker infiltrated Echo Protocol on the Monad network and minted 1,000 counterfeit eBTC tokens—worth roughly $76.7 million on paper.
However, counterfeit tokens are worthless unless swapped for real assets. The attacker deposited a small portion into Curvance’s lending platform as collateral and borrowed actual Bitcoin against it.
They then moved that Bitcoin to Ethereum, converted it to ETH, and laundered it through Tornado Cash. The total actual haul came to about $816,000.
Many reported the loss as $76.7 million, but the real damage was just $816,000. Understanding why these two figures differ so drastically is central to the story.
This report breaks down what happened, how it unfolded, and what it reveals about the current state of DeFi security.
The bottom line: The smart contract functioned correctly. Instead, a stolen admin key and weak safeguards enabled the breach—and that’s exactly how most DeFi losses are occurring in 2026.
Post Mortem (Key Takeaways)
- The exploit wasn’t caused by faulty smart contract code—it stemmed from a stolen or exposed admin key.
- This admin key had full control over minting Echo’s eBTC token on Monad. With one private key, the attacker could create fake tokens supposedly backed by Bitcoin.
- They minted 1,000 counterfeit eBTC tokens, nominally valued at $76.7 million—but none had real BTC backing them.
- Due to limited liquidity on Monad, they couldn’t liquidate the entire amount. Instead, they used 45 of the fake eBTC as collateral on Curvance.
- Curvance treated the counterfeit eBTC as legitimate collateral, allowing the attacker to borrow real WBTC.
- The attacker ultimately extracted around $816,000 in real value—far less than the headline $76.7 million.
- Echo later destroyed the remaining 955 fake eBTC and paused affected functions.
- Neither Monad’s core network nor Curvance’s main protocol was directly breached. The failure lay in Echo’s flawed admin setup and Curvance accepting newly minted tokens as trustworthy collateral.
- The bigger picture: Modern DeFi attackers increasingly target infrastructure, team operations, bridges, and access keys—not smart contract bugs.
- Simple safeguards could have prevented or limited the damage: multisignature admin controls, time-delayed transactions, minting caps, rate limits, and stricter collateral verification.
- Echo avoided worse losses only because insufficient liquidity prevented the attacker from cashing out more fake tokens.
The Key Parties Involved
Here’s a detailed look at each player and their role:
- Echo Protocol
A Bitcoin-focused DeFi (BTCFi) project that lets users deposit BTC and receive a yield-generating wrapped version usable in DeFi apps.
Its primary chain is Aptos, where the token is called aBTC. It reached a peak total value locked (TVL) of $878 million on Aptos in May 2025 and currently holds around $254 million.
As part of Monad’s mainnet launch, Echo expanded to that chain, issuing a separate wrapped BTC token called eBTC.
Important note: aBTC and eBTC are entirely independent assets—they cannot be bridged between chains. They exist as parallel deployments. The exploit affected only eBTC on Monad.
- Monad
A new high-speed, parallelized Layer 1 EVM blockchain that gained major attention in 2025–26. Fresh off its mainnet launch, it’s attracting many new protocols—including Echo.
Monad’s network itself was not compromised. Co-founder @keoneHD confirmed the chain operated normally throughout the incident. The breach occurred at the protocol level, not the network level.
- Curvance
A lending protocol on Monad, similar to Aave but using isolated markets—each collateral asset operates in its own separate pool, so a compromised asset can’t spread risk across the whole system.
Curvance had approved eBTC as valid collateral.
- Tornado Cash
A sanctioned Ethereum-based mixer. Users deposit ETH and withdraw it to a different wallet, breaking the on-chain transaction trail. It remains a common tool for hackers to obscure stolen funds.
What Got Exploited
Echo’s eBTC token on Monad follows the standard ERC-20 format and relies on OpenZeppelin’s role-based access control system. This setup is considered industry standard and is used by virtually all serious DeFi projects.
Two specific roles are central to its configuration:
- DEFAULT_ADMIN_ROLE: the top-level role, able to assign or remove any other role within the contract.
- MINTER_ROLE: permits the holder to invoke the
mint()function and generate new eBTC tokens.
