An exploit at Echo Protocol on Monad led to the unauthorized minting of about 1,000 eBTC, a synthetic Bitcoin token, valued at roughly $76.7 million. But the event’s real significance came from what happened next: the attacker deposited 45 of those eBTC, worth about $3.45 million, into Curvance, a decentralized lending protocol, using them as collateral.
Against that position, the attacker was able to borrow around 11.29 wrapped Bitcoin, valued at about $868,000. This chain matters because it shows how a single minting vulnerability can turn into a widespread lending risk, even when lending protocol code isn’t directly compromised. Most of the mint remained as unauthorized eBTC, but the borrowed Bitcoin turned that unbacked collateral into direct credit exposure for Curvance.
Curvance responded by pausing the affected Echo eBTC market. Echo, meanwhile, said it was investigating a security incident affecting its Monad bridge. What’s important here is that Curvance’s contracts themselves weren’t at fault—it was the upstream collateral’s integrity that failed. This incident highlights that DeFi credit exposure isn’t just about one protocol’s security, but about the weakest link in how collateral is validated. When one protocol’s token can be minted without backing and accepted elsewhere, the fallout can spread before discovery and freezing can stop it.