Echo Protocol on Monad was exploited for roughly $76.6 million after an attacker minted 1,000 eBTC out of thin air, according to on-chain researcher @dcfgod. The bulk of the haul — 955 eBTC worth about $73.2M — still sits unsold in the attacker's wallet.
Why it matters
The exploit follows a familiar pattern: a synthetic or wrapped BTC asset on an L1/L2 gets minted without proper collateral checks, then the attacker uses the inflated token as borrowing collateral to pull real liquidity from a connected lending market. Here, 45 eBTC ($3.45M) was deposited into Curvance, which let the attacker borrow 11.3 WBTC ($867K). The borrowed WBTC was bridged to Ethereum, swapped for 385 ETH ($821K), and deposited into Tornado Cash to break the on-chain trail.
The Tornado Cash exit is the part US regulators watch closely — OFAC-sanctioned mixer usage on freshly stolen funds is now a near-automatic enforcement trigger.
Market impact
eBTC is a synthetic Bitcoin representation on Monad, and the mint exploit means the asset's on-chain collateral ratio is now broken. The 955 eBTC the attacker still holds represents a massive overhang: any attempt to liquidate it on a DEX or bridge it elsewhere will crash the local price and likely trigger contagion across Monad-based lending markets that accepted eBTC as collateral. Watch for emergency governance actions from Curvance and any DEX that listed eBTC pairs.
Source: [DeBank | Your go-to portfolio tracker for Ethereum and EVM](https://debank.com/profile/0x6a0109d3c5ab56277096c75e8f5d1d1d45243415)
Frequently asked questions
-
How was Echo Protocol exploited on Monad?
An attacker minted 1,000 eBTC out of thin air without proper collateral checks, then used 45 eBTC as collateral on Curvance to borrow 11.3 WBTC (~$867K). The WBTC was bridged to Ethereum, swapped for 385 ETH, and sent through Tornado Cash.
-
How much is the attacker still holding?
The attacker still holds 955 eBTC worth roughly $73.2M in their wallet, representing a major overhang on the eBTC market and any Monad-based protocol that accepts it as collateral.
-
What did the attacker do with the stolen funds?
After borrowing 11.3 WBTC from Curvance, the attacker bridged it to Ethereum, swapped it for 385 ETH (~$821K), and deposited the ETH into Tornado Cash to launder the proceeds and break the on-chain trail.
-
Why is Tornado Cash usage significant for regulators?
Tornado Cash is OFAC-sanctioned. Depositing freshly stolen funds into a sanctioned mixer is treated as an automatic enforcement trigger by US authorities, so the laundering leg is likely to draw regulatory attention independent of the dollar size.
-
What is the market impact on Monad and eBTC?
eBTC's on-chain collateral ratio is now broken, and the 955 eBTC the attacker still holds is a massive liquidation overhang. Any attempt to sell or bridge it will likely crash the eBTC price and create contagion risk across Monad lending markets and DEXs that accepted eBTC as collateral.
Lookonchain