An attacker minted 1,000 eBTC — worth roughly $77 million at current spot prices — on Monad's Echo Protocol late on May 18, then converted about $870,000 of it into real Wrapped Bitcoin before the rest became stuck. The exploit, first flagged by @dcfgod on X, relied on a privileged-role vulnerability in the eBTC token contract. Monad co-founder @keoneHD acknowledged the incident, saying the team and external researchers were investigating.
Inside the mint: admin key, minter role, then a flood of tokens
The attacker granted themselves DEFAULT_ADMIN_ROLE on the eBTC contract, then MINTER_ROLE, revoked the admin role, and minted 1,000 eBTC in block 75,477,995 (tx hash 0x2cc973…). How they got the admin role in the first place is still unknown — could be a compromised admin key, a misconfigured deployment, or a contract-level bug. From there, the cash-out sequence was straightforward: deposit ~45 eBTC into Curvance, borrow ~11.296 WBTC, and bridge the WBTC off Monad, likely via LayerZero.
Why 99% of the fake supply is still sitting in the attacker's wallet
The attacker's address (0x6a0109… ) still holds nearly all the minted eBTC. The reason is mundane: Monad's lending and DEX markets don't have enough liquidity to absorb the other ~955 eBTC. Curvance had a fresh eBTC/WBTC market, and the lending logic wasn't the failure point — the token contract was. Without deep books on Monad, the attacker couldn't dump the rest without cratering the price and getting barely anything back. Shallow liquidity, in this case, acted as a de facto circuit breaker.
A failure mode that's becoming a pattern
This exploit follows the same privileged-role failure as the Resolv USR exploit in March and the KelpDAO rsETH exploit in April. All three involved an attacker seizing a role that shouldn't have been accessible. The realized loss here is roughly 30 times smaller than Resolv and 250 times smaller than KelpDAO — but the underlying problem is identical. Echo Protocol, a Bitcoin liquidity and yield project, deployed on Monad recently, and Monad's lending markets often lack mature operational layers like multisigs and timelocks. That's not a Monad-only issue, but it's a recurring one on newer L1s moving fast.
What's coming next
Echo Protocol and Curvance had not published statements as of the time of writing. The attacker's wallet still holds the 99% of fake eBTC, and so far no one has moved it. The unanswered question — how the attacker got the DEFAULT_ADMIN_ROLE — will determine whether this was a key management failure or a code bug. Either way, the team's investigation and any subsequent patch will be the next concrete step.
