Bitcoin-focused DeFi protocol Echo Protocol was exploited on Monday in the latest security breach to hit the decentralized finance sector this month. The incident was first reported by the pseudonymous crypto commentator DCF GOD on X at around 5:55 p.m. ET.
The exact root cause of the attack has not yet been determined.
Echo Protocol Exploit
Analysis from Onchain Labs indicates the attacker minted 1,000 eBTC, valued at roughly $76.7 million, and then leveraged a previously tested exploit pathway involving Curvance. According to the findings, the exploiter deposited 45 eBTC—about $3.45 million—into Curvance as collateral and then borrowed approximately 11.29 WBTC, worth around $867,700.
The borrowed WBTC was bridged to Ethereum, converted into ETH, and 385 ETH—about $818,000 at the time—was ultimately sent to Tornado Cash.
Keone Hon, co-founder of Monad, clarified that the Monad network itself was not affected and remains operational. Curvance also published a statement indicating its smart contracts showed no signs of compromise and noting:
“Due to Curvance’s fully isolated market architecture, no other markets are impacted. Out of an abundance of caution, the affected market has been paused while our team actively investigates the situation alongside ecosystem partners.”
Blockchain tracker Lookonchain reported the hacker still holds roughly 955 eBTC, valued at more than $73 million. Echo Protocol confirmed it is investigating the security incident and has suspended all cross-chain transactions pending further analysis.
ECHO Token Drops 12%
Following the exploit, the ECHO token experienced significant selling pressure and fell by more than 12%. At the time of reporting, the token was trading around $0.0049.
This Echo incident followed two other major attacks within four days: a THORChain breach that resulted in more than $10 million stolen and a Verus–Ethereum bridge exploit that saw roughly $11.5 million taken. With the Echo exploit included, the total number of recorded security breaches in May has reached 14.