Under normal circumstances, only the Echo team controls these roles. Minting should only occur when actual BTC is locked up elsewhere, and the corresponding eBTC is created. That’s the entire foundation of trust behind any wrapped token.
That’s where Echo fell short.
The DEFAULT_ADMIN_ROLE was held by a single EOA, essentially a basic wallet backed by just one private key. And there were no protective measures around that key. Whoever possessed it had unlimited power to mint tokens at will, whenever they chose, with zero friction.
In effect, the whole $254M+ Echo ecosystem on Monad was secured behind a single private key. That key was compromised. The exact method hasn’t been revealed yet. It could have been a phishing attack, malware on a team device, an infrastructure breach, an insider threat, credentials accidentally exposed in a repository, or a supply chain attack through a development tool. Echo hasn’t shared those details.
The Attack Step by Step
Date: May 18, 2026, at roughly 5:55 PM ET
- Step 1: Using the stolen admin key, attackers assign themselves DEFAULT_ADMIN_ROLE on a new wallet. They now share admin privileges.
- Step 2: From this newly acquired admin position, they grant themselves the MINTER_ROLE. They now have full minting capability.
- Step 3: They invoke
mint(attacker_wallet, 1000e8). A total of 1,000 eBTC materializes in their wallet, carrying a notional value of $76.7M. However, there is zero actual BTC backing these tokens. They are entirely counterfeit, phantom claims on Bitcoin that have no real-world counterpart. - Step 4: They revoke both the original Echo admin’s access as well as their own admin role. This cleanup step is designed to reduce suspicion on-chain. From an observer’s perspective, it merely looks like a random wallet holding 1,000 eBTC.
At this stage, the peg is irrevocably broken. There are now 1,000 more eBTC tokens in circulation than there is actual BTC to back them.
But the attacker hasn’t extracted anything of tangible value yet. Fake tokens are only useful if they can be converted into real assets.
The Cashout Flow
You can’t simply sell 1,000 fraudulent eBTC on a DEX. The DEXs on Monad don’t have nearly enough liquidity to absorb that volume. The price would collapse to zero long before any significant amount could be extracted, and arbitrage bots would immediately flag the activity. So the attacker turned to a lending platform instead.
- Step 5: The attacker deposits 45 eBTC (with a paper value of $3.45M) into Curvance as collateral. Curvance accepts it without issue because, from the contract’s perspective, all eBTC tokens are identical. There is no oracle or validation mechanism that distinguishes between freshly minted counterfeit eBTC and legitimately BTC-backed eBTC. This represents the second critical failure in the hack. Lending markets accepted the new collateral at face value without verifying its origin.
- Step 6: Using this collateral, the attacker borrows 11.29 WBTC, worth approximately $868,000 in real wrapped Bitcoin. WBTC is the dominant BTC-pegged token on Ethereum, offering deep liquidity and full backing. The attacker now holds $868,000 in genuine assets, backed by $3.45M in worthless collateral they have no intention of reclaiming.
- Step 7: The borrowed WBTC is bridged across to Ethereum, where the deepest liquidity pools are located and where Tornado Cash operates.
- Step 8: On Ethereum, the WBTC is swapped for approximately 384 ETH (worth around $822,000).
- Step 9: The 384 ETH is routed through Tornado Cash, severing the on-chain trail. The funds end up in fresh wallets that have no traceable connection back to the attacker.
The total real value successfully extracted comes to roughly $816,000.
How Echo Responded
Within hours of the exploit becoming public, Echo regained control of the admin key, destroyed the remaining 955 eBTC still sitting in the now-deleted attacker wallet, and suspended all cross-chain operations on Monad.
They also halted the Aptos bridge and Aptos lending markets, even though Aptos itself was not affected, purely as a precautionary measure. A contract upgrade was deployed on Monad to restrict the compromised functions, and Echo indicated they would apply similar patches across their other EVM bridge deployments.
Curvance paused the eBTC market, confirmed that its own smart contracts were unaffected, and highlighted that its isolated market architecture contained the damage, preventing it from spreading to other lending pools.
