← Echo Protocol1 decision on this page

Audit log

Every state-changing event for Echo Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-22 05:11:29Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 421,352,795
sig
4L7Yo7h3weVf…RCisRVHtexplorer ↗
hash
Gh6173R18QXy…1wf79oq2sha256 → base58
verifying row…full verify ↗
canonical bytes (18730 B) ▸
{"actor":"system:backfill","investigation_id":"18db584f-6b3a-4ef2-a844-64a016882229","kind":"publish","page_slug":"echo-protocol","published_at":"2026-05-22T05:11:28.847Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Echo Protocol","sections":[{"content":"On May 19, 2026, security firms PeckShield and Lookonchain reported an exploit on Echo Protocol's eBTC contract deployed on the Monad blockchain. An attacker gained access to an admin-level private key and first assigned themselves the DEFAULT_ADMIN_ROLE on the eBTC smart contract, then granted their wallet the MINTER_ROLE. This role-escalation sequence enabled the creation of approximately 1,000 eBTC tokens — a synthetic Bitcoin asset — without the required underlying collateral. The unauthorized mint was valued at approximately $76.7 million at the time of the attack. Blockchain developer Marioo publicly characterized the failure as \"operational, not technical,\" noting that the eBTC contract itself performed as designed; the attacker abused legitimately structured privileged access. The on-chain attacker address identified by analysts was 0x6a0109d3c5ab56277096c75e8f5d1d1d45243415.","heading":"Admin Key Compromise and Unauthorized Minting","severity":"critical","sources":[{"credibility":2,"name":"Echo Protocol Hacked for $76.7M in Admin Key Exploit — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/echo-protocols-ebtc-exploited-for-76m-in-admin-key-compromise"},{"credibility":2,"name":"Bitcoin DeFi Platform Echo Protocol Hit By $76M Monad Exploit — Decrypt","type":"news_article","url":"https://decrypt.co/368315/bitcoin-defi-platform-echo-protocol-hit-by-76m-monad-exploit"},{"credibility":2,"name":"How did an attacker mint 1,000 unauthorised eBTC on Echo Protocol? — Invezz","type":"news_article","url":"https://invezz.com/news/2026/05/19/how-did-an-attacker-mint-1000-unauthorised-ebtc-on-echo-protocol/"}]},{"content":"Following the unauthorized mint, the attacker executed a multi-step extraction strategy. Of the 1,000 minted eBTC, the attacker deposited 45 eBTC (approximately $3.45 million in value) as collateral into Curvance, a decentralized lending protocol that had accepted eBTC as a supported asset. Against this collateral, the attacker borrowed approximately 11.29 wrapped Bitcoin (WBTC), valued at roughly $867,700 at the time. The WBTC was then bridged to the Ethereum mainnet, converted into Ether (ETH), and approximately 384 to 385 ETH — equivalent to roughly $816,000 to $822,000 — was routed through Tornado Cash, an Ethereum-based privacy mixer, to obfuscate the trail. Security researchers estimate total realized losses at approximately $816,000, as the attacker's ability to convert the remaining 955 eBTC was constrained by limited market liquidity on Monad at the time of the attack. Curvance paused its eBTC lending market following disclosure, stating that its isolated market architecture prevented contagion to other markets on the platform.","heading":"Exploitation Path and Fund Laundering","severity":"critical","sources":[{"credibility":2,"name":"Echo Exploit Hacker Moves $821K Through Tornado After eBTC Mint — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/19/echo-exploit-hacker-moves-821k-through-tornado-after-ebtc-mint/"},{"credibility":1,"name":"Echo Protocol suffers $76 million exploit in eBTC minting attack on Monad — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/19/echo-protocol-suffers-usd76-million-exploit-in-ebtc-minting-attack-on-monad"},{"credibility":3,"name":"Echo Protocol Bridge Incident Sends 384 ETH To Tornado Cash After eBTC Mint — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/echo-protocol-bridge-incident-sends-384-eth-to-tornado-cash-after-ebtc-mint-on-monad/"}]},{"content":"Post-incident analysis identified multiple compounding security weaknesses in the Echo Protocol Monad deployment that amplified the impact of the admin key compromise. Security researchers documented the following structural deficiencies: (1) a single-signature arrangement for the admin role, meaning no multi-signature threshold was required to execute privileged operations; (2) no timelock mechanism governing sensitive administrative actions such as role grants or minting authority changes; (3) no minting supply cap or rate limiter on the eBTC