Purrlend: Security incident caused by compromise of admin multisig, resulting in ~$1.52M loss

Purrlend announced that it suffered a security incident on April 25 on HyperEVM and MegaETH, resulting in losses of approximately $1.52 million. The attacker compromised the team’s 2-of-3 multisig wallet and granted the malicious EOA permissions—including BRIDGE_ROLE—enabling the minting of unbacked pUSDm and pUSDC via the `mintUnbacked` function, which were then used as collateral to borrow assets from the lending pool. Purrlend stated it has suspended the protocol, revoked the compromised permissions, and is collaborating with security teams, law enforcement agencies, and cross-chain bridge partners to trace and attempt recovery of the stolen funds.