News linked to both this project and an event.
Purrlend announced that it suffered a security incident on April 25 on HyperEVM and MegaETH, resulting in losses of approximately $1.52 million. The attacker compromised the team’s 2-of-3 multisig wallet and granted the malicious EOA permissions—including BRIDGE_ROLE—enabling the minting of unbacked pUSDm and pUSDC via the `mintUnbacked` function, which were then used as collateral to borrow assets from the lending pool. Purrlend stated it has suspended the protocol, revoked the compromised permissions, and is collaborating with security teams, law enforcement agencies, and cross-chain bridge partners to trace and attempt recovery of the stolen funds.
the lending protocol Purrlend was attacked on the MegaETH and HyperEVM networks, resulting in losses of approximately $1.52 million. The attacker extracted approximately $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125 USDT0, 194,745 USDH, and portions of UBTC, wstHYPE, UETH, kHYPE, and WHYPE. The attacker also extracted approximately $324,000 in assets from the MegaETH network, including USDT0, WETH, and USDm. Purrlend has since paused the protocol and launched an investigation. The attacker's address has been identified on the block explorers of both networks.