Purrlend exploit: $1.5M drained across HyperEVM & MegaETH
DeFi lending protocol **Purrlend exploit** has drained about **$1.5M** across **HyperEVM** and **MegaETH**, after a suspicious **admin multisig** update. The key admin transaction at around **01:20 UTC** changed borrowing caps and assigned roles to an unknown address. Hours later, that address received unauthorized bridge privileges, enabling **unbacked token minting** (tokens created without sufficient collateral). Purrlend said it detected irregular activity, **paused operations**, and is investigating.
Stolen funds reported by an analyst (kirbycrypto) break down to roughly:
- **HyperEVM:** **$1,197,488** (including **USDC ~449.7k**, **USDT0 ~214.1k**, **USDH ~194.7k**, plus **wstHYPE/UBTC/UETH/kHYPE/WHYPE**).
- **MegaETH:** **$324,549** (including **USDT0 ~163.2k**, **WETH 36.8**, **USDm 75,745**).
Community reaction is cautious, with users flagging potential governance/access-control red flags and some speculation about insider involvement, though no evidence has been provided. No public fund recovery has been reported yet.
For traders, this **Purrlend exploit** is a near-term negative for DeFi risk appetite—especially for positions tied to **cross-chain bridges**, wrapped assets, and stablecoin liquidity expectations.
Bearish
The **Purrlend exploit** adds immediate tail-risk to DeFi lending and cross-chain bridge flows. Even if Purrlend pauses, the incident suggests possible admin-role mismanagement and unauthorized bridge privileges, which can trigger faster deleveraging, higher perceived smart-contract risk, and wider spreads for wrapped/stable assets on related chains. In the short term, traders may reduce exposure to similar protocols and bridge-dependent liquidity. In the long term, reputation and auditing/security budgets may rise, but until controls are verified, sentiment remains fragile—keeping near-term pressure on token liquidity and risk appetite. Since no recovery has been publicly reported, uncertainty stays elevated.