- Echo Admin key compromise enabled $76.7 million in unauthorized eBTC issuance.
- The attackers used fake eBTC to borrow and link real cryptocurrency assets.
- ECHO tokens plummeted as panic selling quickly hit the market.
The ECHO token came under severe pressure after a major security breach involving the ECHO Protocol resulted in the unauthorized issuance of approximately $76.7 million worth of eBTC, leading to a rapid loss of trust in the ecosystem as a whole.
The exploit centers around compromising privileged access controls, allowing attackers to bypass normal minting restrictions and create synthetic assets without collateral.
The exploit quickly escalated from a technical breach to full-blown market disruption.
Hours after the attack became known, the ECHO token suffered a sharp double-digit decline as traders rushed to close positions due to uncertainty about the stability of the protocol and the state of the inflated eBTC supply.
Unlimited eBTC issuance possible due to admin key compromise
The core of the exploit was the compromise of an administrator-level private key that gave the attacker control over publishing rights within the Echo protocol system.
This access allowed the attackers to mint approximately 1,000 eBTC tokens without depositing any collateral.
These tokens are not backed by actual Bitcoin reserves. In other words, it functioned as an artificially created supply within the system.
The sudden expansion of eBTC supply to around $76 million created an immediate imbalance risk across any integrated lending or trading platform that accepted the asset as collateral.
Once issued, the attackers began routing the assets through decentralized finance applications.
Some of the fake eBTC was deposited into lending marketplaces like Curvance and used to borrow wrapped Bitcoin (WBTC).
From there, the borrowed funds were wired across the network, converted to ETH, and partially routed through privacy tools, including Tornado Cash, to obscure transaction tracking.
Blockchain investigators tracking the movement of funds noted that approximately 955 eBTC remained under the attackers’ control, making up the bulk of the illicitly minted supply.
In the early stages of the exploit, only a small portion of the stolen value was successfully converted to liquid assets.
ECHO token plummets as panic spreads throughout the market.
Once the exploit was disclosed, ECHO tokens were sold off rapidly.
The price fell more than 11% in a short period of time, reflecting immediate market concerns about the security of the protocol and the potential impact of an inflated eBTC supply on the wider ecosystem.
The market reacted to two major risks.
The first was the possibility of additional casting or continued availability if access control was not fully secured.
The second was the uncertainty surrounding potential bad debt arising from lending markets where unsecured eBTC was already used as collateral.
Liquidity conditions have tightened as participants have reduced their exposure to ECHO and related assets.
The sudden departure of capital intensified downward pressure, accelerating the decline of the token and amplifying volatility across linked trading pairs.
Echo Protocol suspends operations and begins investigation
In response to the breach, Echo Protocol paused cross-chain operations, with the goal of limiting further movement of stolen funds and preventing further exploitation vectors.
The outage affected bridging and cross-chain functions that attackers used to move assets between networks during the laundering process.
This incident did not affect the underlying Monad blockchain, which continued to function normally.
This issue was isolated to Echo Protocol’s access control layer, specifically the privileged permissions associated with publishing permissions.
Security researchers assessing the breach pointed to administrative key compromise as a key point of failure.
Instead of a flaw in the token math or smart contract logic, the attack exploited a centralized control authority that could mint an unlimited number of synthetic assets once the keys were exposed.