Echo Protocol, a Bitcoin-focused DeFi platform, was exploited on a Monday in May 2025. The attacker minted 1,000 eBTC worth roughly $76.7 million, according to on-chain sleuth Onchain Labs. The incident sent the project's ECHO token down more than 12%, to around $0.0049.
How the attacker moved the money
The exploit was first flagged by pseudonymous crypto influencer DCF GOD on X at 5:55 p.m. ET. Onchain Labs reported that the attacker used a previously tested exploit route involving Curvance. They deposited 45 eBTC — about $3.45 million — into Curvance as collateral and borrowed roughly 11.29 WBTC ($867,700). That WBTC was then bridged to Ethereum, swapped into ETH, and 385 ETH (worth about $818,000) was sent to Tornado Cash, the mixing service.
Monad and Curvance say they're fine
Keone Hon, co-founder of Monad, clarified that the Monad network was not impacted and continues to operate normally. Curvance stated its smart contracts showed no signs of compromise. Thanks to its fully isolated market architecture, Curvance said no other markets were affected. The market that was used has been paused.
The hacker still sits on most of the loot
According to Lookonchain, the hacker still holds approximately 955 eBTC, worth more than $73 million. Echo Protocol confirmed they are investigating the security incident and have suspended all cross-chain transactions. So far, the exact cause of the exploit has not been identified.
A rough stretch for crypto security
The Echo exploit followed two other major hacks within four days: THORChain lost over $10 million and the Verus-Ethereum Bridge had $11.5 million stolen. With this incident, the total number of security breaches recorded in May 2025 hit 14.
Echo Protocol hasn't given a timeline for resuming cross-chain transactions. The hacker's wallet remains active, holding the vast majority of the stolen eBTC — and no one has publicly claimed responsibility.
