- Echo Admin key compromise enabled $76.7M unauthorized eBTC minting.
- The attacker used fake eBTC to borrow and bridge real crypto assets.
- ECHO token dropped sharply as panic selling hit the market fast.
The ECHO token plunged after a serious security breach at the Echo Protocol allowed an attacker to mint roughly $76.7 million worth of eBTC without backing, sparking widespread loss of confidence across the ecosystem.
The incident resulted from a compromise of privileged access controls, which let the attacker circumvent normal minting restrictions and create synthetic assets with no collateral. What began as an administrative security failure immediately cascaded into market disruption as participants rushed to reassess risk.
Within hours of the breach becoming public, ECHO experienced a steep, double-digit decline as traders exited positions amid uncertainty about the protocol’s stability and the extent of the inflated eBTC supply.
Admin key compromise enabled unlimited minting of eBTC
At the heart of the exploit was an admin-level private key breach that granted the attacker minting permissions inside the Echo Protocol. Using that access, the attacker minted approximately 1,000 eBTC tokens without depositing any collateral. These tokens were not backed by real Bitcoin reserves, effectively creating an artificial supply inside the system.
The sudden addition of roughly $76 million worth of unbacked eBTC introduced immediate imbalance risks across lending and trading platforms that accepted the asset as collateral. After minting the tokens, the attacker moved them through decentralized finance applications to extract value.
A portion of the fake eBTC was deposited into lending markets such as Curvance and used to borrow wrapped Bitcoin (WBTC). The attacker then bridged the borrowed funds across networks, converted them into ETH, and routed parts of the proceeds through privacy tools in attempts to obscure the transaction trail. Blockchain investigators tracking the flows observed that about 955 eBTC remained under attacker control, representing the vast majority of the illicitly minted supply, while only a small fraction of the value was converted to liquid assets early on.
ECHO token drops sharply as panic spreads across the market
Once the exploit was disclosed, the ECHO token suffered a rapid sell-off. Prices fell more than 11% in a short period as market participants reacted to two primary concerns: the risk of additional minting or further exploitation if access controls remained vulnerable, and the potential for bad debt to accumulate in lending markets where unbacked eBTC had been used as collateral.
Liquidity tightened as holders reduced exposure to ECHO and related tokens. The rapid withdrawal of capital intensified downward pressure, accelerating the token’s decline and increasing volatility across connected trading pairs. Market participants cited heightened counterparty risk and uncertainty about whether existing risk controls would prevent further abuse.
Echo Protocol halts operations and begins investigation
In response, Echo Protocol paused cross-chain operations to limit further movement of stolen funds and close off exploitation paths the attacker had used. The suspension targeted bridging and cross-chain features that enabled asset transfers between networks during the laundering process. The underlying Monad blockchain remained operational, as the issue was isolated to Echo Protocol’s access control layer—specifically the privileged permissions tied to minting authority.
Security analysts assessing the incident identified the admin key compromise as the central failure point. This was not an exploit of the core token math or smart-contract logic; rather, it exploited centralized control privileges that allowed unrestricted issuance of synthetic assets once the key was exposed. Echo Protocol’s immediate priorities are securing keys and permissions, tracing the illicit flows, and coordinating remediation to restore market confidence.
As investigations continue, market participants and on-chain monitors will be watching for signs of recovered funds, remedial governance actions, and any measures the protocol implements to prevent similar breaches in the future.