TechFlow reports that on May 1, Purrlend announced a security incident that occurred on April 25 on HyperEVM and MegaETH, resulting in losses of approximately $1.52 million. The attacker compromised the team’s 2-of-3 multisig wallet, granting malicious EOAs permissions—including BRIDGE_ROLE—and minted unbacked pUSDm and pUSDC via the mintUnbacked function to use as collateral for borrowing assets from the pool. Purrlend stated it has paused the protocol, revoked the compromised permissions, and is collaborating with security teams, law enforcement agencies, and cross-chain bridge partners to trace and attempt recovery of the funds.
Add to Favorites
Share to Social Media
