Echo Protocol exploit on Monad, dumps MON token: Third DeFi hack in 4 days

Yes, it’s happening again. So far, the Echo Protocol exploit marks the third major decentralized finance (DeFi) hack in just four days, following the THORChain exploit (more than $10 million losses) on May 15 and the Verus-Ethereum Bridge hack ($11.5 million) on May 18. The incident highlights an alarming acceleration of successful attacks across the DeFi ecosystem.

Crazy — another hack just happened!

According to @dcfgod, @EchoProtocol_ on Monad was exploited.

The hacker:
minted 1,000 $eBTC ($76.64M) on Monad;
deposited 45 $eBTC ($3.45M) into Curvance;
borrowed 11.3 $WBTC ($867K) from Curvance;
bridged the 11.3 $WBTC to Ethereum and… pic.twitter.com/YeGiUFGS1j

— Lookonchain (@lookonchain) May 19, 2026

How the Echo Protocol exploit happened

Per onchain data, the Echo Protocol exploit used a vulnerability that allowed the attacker to mint 1,000 eBTC (the liquid staking token of Echo) on the Layer-1 (L1) blockchain Monad, without proper collateral backing. Then, the attacker deposited 45 eBTC (around $3.45 million) into lending platform Curvance and borrowed approximately 11.3 Wrapped Bitcoin (WBTC), worth around $867,000 against the position. The WBTC was then bridged to Ethereum, swapped for 385 ETH, and immediately funneled into Tornado Cash (a privacy mixer commonly used by hackers to obscure fund trails).

Currently, the attacker has 955 eBTC (worth approximately $73,5 million) in their wallet as an outstanding liability to the Echo Protocol.

Monad’s co-founder Keone Hon stated in a recent X post that “the Monad Network was not affected and it’s working normally.”

Actions taken by the EchoProtocol

The Echo Protocol has recently posted an X announcement on the exploit, stating, “Currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway,” and that they will “continue to provide timely updates through their official channels as more information becomes available.” But gave no further instructions for protocol users.

We are currently investigating a security incident impacting the Echo bridge on Monad. All cross-chain transactions remain suspended while the investigation is underway.

We will continue to provide timely updates through our official channels as more information becomes…— Echo Protocol (@EchoProtocol_) May 19, 2026

The Native MON token crashed by 10 percent but fully reversed in about 15 minutes, as traders worked to evaluate the extent of the damage. The protocol will most likely pause the affected functions until they can conduct an investigation into the root cause of the exploit.

Third DeFi exploit in four days

Last week has been brutal for DeFi security, as the Echo Protocol was the third DeFi protocol that experienced an exploit in four days. THORChain was exploited on May 15 for over $10 million, and the Verus-Ethereum Bridge was exploited on May 18, losing approximately $11.5 million due to an “economic binding gap” vulnerability. These three exploits combined have drained over $98 million from DeFi Protocols within 96 hours. 

This is getting wild. After KelpDAO and Drift exploits, attackers are still finding their way to exploit more DeFi protocols, not only with sophisticated onchain methods, but with social engineering. The sector must pay more attention to these practices, otherwise they will end up losing everything. And, in the end, users/investors are the most affected.