contract, allowing arbitrary quantities to be minted in a single transaction; and (4) insufficient collateral sanity checks on the Curvance integration, which accepted newly minted eBTC without adequate verification of backing. These weaknesses collectively enabled an attacker in possession of a single private key to mint $76.7 million in synthetic Bitcoin and begin extracting real value within a short window. The centralization of minting authority in a single key is particularly notable given the protocol's positioning as trustless Bitcoin DeFi infrastructure.","heading":"Centralized Access Control Failures","severity":"critical","sources":[{"credibility":2,"name":"Echo Protocol Hack May Have Stemmed From Stolen Admin Key, Not Smart Contract Flaw — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112380"},{"credibility":2,"name":"Echo Protocol's $76.7M Unauthorized Mint Raises Bridge Security Questions — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/echo-protocol-76-7m-unauthorized-113215637.html"},{"credibility":2,"name":"Echo Protocol Hacked on Monad, Attacker Mints $76M in Unbacked eBTC — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/19/echo-protocol-on-monad-hit-as-attacker-mints-1000-ebtc-worth-76-6m/"}]},{"content":"Echo Protocol confirmed the breach in an official statement, characterizing it as \"a compromised admin key affecting the Monad deployment.\" The team stated it had successfully regained control of the compromised admin keys and burned the remaining 955 eBTC that had remained in the attacker's possession, preventing their conversion. Echo suspended all cross-chain functionality for the Monad deployment as a precautionary measure and indicated it was upgrading Monad contracts to restrict sensitive operations. The Aptos-based bridge was also paused as a precaution, despite Aptos operations not being directly implicated in the breach. Echo Protocol stated it was conducting a comprehensive security review with external auditors covering bridge infrastructure, permission structures, minting logic, and operational security practices. Monad co-founder Keone Hon publicly confirmed that the Monad network itself was unaffected and continued operating normally, clarifying the exploit was specific to Echo Protocol's application layer.","heading":"Protocol Response and Containment","severity":"high","sources":[{"credibility":2,"name":"Echo Protocol Says $816,000 Lost After Admin Key Compromised in Monad eBTC Deployment — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112387"},{"credibility":2,"name":"Echo Protocol pauses bridge after attacker mints $76M eBTC — Crypto.news","type":"news_article","url":"https://crypto.news/echo-protocol-pauses-bridge-after-attacker-mints-76m-ebtc/"},{"credibility":2,"name":"Echo Protocol Pauses Monad Bridge After Admin Key Breach Sparks $816K Loss — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/echo-protocol-pauses-monad-bridge-after-admin-key-breach-sparks-816k-loss/"}]},{"content":"The ECHO native token experienced a decline of over 11% shortly following public disclosure of the security breach on May 19, 2026. Traders rapidly exited positions amid concerns about protocol stability and confidence in the team's operational security practices. The price drop reflected market concerns beyond the realized dollar losses from the exploit, as the structural nature of the failure — centralized admin key control — raised questions about the protocol's broader security posture and its marketing as a trustless system.","heading":"Token Price Impact","severity":"high","sources":[{"credibility":2,"name":"ECHO token plunges after $76M admin key exploit hits protocol — CoinJournal","type":"news_article","url":"https://coinjournal.net/news/echo-token-plunges-after-76m-admin-key-exploit-hits-protocol/"},{"credibility":2,"name":"Echo Protocol Was Hacked. The Project's Token Fell by More Than 11% — Incrypted","type":"news_article","url":"https://incrypted.com/en/echo-protocol-was-hacked-the-projects-token-fell-by-more-than-11/"}]},{"content":"The Echo Protocol exploit occurred as the third major DeFi security incident in approximately five consecutive days in May 2026, bringing the month's running total of crypto exploits to 14. THORChain experienced a vault breach on May 15, 2026, draining over $10 million in digital assets. Three days later, on May 18, the Verus-Ethereum Bridge was exploited for approximately $11.58 million. The Echo Protocol attack followed the next day. Earlier in May 2026, Drift Protocol and KelpDAO had also reportedly suffered large-scale exploits. Analysts and security researchers described the May 2026 pattern