An attacker minted about 1,000 unauthorized eBTC (≈$76.7M) on Echo Protocol (deployed on the Monad blockchain). Echo suspended all cross-chain transactions and is investigating. On-chain analytics show the attacker still holds roughly 955 eBTC (≈$73M). Security firms PeckShield and Lookonchain reported the incident. Developer analysis attributes the root cause to an admin private key compromise and operational failures (single-signature admin, no timelock, no mint cap or rate limit) rather than a smart contract bug. The attacker moved 45 eBTC into Curvance, borrowed 11.3 wBTC (≈$868k), bridged to Ethereum, swapped for ETH and sent 384 ETH (≈$822k) to Tornado Cash. Curvance and Monad said their contracts/networks were not compromised; Curvance paused the affected market.

Attacker minted ~1,000 eBTC (~$76.7M) and still holds ~955 eBTC on-chain; protocol suspended cross-chain transfers; root cause identified as admin private key compromise and operational failures (single-signature, no timelock, no mint cap/rate limit); attacker performed partial laundering via Curvance, bridging, swaps and Tornado Cash.