Olivia
Online
Marioo
@MarioY00
Full-stack blockchain dev | MSc @mscdigital | Trader | Building @DeVOLTFi
Joined December 2019
846 Following
679 Followers
1.5K Posts
Β Pinned Tweet
Just shipped @DeVOLTfi
Leverage up to 18Γ on your LST staking yield using Morpho Blue flash loans. Single tx, fully on-chain, unwindable anytime.
Still early. Looking for builders to work with π€
https://t.co/ORC7xCecxD
I bet there are bugs just as scary as the one in Zcash in every major cryptocurrency.
Zcash just patched first.
@roobzey πππ
@mk4_lul π
@TorayKortan πππ
@cz_binance HODL till zero
@sebviceversa Architecture
Echo Protocol (@EchoProtocol_) exploited on @monad
NOT a smart contract bug β admin private key compromise.
Attacker minted 1,000 eBTC out of thin air β used as Curvance collateral β borrowed WBTC β bridged out.
Full attack chain w/ tx hashes β
1/ The key handover
Compromised Echo admin EOA: 0xA338eC2d52B19f4A48A00FCd76A36366B3529A3B
Called grantRole(DEFAULT_ADMIN_ROLE, attacker) on eBTC ~1h before mint: 0x1684fd31cdf55e1e8eb454a42767988435644f3682178322ef5c97fc1040cf6f
Fresh attacker wallet now had admin.
2/ Operational setup
Attacker EOA: 0x6A0109d3C5AB56277096C75E8f5D1d1D45243415
Funded w/ 14,484 MON from 0x63cB530eβ¦96ca: 0xd8778a90fbf1d25bcd1cae0d8727ae9bb8341bc2e206b2ab8205d745b9ef3dcf
Then small Uniswap V4 buys + Curvance dry-runs as camouflage.
3/ Lock out the legit admin
First on-chain move from attacker: revoke admin from the original Echo signer.
revokeRole(0x00β¦00, 0xA338eC2dβ¦3B): 0x8c6647b21d9a192158fe6d4bc1df749b0acd4b161b7ef82988d01d95faa229a5
Echo is now locked out of their own token contract.
4/ Self-grant minter
grantRole(MINTER_ROLE, self) on eBTC.
MINTER_ROLE = keccak256("MINTER_ROLE")= 0x9f2df0fed2c77648de5860a4cc508cd0818c85b8b8a1ab4ceeef8d981c8956a6
tx: 0x5da93f44ed2abb64130d3d5a3851be5fbeefd5ceec3a004e550ac9d1f60e0849
5/ The mint
mint(self, 1000e8) on eBTC at 0xd691b0aFed67F96CEC28Ab6308Cbe5b2C103b7e9
1,000 eBTC minted from address(0). BTC backing: zero.
tx: 0x2cc9730738c970b2c2ec1e1a27f38d69590db36fe069fb4ee04abaeb559357c0
Gas: 83k. Cost: $0.0003.
6/ Curvance leg
Deposited the fake eBTC as collateral (ceBTC market 0x2840772Eβ¦76E4): 0x471b3686e478f4af9381d959ae737e7f29128a8e53ddf64f5ccbec7f0cb483d5
Borrowed WBTC against it (0xdB3e888cβ¦85bA): 0x5e92bceb441a76ce049f9c974b8dfacf8a417b671121da51c8a6e0fb59d4f0e5
7/ Bridge out
Approved WBTC to bridge contract 0xCcC88a9dβ¦315be: 0x0789074e246c41176c2fa0f81f109a1a1cc2a6d62a32e9852c9432f0ce40e945
Bridge call (selector 0xf9e4bab4): 0x498bead556a81b04d27dd83894c2c275a08c63c9d69b67fd2f3cf4e59c519406
Then Tornado.
8/ Damage
β’ Echo: 1,127 eBTC unbacked supply β token credibility hit β’ Curvance: ~45 ceBTC bad debt against real WBTC borrowed β’ WBTC LPs on Curvance: actual money loss
Attacker still holds 955 eBTC sitting in their wallet β Echo can blacklist/pause that portion if they upgrade fast.
9/ Root cause = operational, not technical
The eBTC contract worked exactly as designed. The setup was the bug:
β’ DEFAULT_ADMIN_ROLE = single EOA (no multisig) β’ No timelock on grantRole β’ No supply cap on mint()β’ No mint rate limit β’ Curvance accepted freshly-minted collateral with no supply sanity check
A 3-of-5 Safe + 24h timelock + hard mint cap would have made the leaked key worthless.
Single-EOA admin on a mintable asset used as collateral = unacceptable in 2026.
@dcfgod @EchoProtocol_ @monad @Curvance looks like it's an admin key compromise
https://t.co/ZuBoEkz8bv
𧡠Echo Protocol (@EchoProtocol_) exploited on @monad
NOT a smart contract bug β admin private key compromise.
Attacker minted 1,000 eBTC out of thin air β used as Curvance collateral β borrowed WBTC β bridged out.
Full attack chain w/ tx hashes β
1/ The key handover
Compromised Echo admin EOA: 0xA338eC2d52B19f4A48A00FCd76A36366B3529A3B
Called grantRole(DEFAULT_ADMIN_ROLE, attacker) on eBTC ~1h before mint: 0x1684fd31cdf55e1e8eb454a42767988435644f3682178322ef5c97fc1040cf6f
Fresh attacker wallet now had admin.
