Summary

In the past 24 hours, the Web3 security landscape remains tense with fallout from recent bridge and admin-key exploits. The most notable incident involves Echo Protocol on Monad, where a compromised admin key led to an unauthorized mint of ~$76M nominal eBTC (with ~$821K realized). No brand-new mega-drains appeared in the strict last 24h window, but ongoing investigations and fund movements continue.

1. Echo Protocol (Monad) — Admin Key Compromise (~$821K Realized)

Attack Vector: Compromised administrative private key Impact: Unauthorized mint of 1,000 eBTC (~$76.7M nominal)

Technical Breakdown:

  • Attacker used the compromised admin key to mint 1,000 unbacked eBTC from the zero address.
  • Deposited ~45 eBTC into Curvance lending protocol as collateral.
  • Borrowed ~11.29 WBTC (~$867K), bridged to Ethereum, swapped for ~385 ETH.
  • ~$821K was extracted (partially via Tornado Cash).
  • Remaining ~955 eBTC still under attacker control.

Project Response: Echo paused cross-chain operations, upgraded contracts, burned excess tokens, and confirmed it was a key compromise — not a smart contract vulnerability.

Track the funds:

Sources: PeckShield, SlowMist, project announcement.

2. Verus-Ethereum Bridge (May 18) — Ongoing Aftermath (~$11.58M)

Root Cause: Validation flaw allowing forged cross-chain transfers (data-structure ambiguity).

Stolen Assets:

  • ~1,625 ETH
  • ~103.6 tBTC
  • ~147k USDC

Current Status: Funds consolidated and still being monitored.

Track the funds:

Other Mentions This Week

  • THORChain (~$10.7M) — Asgard vault compromise (May 15)
  • GitHub credential leaks highlighted by CertiK
  • Continued bridge security warnings from Phalcon, CertiK, and Defimon

Key Takeaways for DeFi Users & Builders

  • Never use single-signature admin keys on production contracts
  • Implement timelocks, multi-sig, and minting caps on wrapped assets
  • Bridges remain the highest-risk vector in 2026
  • Monitor real-time alerts from @CertiKAlert, @Phalcon_xyz, @DefimonAlerts

Stay safe out there. New exploits drop fast — subscribe for daily drops.

ZeroDay DeFi — Independent Web3 Security Intelligence