as indicative of escalating systemic risk across DeFi protocols, particularly those relying on centralized administrative control surfaces in cross-chain bridge architectures.","heading":"Broader DeFi Security Context","severity":"medium","sources":[{"credibility":2,"name":"Echo Protocol Hack Lifts May's Crypto Exploit Total to 14 — BeInCrypto","type":"news_article","url":"https://beincrypto.com/echo-protocol-monad-exploit-may-hacks/"},{"credibility":2,"name":"Echo Protocol Joins THORChain, Verus as May Hack Count Reaches 14 — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/echo-protocol-joins-thorchain-verus-023905810.html"},{"credibility":2,"name":"DeFi's Worst Year Continues as $76.7M Drained From Echo Protocol — ETHNews","type":"news_article","url":"https://ethnews.com/defis-worst-year-continues-as-76-7m-drained-from-echo-protocol/"}]},{"content":"Echo Protocol is a Bitcoin liquidity aggregation and yield infrastructure protocol launched in August 2024, initially focused on the Aptos blockchain before expanding to the Monad network. Its core product is a wrapped Bitcoin asset — eBTC on Monad and aBTC on Aptos — enabling Bitcoin capital to participate in DeFi applications on those chains. The protocol secured pre-seed funding in October 2024. Hacken, a blockchain security firm, is listed as having conducted at least one audit of Echo Protocol; however, the specific scope, findings, and date of that audit had not been publicly disclosed in detail as of May 2026. The admin key compromise that enabled the May 2026 exploit affected the Monad deployment specifically and was described by analysts as an operational security failure rather than a defect in the audited smart contract logic itself.","heading":"Protocol Background and Audit History","severity":"medium","sources":[{"credibility":2,"name":"Echo Protocol — IQ.wiki","type":"other","url":"https://iq.wiki/wiki/echo-protocol"},{"credibility":2,"name":"Echo Protocol audits by Hacken — Hacken.io","type":"research","url":"https://hacken.io/audits/echo-protocol/"},{"credibility":3,"name":"Crypto News: Echo Protocol Loses $76.7M in eBTC as DeFi Hacks Rise in 2026 — The Market Periodical","type":"news_article","url":"https://themarketperiodical.com/2026/05/19/crypto-news-echo-protocol-loses-76-7m-in-ebtc-as-defi-hacks-rise-in-2026/"}]}],"sources_used":[{"credibility":2,"name":"Echo Protocol Hacked for $76.7M in Admin Key Exploit — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/echo-protocols-ebtc-exploited-for-76m-in-admin-key-compromise"},{"credibility":1,"name":"Echo Protocol suffers $76 million exploit in eBTC minting attack on Monad — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/19/echo-protocol-suffers-usd76-million-exploit-in-ebtc-minting-attack-on-monad"},{"credibility":2,"name":"Bitcoin DeFi Platform Echo Protocol Hit By $76M Monad Exploit — Decrypt","type":"news_article","url":"https://decrypt.co/368315/bitcoin-defi-platform-echo-protocol-hit-by-76m-monad-exploit"},{"credibility":1,"name":"BTCFi protocol Echo exploited, targeting eBTC market on Monad — The Block","type":"news_article","url":"https://www.theblock.co/post/401771/echo-protocol-monad-exploit"},{"credibility":2,"name":"Echo Exploit Hacker Moves $821K Through Tornado After eBTC Mint — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/19/echo-exploit-hacker-moves-821k-through-tornado-after-ebtc-mint/"},{"credibility":2,"name":"Echo Protocol Hack Lifts May's Crypto Exploit Total to 14 — BeInCrypto","type":"news_article","url":"https://beincrypto.com/echo-protocol-monad-exploit-may-hacks/"},{"credibility":2,"name":"ECHO token plunges after $76M admin key exploit hits protocol — CoinJournal","type":"news_article","url":"https://coinjournal.net/news/echo-token-plunges-after-76m-admin-key-exploit-hits-protocol/"},{"credibility":2,"name":"Echo Protocol Pauses Monad Bridge After Admin Key Breach Sparks $816K Loss — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/echo-protocol-pauses-monad-bridge-after-admin-key-breach-sparks-816k-loss/"},{"credibility":2,"name":"Echo Protocol Hack May Have Stemmed From Stolen Admin Key, Not Smart Contract Flaw — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112380"},{"credibility":2,"name":"Echo Protocol Says $816,000 Lost After Admin Key Compromised in Monad eBTC Deployment — Bloomingbit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/112387"},{"credibility":2,"name":"Echo Protocol's $76.7M Unauthorized Mint Raises Bridge Security Questions — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/echo-protocol-76-7m-unauthorized-113215637.html"},{"credibility":2,"name":"Echo Protocol Joins