2/ Operational setup
Attacker EOA: 0x6A0109d3C5AB56277096C75E8f5D1d1D45243415
Funded w/ 14,484 MON from 0x63cB530eβ¦96ca: 0xd8778a90fbf1d25bcd1cae0d8727ae9bb8341bc2e206b2ab8205d745b9ef3dcf
Then small Uniswap V4 buys + Curvance dry-runs as camouflage.
3/ Lock out the legit admin
First on-chain move from attacker: revoke admin from the original Echo signer.
revokeRole(0x00β¦00, 0xA338eC2dβ¦3B): 0x8c6647b21d9a192158fe6d4bc1df749b0acd4b161b7ef82988d01d95faa229a5
Echo is now locked out of their own token contract.
4/ Self-grant minter
grantRole(MINTER_ROLE, self) on eBTC.
MINTER_ROLE = keccak256("MINTER_ROLE")= 0x9f2df0fed2c77648de5860a4cc508cd0818c85b8b8a1ab4ceeef8d981c8956a6
tx: 0x5da93f44ed2abb64130d3d5a3851be5fbeefd5ceec3a004e550ac9d1f60e0849
5/ The mint
mint(self, 1000e8) on eBTC at 0xd691b0aFed67F96CEC28Ab6308Cbe5b2C103b7e9
1,000 eBTC minted from address(0). BTC backing: zero.
tx: 0x2cc9730738c970b2c2ec1e1a27f38d69590db36fe069fb4ee04abaeb559357c0
Gas: 83k. Cost: $0.0003.
6/ Curvance leg
Deposited the fake eBTC as collateral (ceBTC market 0x2840772Eβ¦76E4): 0x471b3686e478f4af9381d959ae737e7f29128a8e53ddf64f5ccbec7f0cb483d5
Borrowed WBTC against it (0xdB3e888cβ¦85bA): 0x5e92bceb441a76ce049f9c974b8dfacf8a417b671121da51c8a6e0fb59d4f0e5
7/ Bridge out
Approved WBTC to bridge contract 0xCcC88a9dβ¦315be: 0x0789074e246c41176c2fa0f81f109a1a1cc2a6d62a32e9852c9432f0ce40e945
Bridge call (selector 0xf9e4bab4): 0x498bead556a81b04d27dd83894c2c275a08c63c9d69b67fd2f3cf4e59c519406
Then Tornado.
8/ Damage
β’ Echo: 1,127 eBTC unbacked supply β token credibility hit β’ Curvance: ~45 ceBTC bad debt against real WBTC borrowed β’ WBTC LPs on Curvance: actual money loss
Attacker still holds 955 eBTC sitting in their wallet β Echo can blacklist/pause that portion if they upgrade fast.
9/ Root cause = operational, not technical
The eBTC contract worked exactly as designed. The setup was the bug:
β’ DEFAULT_ADMIN_ROLE = single EOA (no multisig) β’ No timelock on grantRole β’ No supply cap on mint()β’ No mint rate limit β’ Curvance accepted freshly-minted collateral with no supply sanity check
A 3-of-5 Safe + 24h timelock + hard mint cap would have made the leaked key worthless.
Single-EOA admin on a mintable asset used as collateral = unacceptable in 2026.
Thorchain didn't lose $10.7M to a smart contract bug or a stolen key. The bug was in the cryptography itself - and Thorchain probably isn't the only chain running on it.
A single attacker bonded RUNE and joined the validator set days before the incident, looking like any legitimate operator. From inside, they exploited what investigators currently believe was a flaw in GG20, the threshold signature library Thorchain uses to co-sign transactions. Each signing session leaked a fragment of private key material to the attacker's node. After enough sessions, they had collected enough leaked data to mathematically reconstruct the vault's full private key.
Then they signed unauthorized outbound transactions as the vault. The smart contracts behaved correctly. No validator infrastructure was breached. Funds left through normal channels because the signatures were mathematically valid - just produced by an attacker who had silently rebuilt the key.
Here's why this matters beyond Thorchain.
GG20 was published in 2020 (Gennaro-Goldfeder). The Alpha-Rays attack (Verichains, 2023) and TSSHOCK at BlackHat 2023 documented practical weaknesses in tss-lib and related implementations. Some teams patched. Many didn't bother.
Based on shared library lineage, protocols that should audit their TSS right now include Mayachain (direct THORChain fork), Sygma cross-chain bridge, Keep Network's tBTC v1, and any service still running on bnb-chain/tss-lib or ZenGo-X/multi-party-ecdsa.
Major custody and MPC services that already migrated to newer threshold schemes (CGGMP21, DKLs): Fireblocks, Coinbase Custody, Taurus, Silence Laboratories. The industry has been quietly moving away from GG20 for two years.
Thorchain just gave everyone still on it a reason to move faster.
This is real. The 5 BTC received in 2015 just moved yesterday. Blockchain doesn't lie.
wallet received 5.00000000 BTC on 4/01/2015, and the funds moved out on 5/13/2026.
@AnthropicAI @DarioAmodei this one's for the books. π«‘
https://t.co/qncNlvIZil
HOLY FUCKING SHIT OMG CLAUDE JUST CRACKED THIS SHIT, THANK YOU @AnthropicAI THANK YOU @DarioAmodei NAMING MY KID AFTER YOU π
https://t.co/gObNirRDpS
@birdabo ππ
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers