Purrlend exploit: $1.5M com drain across HyperEVM & MegaETH
DeFi lending protocol Purrlend don suffer exploit wey drain about $1.5M from HyperEVM and MegaETH after one suspect admin multisig update. Di main admin transaction around 01:20 UTC change borrowing caps and give roles to one unknown address. Few hours later, dat address get unauthorised bridge privileges wey allow unbacked token minting (tokens wey dem create without enough collateral). Purrlend talk say dem detect irregular activity, dem pause operations, and dem dey investigate.
Analyst (kirbycrypto) report say di stolen funds break down like dis:
- HyperEVM: $1,197,488 (including USDC ~449.7k, USDT0 ~214.1k, USDH ~194.7k, plus wstHYPE/UBTC/UETH/kHYPE/WHYPE).
- MegaETH: $324,549 (including USDT0 ~163.2k, WETH ~36.8k, USDm ~75,745).
Community reaction na cautious; users don flag possible governance/access-control red flags and some people dey speculate about insider involvement, but no proof don show. No public fund recovery report yet.
For traders, dis Purrlend exploit be short-term negative for DeFi risk appetite—especially for positions wey tie to cross-chain bridges, wrapped assets, and stablecoin liquidity expectations.
Bearish
Di Purrlend exploit add immediate tail-risk to DeFi lending and cross-chain bridge flows. Even if Purrlend pause, di incident show say possible admin-role mismanagement and unauthorised bridge privileges dey, we fit trigger faster deleveraging, higher perceived smart-contract risk, and wider spreads for wrapped/stable assets on related chains. For short term, traders fit reduce exposure to similar protocols and bridge-dependent liquidity. For long term, reputation and auditing/security budgets fit rise, but until controls dem verify, sentiment go remain fragile—keeping near-term pressure on token liquidity and risk appetite. Since no recovery don report publicly, uncertainty still high.