BREAKING
May 20The 'Crypto President's' Own Media Company Just Quit the Bitcoin ETF Market Before Selling a Single ShareMay 20Kraken Fought the Fed for 5 Years to Get a Master Account. Trump Just Ordered Regulators to Fast-Track It for Everyone.May 19A Hacker 'Stole' $76M in Bitcoin Today. The Actual Damage? $816K.May 19Warren Just Called Coinbase's Bank Charter Illegal — and She Wants Trump's Texts to Prove ItMay 189,000 Bitcoin ATMs Went Dark Overnight — America's Largest Crypto ATM Operator Just Filed for BankruptcyMay 18Trump Typed 7 Words and $657 Million in Crypto VanishedMay 17Italy's $1 Trillion Bank Doubled Its Crypto Bet to $235M — and Completely Dumped SolanaMay 17Wall Street Is Lobbying the Government to Kill the Exchange Eating Its LunchMay 16A Country's Bitcoin Fund Says 'I Don't Recall Selling' — But the Blockchain Remembers EverythingMay 16Web3 Salaries Just Crashed 75% — From $553K to $138K in 16 MonthsMay 20The 'Crypto President's' Own Media Company Just Quit the Bitcoin ETF Market Before Selling a Single ShareMay 20Kraken Fought the Fed for 5 Years to Get a Master Account. Trump Just Ordered Regulators to Fast-Track It for Everyone.May 19A Hacker 'Stole' $76M in Bitcoin Today. The Actual Damage? $816K.May 19Warren Just Called Coinbase's Bank Charter Illegal — and She Wants Trump's Texts to Prove ItMay 189,000 Bitcoin ATMs Went Dark Overnight — America's Largest Crypto ATM Operator Just Filed for BankruptcyMay 18Trump Typed 7 Words and $657 Million in Crypto VanishedMay 17Italy's $1 Trillion Bank Doubled Its Crypto Bet to $235M — and Completely Dumped SolanaMay 17Wall Street Is Lobbying the Government to Kill the Exchange Eating Its LunchMay 16A Country's Bitcoin Fund Says 'I Don't Recall Selling' — But the Blockchain Remembers EverythingMay 16Web3 Salaries Just Crashed 75% — From $553K to $138K in 16 Months
BTC -- --%
ETH -- --%
Fear & Greed F&G 27 Fear
ESC
Type to search articles
A Hacker 'Stole' $76M in Bitcoin Today. The Actual Damage? $816K.
BREAKING

A Hacker 'Stole' $76M in Bitcoin Today. The Actual Damage? $816K.

May 19, 2026 · 3 min read · 496 words

A hacker minted $76.7 million worth of fake Bitcoin on the Monad blockchain this morning. They walked away with $816,000.

That gap — $75.9 million — is the story.

What Happened

Echo Protocol, a BTCFi (Bitcoin DeFi) platform deployed on Monad, was exploited at around 2:30 a.m. ET on May 19. The attacker didn’t find a bug in the smart contracts. They stole the admin key.

With that single private key — no multisig, no timelock, nothing — the attacker minted 1,000 eBTC, Echo’s wrapped Bitcoin token on Monad, worth approximately $76.7 million at current prices.

Then the laundering began:

  1. Deposited 45 eBTC as collateral into Curvance, a DeFi lending protocol
  2. Borrowed 11.29 WBTC (~$867,700) against it
  3. Bridged the WBTC to Ethereum
  4. Swapped for ~385 ETH
  5. Sent it all through Tornado Cash

The remaining 955 eBTC — all $73+ million of it — sat in the attacker’s wallet, essentially stranded. You can’t easily dump $73M of an illiquid wrapped token without destroying the price.

The Recovery

Echo’s team regained control of the admin key and burned the 955 eBTC still held by the attacker, wiping out the phantom supply. Curvance paused the Echo eBTC market as a precaution. Monad co-founder Keone Hon confirmed the Monad network itself was never breached — consensus was unaffected.

The exploit was fully contained at the protocol level. The chain kept running.

Why the Contract “Worked As Designed” Is the Scary Part

On-chain researchers noted that the eBTC minting contract functioned exactly as intended. The problem was the infrastructure around it:

  • Single admin key with no multisig
  • No timelock on privileged operations
  • No mint cap or issuance rate limit
  • No supply sanity check by Curvance when accepting freshly minted eBTC as collateral

The hack didn’t require any coding genius. Someone got the key — whether through phishing, infrastructure breach, or insider access — and the rest was just API calls.

This is now the 14th crypto exploit in May 2026 alone.

What It Means for Monad

This was Echo’s problem, not Monad’s. But it lands at a critical moment — Monad has been positioning itself as a high-performance EVM L1, and early-ecosystem protocol security directly shapes how builders and LPs perceive the chain.

Keone Hon’s quick, public statement helped. But the BTCFi ecosystem on Monad just took a visibility hit it didn’t need.

Why This Matters for Crypto Jobs

Admin key compromise is now one of the top exploit vectors in DeFi — and it’s a people + operations problem, not a pure engineering one. The demand for:

  • Smart contract auditors who audit key management, not just code
  • DevSecOps engineers who implement multisig, HSMs, and timelocks as standard
  • Protocol security leads who own the full operational security surface

…is going up. If you’re a builder: knowing how to not do what Echo did is a career-defining skill in 2026.

Looking for your next crypto security or DeFi role? Browse open positions at cryptogrind.com — the job board built for Web3 builders.

How did this hit?
breaking-newssecuritydefibtcfimonadexploit

More stories

Hackers Hit THORChain on 4 Blockchains at Once — $10.8M Gone, Trading Halted, No One Knows How

Hackers Hit THORChain on 4 Blockchains at Once — $10.8M Gone, Trading Halted, No One Knows How

May 15
Litecoin Just Erased 3 Hours of Its Own Blockchain History — Then Lied About Why

Litecoin Just Erased 3 Hours of Its Own Blockchain History — Then Lied About Why

Apr 26
Solana's Biggest Hack Since Wormhole: $270M Drained From Drift Protocol in Minutes

Solana's Biggest Hack Since Wormhole: $270M Drained From Drift Protocol in Minutes

Apr 1

Related jobs on Cryptogrind

View all
🔒 Security Engineer 🏦 DeFi Engineer

Looking for your next crypto role?

Browse hundreds of Web3 and crypto positions on Cryptogrind — from smart contract engineers to DeFi analysts.

Browse jobs