Keone from Monad confirmed that the underlying chain remained uncompromised and placed the actual financial loss at approximately $816,000.
The Breakdown
The difference between $76.7 million and $816,000 tells the whole story. Curvance was the sole viable exit route, and its limited depth capped the borrowable amount at roughly $868,000.
| eBTC minted | 1,000 (notional $76.7M) | |
| Deposited to Curvance | 45 eBTC | |
| WBTC borrowed | 11.29 (~$868K) | |
| Sent through Tornado | ~384 ETH (~$822K) | |
| Actually stolen | ~$816K | |
| eBTC burned by Echo | 955 |
| Protocol | Loss | Vector |
| KelpDAO (Apr) | $292M | RPC poisoning + DDoS (Lazarus) |
| Drift | $285M | Social engineering (Lazarus, UNC4736) |
| THORChain (May 15) | $10M+ | Vault breach |
| Verus bridge (May 17) | $11.6M | Cross-chain verification |
| Echo (May 18) | $816K | Admin key |
| Transit Finance | $1.88M | Deprecated contract |
Roughly $328.6 million lost to bridge hacks in 2026 across 8 incidents. None of these stemmed from Solidity bugs. Keys, signers, RPC endpoints, off-chain verifiers, that’s where the money is flowing out now. The attackers have moved up the stack. A few from this year worth noting:
- Drift (April): Not a technical exploit. UNC4736 (North Korea) spent six months social engineering Drift employees, then drained $285M in 12 minutes. Six months of preparation, 12 minutes of execution. That’s a military operation, not a hack.
- KelpDAO (17 days later): Same group, entirely different approach. They poisoned LayerZero’s RPC infrastructure and forged cross-chain messages for $292M. State-sponsored teams running multiple playbooks simultaneously.
- AI is entering the picture too: Google confirmed the first AI-powered mass exploit on May 11 (AI discovered a zero-day and wrote bypass code for 2FA). GoPlus reported a 231% month-over-month surge in Web3 losses partly linked to AI. CrowdStrike estimates the average eCrime breakout time at 29 minutes, with the fastest at 27 seconds. The attack side is automating, defense largely isn’t.
- Resolv Labs (March): Admin key compromise on a stablecoin issuer. The attacker minted 80 million unbacked USR, drained $25 million, and USR depegged by 80%. Same root cause as Echo, completely different protocol type. The pattern doesn’t discriminate based on what you’re building.
Ondo Finance stated bluntly in their post-incident analysis: “there is no single class of vulnerability to defend against.” That’s the reality most protocols still haven’t fully absorbed.
So when Echo was drained through a stolen admin key, it didn’t happen in isolation. It occurred during the most hostile threat environment DeFi has ever faced, and the protocol was configured as if it were still 2022.
So what?
DeFi has spent the last five years improving smart contract security. Audits, bug bounties, formal verification, all of it.
So attackers stopped going after the code and started targeting everything else. Keys, infrastructure, employees, signers. None of that gets audited.
For any wrapped BTC protocol, the only security question that truly matters is who can mint, and how difficult would it be for someone to seize that power.
If the answer is “a multisig with a timelock, a mint cap, and a lending market that verifies the origin of new collateral,” you have a real protocol. If the answer is “one wallet with one key,” you have $254 million sitting there waiting to be taken. Echo was the latter.
The damage doesn’t stay contained either. Aave wasn’t hacked in April, but it lost $5.4 billion in TVL within 48 hours of the KelpDAO exploit anyway. People simply panicked and withdrew their funds from everything. That’s the new reality. One protocol gets hit and the entire sector gets repriced.
The solutions aren’t new. They’ve been available for years. Multisig the admin, timelock the changes, cap the supply, validate the collateral. It’s just that none of it makes a protocol more competitive on the surface, so nobody implements it until they become the next headline.
Echo got lucky because Monad’s liquidity was too thin for the attacker to fully cash out. The next protocol probably won’t have that excuse.
The post Echo Protocol Hack Autopsy: The $76 Million Exploit That Wasn’t Really a Hack appeared first on BeInCrypto.
