Echo Protocol Says Unauthorized eBTC Minting on Monad Caused $816K Impact

Echo Protocol said it has identified unauthorized activity involving eBTC on Monad that resulted in unauthorized minting and related fund loss, in what the project described as an isolated incident tied to a compromised admin key on its Monad deployment.

In a statement posted on X, the protocol said its investigation indicates the issue originated from a compromised admin key affecting the Monad deployment. Based on current findings, Echo said roughly $816,000 was impacted on Monad.

The team also stressed that the Monad network itself was not affected and continues to operate normally. The incident has prompted Echo Protocol to move quickly on several fronts, including key recovery, contract upgrades, and precautionary pauses across parts of its infrastructure.

According to the company, it has already regained control of its admin keys and burned the remaining 955 eBTC that were in the attacker’s possession. That step appears designed to reduce further risk while the investigation continues.

Echo also said the problem appears to be limited to Monad. The project stated that it has found no evidence of compromise on Aptos and emphasized that aBTC on Aptos and eBTC on Monad are separate, non-bridgeable assets.

The team added that current exposure on Aptos is limited to about $71,000 across Echo lending markets and Hyperion liquidity pools, though it noted that no confirmed loss of funds has been observed on Aptos so far.

Out of what it described as an abundance of caution, Echo Protocol has paused cross-chain functionality for the Monad deployment and upgraded the relevant Monad contracts to restrict affected operations and strengthen control over sensitive functions.

The project said it has also fully paused Aptos bridge operations while the review continues, even though the Aptos bridge itself was not affected. Echo Aptos Lending has been paused for security as well.

Echo Protocol Pauses Cross-Chain Functions

The protocol said it is also upgrading the EVM-series bridge deployments as part of a broader effort to tighten cross-chain controls and lower operational risk. That suggests the team is treating the incident not only as a response to a single exploit, but also as an opportunity to review wider infrastructure and permissions across its ecosystem.

In its public update, Echo Protocol warned users not to interact with unofficial links, claim pages, refund forms, or recovery portals. It also reminded users that it will never ask for seed phrases, private keys, or direct wallet transfers. The team said all official updates will come only through Echo’s verified channels.

Beyond the immediate damage control, Echo said it is now carrying out a full review of the affected Monad deployment and related bridge infrastructure. That review includes admin key exposure, contract permissions, cross-chain controls, minting controls, and broader operational security procedures.

The company said it is working with ecosystem partners and external security reviewers to confirm the scope of the incident and determine whether any additional mitigation steps are needed.

The incident comes at a time when security remains one of the biggest concerns in decentralized finance, especially for protocols that manage assets across multiple chains. Even when a network itself is unaffected, a compromise at the protocol level can still create major losses, confusion, and user uncertainty.

Echo Protocol’s rapid response, including key recovery and contract upgrades, appears aimed at limiting the fallout and reassuring users that the issue has been contained as much as possible. For now, the project says transparency will continue as the investigation progresses.

While the full picture may still change as more details emerge, Echo’s latest update suggests the attack was serious enough to trigger an immediate security response, but limited enough that the wider Monad network and Aptos ecosystem were not directly compromised. Echo Protocol said it will keep sharing updates as it learns more.