Purrlend misplaced $1.5M in a DeFi exploit tied to a suspicious admin pockets replace. See what occurred on HyperEVM and MegaETH.
Purrlend, a lending protocol constructed on HyperEVM and MegaETH, suffered a serious exploit.
Attackers drained roughly $1.5 million throughout each networks.
The breach traces again to a suspicious admin multisig transaction. It granted unauthorized bridge privileges hours earlier than the assault.
The protocol has since paused all operations and launched an investigation.
How the Purrlend Admin Pockets Replace Triggered the Exploit
In line with reviews, a key transaction occurred at 1:20 a.m. UTC.
The admin multisig up to date borrowing caps and assigned roles to an unknown deal with.
That deal with later obtained bridge privileges, which enabled unbacked token minting. In brief, tokens had been minted with none precise collateral backing them.
This sort of entry is very delicate in DeFi lending methods. Granting it to an unverified deal with opened the door for mass fund extraction.
The group rapidly flagged the pockets exercise as suspicious. Questions on who licensed the transaction stay unanswered.
We have now detected irregular exercise on the protocol and are actively investigating. The protocol has been paused in the intervening time. Please proceed with additional warning within the meantime. Additional updates shall be posted from this account.
— Purrlend (@purrlend) April 25, 2026
Purrlend confirmed on its official account that it detected irregular exercise.
The crew said the protocol was paused and that additional updates would observe. No further technical breakdown has been launched but.
Breakdown of Stolen Funds Throughout HyperEVM and MegaETH
On-chain analyst kirbycrypto broke down the stolen belongings intimately.
HyperEVM suffered the bigger hit, shedding $1,197,488 in whole. That included 449,683 USDC, 214,125 USDT0, and 194,745 USDH. Different stolen belongings included wstHYPE, UBTC, UETH, kHYPE, and WHYPE.
MegaETH recorded losses of $324,549. Attackers took 163,169 USDT0, 36.8 WETH, and 75,745 USDm from that chain.
Mixed, the entire reached roughly $1.52 million. Kirbycrypto printed the total breakdown on X, citing wallet-level transaction information.
Purrlend seems to be exploited on each MegaETH and HyperEVM.
Attacker made off with:
449,683.8748 $USDC
214,125.3752 $USDT0
194,745.1368 $USDH
2.0477 $UBTC
1,581.3418 $wstHYPE
19.6052 $UETH
868.4795 $kHYPE
757.0228 $WHYPE
Complete: $1,197,488.33 on HyperEVM+
163,169.1587… pic.twitter.com/SgP4CsK4Ln
— kirbycrypto (@kirbyongeo) April 25, 2026
The belongings focused had been primarily stablecoins and wrapped tokens. These are usually high-liquidity targets in DeFi exploits.
Their ease of motion throughout chains made them engaging to the attacker.
Learn Additionally:
One other DeFi Blow: Volo Protocol Hit by $3.5M Hack, Freezes Vaults on Sui
Group Response and DeFi’s Tough April Continues
Group members responded with frustration throughout social platforms.
A number of customers pointed to prior purple flags. One concern raised was heavy promotion of the protocol proper earlier than MegaETH’s token occasion.
Others known as it a possible inside job, although no proof has confirmed that declare.
No funds have been recovered to date. The Purrlend crew has not shared a restoration plan publicly. The investigation stays ongoing as of the time of this report.
This incident provides to a tough stretch for the DeFi sector. April alone has seen over $600 million in losses from numerous assaults and exploits.
Purrlend joins a rising record of protocols caught in safety breaches this month. The sample has raised broader considerations about entry management in DeFi governance buildings.