Overview
- Echo Protocol said Tuesday it regained the exposed admin keys, burned 955 eBTC left in the attacker’s wallet, and kept Monad cross‑chain functions paused.
- An attacker used a compromised admin role to mint 1,000 eBTC on Monad, then posted 45 eBTC on Curvance to borrow about 11.29 WBTC that was bridged to Ethereum, swapped for roughly 384–385 ETH, and sent through Tornado Cash.
- Monad’s co‑founder and multiple researchers estimated about $816,000 in value was actually extracted despite the much larger unauthorized mint.
- Monad and Curvance said their networks and smart contracts were not breached, and Curvance paused the affected eBTC market to contain risk using its isolated‑market design.
- Echo also paused its Aptos bridge as a precaution and reported about $71,000 in limited exposure on that chain with no confirmed loss, as researchers faulted single‑sig admin control, no timelock, no mint caps, and weak collateral checks that let the scheme work.