Earlier today, Echo Protocol identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and associated fund loss.
Our investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current…
"Based on current findings, approximately $816K was impacted on Monad. The Monad network itself was not impacted and continues to operate normally," the team said, adding it has "successfully regained control of our admin keys and burnt the remaining 955 eBTC that was in the attacker's possession."
Decrypt has reached out to Echo Protocol for comment.
The exploit follows a familiar admin-key pattern that has plagued cross-chain protocols, where a single compromised credential can unlock minting privileges across an entire deployment.
Echo said the incident "appears isolated to Monad," with "no evidence of compromise on Aptos."
Misha Putiatin, co-founder of Symbiotic and smart contract security firm Statemind, told Decrypt that the industry should expect more incidents of this kind as protocols lean harder on off-chain components.
"As DeFi protocols become increasingly dependent on off-chain infrastructure, we're likely to see a resurgence of 'Web2.5' style attacks targeting centralized key management, databases, and operational infrastructure," Putiatin said.
Calling it a “balancing act,” he said systems with “more involved management” become increasingly vulnerable to social engineering and infrastructure attacks compared with “fully permissionless systems.”
Putiatin said centralized and off-chain components of DeFi protocols have historically been "treated as secondary risk areas," but expects that to shift.
"We'll likely see far more focus on operational infrastructure, key management, and internal security frameworks, similar to how smart contract audits became standard after the 2021 exploit cycle," he said.
Precautionary measuresEcho has paused cross-chain functionality for the Monad deployment and completed an upgrade of the relevant Monad contracts "to restrict affected operations and strengthen control over sensitive functions."
The Aptos bridge has been fully paused as a precaution despite no observed impact, and Echo Aptos Lending has been suspended for security.
The team said it is also upgrading its EVM-series bridge deployments "to further strengthen cross-chain controls and reduce operational risk."
Attacks on DeFi