THORChain, Verus as May Hack Count Reaches 14 — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/echo-protocol-joins-thorchain-verus-023905810.html"},{"credibility":2,"name":"How did an attacker mint 1,000 unauthorised eBTC on Echo Protocol? — Invezz","type":"news_article","url":"https://invezz.com/news/2026/05/19/how-did-an-attacker-mint-1000-unauthorised-ebtc-on-echo-protocol/"},{"credibility":3,"name":"Echo Protocol Bridge Incident Sends 384 ETH To Tornado Cash After eBTC Mint — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/echo-protocol-bridge-incident-sends-384-eth-to-tornado-cash-after-ebtc-mint-on-monad/"},{"credibility":2,"name":"Echo Protocol audits by Hacken — Hacken.io","type":"research","url":"https://hacken.io/audits/echo-protocol/"},{"credibility":2,"name":"DeFi's Worst Year Continues as $76.7M Drained From Echo Protocol — ETHNews","type":"news_article","url":"https://ethnews.com/defis-worst-year-continues-as-76-7m-drained-from-echo-protocol/"},{"credibility":2,"name":"Echo Protocol pauses bridge after attacker mints $76M eBTC — Crypto.news","type":"news_article","url":"https://crypto.news/echo-protocol-pauses-bridge-after-attacker-mints-76m-ebtc/"},{"credibility":2,"name":"Echo Protocol Hacked on Monad, Attacker Mints $76M in Unbacked eBTC — BanklessTimes","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/05/19/echo-protocol-on-monad-hit-as-attacker-mints-1000-ebtc-worth-76-6m/"}],"summary":"Echo Protocol is a Bitcoin liquidity aggregation and yield infrastructure protocol operating on the Monad and Aptos blockchains, offering liquid staking, restaking, and cross-chain DeFi services through its wrapped Bitcoin asset eBTC. On May 19, 2026, the protocol suffered a critical admin key compromise on its Monad deployment, enabling an attacker to mint approximately 1,000 unauthorized eBTC tokens worth $76.7 million and borrow $3.45 million in WBTC through the Curvance lending protocol, ultimately laundering roughly $822,000 through Tornado Cash. The incident exposed severe centralized access-control failures in a protocol marketed as trustless Bitcoin DeFi infrastructure.","timeline":[{"date":"2024-08-01","event":"Echo Protocol launches, initially focused on Bitcoin liquidity and liquid staking on the Aptos blockchain.","source":"The Market Periodical","source_url":"https://themarketperiodical.com/2026/05/19/crypto-news-echo-protocol-loses-76-7m-in-ebtc-as-defi-hacks-rise-in-2026/"},{"date":"2024-10-01","event":"Echo Protocol secures pre-seed funding from investors.","source":"CryptoRank","source_url":"https://cryptorank.io/ico/echo-protocol"},{"date":"2026-05-15","event":"THORChain vault breach drains over $10 million, marking the start of a five-day streak of major DeFi exploits.","source":"BeInCrypto","source_url":"https://beincrypto.com/echo-protocol-monad-exploit-may-hacks/"},{"date":"2026-05-18","event":"Verus-Ethereum Bridge is exploited for approximately $11.58 million. Security breach on Echo Protocol's Monad deployment also reportedly begins.","source":"BeInCrypto / Bitcoin.com News","source_url":"https://news.bitcoin.com/echo-protocol-pauses-monad-bridge-after-admin-key-breach-sparks-816k-loss/"},{"date":"2026-05-19","event":"PeckShield and Lookonchain report the Echo Protocol exploit. Attacker mints approximately 1,000 eBTC worth $76.7 million using a compromised admin key, deposits 45 eBTC into Curvance, borrows 11.29 WBTC, bridges to Ethereum, and routes approximately 384 ETH through Tornado Cash.","source":"CoinTelegraph / CoinDesk","source_url":"https://cointelegraph.com/news/echo-protocols-ebtc-exploited-for-76m-in-admin-key-compromise"},{"date":"2026-05-19","event":"Echo Protocol confirms breach, regains admin key control, burns remaining 955 eBTC in attacker's possession, and suspends all Monad cross-chain operations. Curvance pauses its eBTC lending market.","source":"Decrypt / Bitcoin.com News","source_url":"https://decrypt.co/368315/bitcoin-defi-platform-echo-protocol-hit-by-76m-monad-exploit"},{"date":"2026-05-19","event":"ECHO token falls over 11% following public disclosure of the exploit.","source":"CoinJournal","source_url":"https://coinjournal.net/news/echo-token-plunges-after-76m-admin-key-exploit-hits-protocol/"},{"date":"2026-05-19","event":"Monad co-founder Keone Hon confirms the Monad network itself was unaffected by the exploit, which was isolated to Echo Protocol's application layer.","source":"BeInCrypto","source_url":"https://beincrypto.com/echo-protocol-monad-exploit-may-hacks/"}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 7c7ff5af-2f5e-49e7-915d-67b69ca5451c

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.