The Echo eBTC Exploit on Monad: $77M Minted, $870K Stolen

[_act_]

The attacker grant itself an admin role to mint eBTC on Echo protocol, used the privilege to mint 1000 eBTC, deposit roughly 45 eBTC out of the 1000 eBTC into Curvance’s eBTC market as collateral, the attacker received Curvance’s wrapped collateral receipt (ceBTC) in return. He borrowed against that collateral across multiple transactions, pulling out approximately 11.296 wBTC in total. 955 eBTC is still remaining in his wallet.

The attacker did not try to dump 1,000 eBTC into a DEX. Monad’s eBTC liquidity is thin, and the slippage would have eaten most of the extraction. They used the lending path instead, the same playbook Resolv’s attacker used to convert fake USR into ETH and KelpDAO’s attacker used to convert fake rsETH into WETH.

The reason the borrow at 11.296 wBTC instead of 45 wBTC is some combination of Curvance’s available WBTC supply, the LTV ceiling on the eBTC market, and any borrow caps set on the asset; which of those was the binding constraint isn’t yet confirmed.

So the 11.296 wBTC was stolen successfully, approximately $870000 at bitcoin price of $77000 of the attack.

If you want to understand this better, I highly advise you to read how the attack worked: https://defiprime.com/echo-ebtc-monad-exploit. Because if you want to understand better, you need to know what Echo, Curvance, and Monad are and how Curvance was exploited without hacking it.

[OmegaStarScream]

This is getting out of control. Not a week passes without a dapp getting hacked.

But minting eBTC (or any token with actual value) out of thin air is just crazy. Another reason why should one stay away of these wrapped coins and stick to the original ones.

[noorman0]

Smart contract code has always been incredibly weak, allowing attacks to reach the backend, which would undoubtedly harm users within the ecosystem. I see exploit news almost daily from the Web3 environment and wonder, especially in the rapidly advancing AI era. The dislike of storing wrapped coins or L2 tokens has saved a lot of money.

[sergiorus]

The attacker grant itself an admin role to mint eBTC on Echo protocol, used the privilege to mint 1000 eBTC, deposit roughly 45 eBTC out of the 1000 eBTC into Curvance’s eBTC market as collateral, the attacker received Curvance’s wrapped collateral receipt (ceBTC) in return. He borrowed against that collateral across multiple transactions, pulling out approximately 11.296 wBTC in total. 955 eBTC is still remaining in his wallet.

The attacker did not try to dump 1,000 eBTC into a DEX. Monad’s eBTC liquidity is thin, and the slippage would have eaten most of the extraction. They used the lending path instead, the same playbook Resolv’s attacker used to convert fake USR into ETH and KelpDAO’s attacker used to convert fake rsETH into WETH.

The reason the borrow at 11.296 wBTC instead of 45 wBTC is some combination of Curvance’s available WBTC supply, the LTV ceiling on the eBTC market, and any borrow caps set on the asset; which of those was the binding constraint isn’t yet confirmed.

So the 11.296 wBTC was stolen successfully, approximately $870000 at bitcoin price of $77000 of the attack.

If you want to understand this better, I highly advise you to read how the attack worked: https://defiprime.com/echo-ebtc-monad-exploit. Because if you want to understand better, you need to know what Echo, Curvance, and Monad are and how Curvance was exploited without hacking it.

Basically the same kind of attack that occurred just 1 month ago with Polkadot's DOT token on Ethereum, when the attacker gained admin rights and minted a lot of new supply as well.
Except that in that case the attacker wasn't as sophisticated and just dumped the newly dumped supply on an illiquid DEX.

I guess attackers realised they have more time until they are discovered than they initially thought and will now be using complex schemes to extract all the thin liquidity they can.

[BattleDog]

The nasty part is the composability. Echo's eBTC got minted out of thin air, Curvance accepted it as collateral, and the attacker borrowed real WBTC against fake BTC-paper. Curvance's contracts can behave exactly as written and still end up holding poison collateral, because the weakness was upstream in the asset's mint authority. That's the bit people keep missing when they just say: "smart contracts are weak." Sometimes the contract is obedient, the input is garbage, and the garbage has a fancy logo.

I agree with being suspicious of wrapped coins, but the word "wrapped" is not the whole disease. The disease is opaque mint authority, fresh collateral listings, weak caps, no useful timelock, and admin keys that apparently live exciting social lives. A wrapped asset with proper reserves, segregated minting, hard caps and monitoring is one thing. A new wrapper where a leaked key can mint tens of millions before breakfast is another animal wearing the same hat.

Also, this did not break Bitcoin, WBTC generally, or Monad itself. It broke trust in that specific eBTC deployment and the markets willing to treat it as valuable collateral. Funny enough, thin liquidity probably saved everyone from a much uglier number. The attacker minted a cartoon-sized bag, but could only extract what the downstream market had available.

[asriloni]

That's why the biggest loophole in crypto is defi. The collateral to print the wrapped token can be faked, and anyone who has key can mint the wrapped token out of thin air. So i can assume the hacker who stolen admin's key is also knowing the loophole. That's why he could also fake the collateral to mint eBTC, then supply it to the defi on monad to borrow with maximum LTV.

This is why i think any wrapped token must be gated and permissioned. However, it's also disappointing with how some news merchants mentioned 76m are hacked while the fact only 800k is getting affected.

Honestly, i'm wondering the source code used by Echo. This is pretty much the same like the previous attacks on defi when hackers always try to mint fake collateral, then supply it to drain all of money by borrowing it in AAVE.

[TastyChillySauce00]

Supply into lending defi is not worth anymore, whatever APY rate they offered nullified by the huge risk of another exploit.
They are lucky losing only $870k out of $77m minted because the liquidity was thin, imagine it happened in bigger blockchain like Ethereum.