Bitcoin-based decentralized finance (DeFi) platform Echo Protocol suffered a major cyberattack, resulting in the unauthorized creation of approximately $77 million worth of eBTC. The incident was revealed to the public by cybersecurity firm PeckShield on Tuesday.
Attack details
During the attack, the administrative key belonging to Echo Protocol on the Monad blockchain was compromised. The attacker used this access to mint a total of 1,000 unauthorized eBTC. The stolen eBTC was then pledged as collateral to borrow 3.45 million dollars in wrapped bitcoin (WBTC). The attacker subsequently transferred these funds through Tornado Cash, an anonymizing crypto mixing service, to conceal their movements.
In a statement, Echo Protocol announced that administrator control has since been restored, and 955 remaining eBTC held by the attacker have been destroyed. Additionally, cross-chain transfers on Monad have been suspended, and the affected contract’s security measures for critical operations have been strengthened.
Platform operations and multi-chain activity
Echo Protocol enables users to convert their bitcoin holdings into synthetic tokens, providing opportunities to access liquidity and generate yield. Although its main network is known as Aptos, Echo Protocol has grown to operate across various blockchains, including Monad. This expansion increased the platform’s interactions with different chains.
Following the attack, Echo Protocol reported that the Aptos bridge was not affected but decided to suspend all bridge operations as a precaution. The team stated that this measure will remain in place until the investigation is complete.
Rising DeFi security concerns
Recent weeks have seen a surge in attacks targeting decentralized protocols. Projects such as Drift Protocol and KelpDAO have suffered similar breaches, resulting in losses exceeding $200 million. These incidents have heightened concerns throughout the DeFi sector regarding the safety of smart contracts and administrative privileges.
Tornado Cash, which was used in the Echo Protocol attack, is an increasingly popular tool for obscuring crypto transaction trails. Due to its involvement in illegal transfers, Tornado Cash has been placed under U.S. sanctions, keeping it in the spotlight amidst ongoing exploits.
The attack on Echo Protocol highlights the urgent need for rapid response and diligent vulnerability assessment in the crypto industry. Platform operators emphasize the importance of keeping their communities informed and continuously upgrading their technical infrastructure to guard against evolving threats.
Latest developments surrounding Echo Protocol reveal persistent risks related to the security of administrator keys and cross-chain operations in DeFi. Industry experts stress that advanced security frameworks are increasingly critical to protecting decentralized platforms from similar attacks.
