- It was an admin private key breach, not a smart contract fault, according to blockchain developer ‘Marioo.’
- Twelve protocols, including THORChain, Ekubo, TrustedVolumes, Transit Finance, and the Ethereum bridge of Verus Protocol, have been hacked in the last month.
DeFi protocol Echo Protocol, which runs on the Monad blockchain, was compromised when an attacker minted around 1,000 eBTC without authorization. On Tuesday, the hacker created 1,000 synthetic Bitcoin (eBTC) with a value of around $76.7 million; both Lookonchain and analytics platform and blockchain security company PeckShield reported this.
Echo Protocol said on Tuesday:
“We are currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway.”
Twelve protocols, including THORChain, Ekubo, TrustedVolumes, Transit Finance, and the Ethereum bridge of Verus Protocol, have been hacked in the last month, with this recent vulnerability being the latest in the series.
Laundering Stolen Funds
The perpetrator allegedly tried to conceal some of the stolen funds by funding the DeFi lending and liquidity management protocol Curvance with 45 eBTC, which is about $3.45 million, as reported by PeckShield.
The criminal then borrowed 11.3 wrapped Bitcoin (wBTC) tokens, which were valued $868,000, bridged the tokens to Ethereum, exchanged them for Ethereum, and sent 384 Ethereum, which was worth around $822,000, to the Tornado Cash mixing service. According to DeBank, the hacker is still in possession of 955 eBTC, which is almost $73 million.
Among the many features offered by the Bitcoin DeFi platform Echo Protocol include the ability to pool Bitcoin liquidity, stake liquids, restake them, and generate income. For users to bridge and deploy in DeFi for extra income, it produces unified, liquid BTC assets like eBTC. The protocol is implemented on the Monad blockchain, which is compatible with EVM and has good performance on layer-1.
It was an admin private key breach, not a smart contract fault, according to blockchain developer ‘Marioo.’ The source of the problem was “operational, not technical.”
According to their statement, the eBTC contract “worked exactly as designed.” However, they did mention that there were other weaknesses, such as the admin position requiring just one signature, the lack of a timelock, an incorrect minting supply limitation or rate restriction, and an inadequate “supply sanity check” by Curvance for the newly created collateral.
Highlighted Crypto News Today:
Bitcoin Slides to Three-Week Low Under $77K Amid Bear Dominance
