Shyme

How @purrlend @0xmil0 exploited 1,5M$ and possibly more with his previous project with the help of several large crypto companies and insiders, including @merkl_xyz @VB_Audit even mentions from @bread_ & @megaeth, alongside @0xmil0 previous project Ploutos:

Purrhack is live. A community-run transparency page for affected @purrlend users. You can: search your wallet review the preliminary claim snapshot download the data submit corrections This is not affiliated to @purrlend Link in bio.

I don't like to FUD competitors, and also didn't want to see Purrlend go down this way (I even reported one (different) critical security issue to them recently), but the timing of multisig txs makes this look very much like an inside job. There are 3 signers (0x731, 0xB48, 0x2Bc) on their multisig. 0x731 and 0x2Bc signed the malicious transaction. The founder claims his address wasn't involved, which leaves 0xB48 as his address. But if we look at the Safe audit log, we can see that all usual transactions (on both HypeEVM and MegaETH) are signed by 0x731 and 0xB48, with less than one minute between them (20-40 seconds on average). As someone who has significant experience coordinating high-security multisigs, I can confidently say that it's literally impossible for multiple people to sign in such a short time. Once, maybe, but not every single transaction. Especially not between the first-second signature, where the creator needs to notify other signers before they can sign. This means 0x731 and 0xB48 are almost certainly the same person. And we know 0xB48 is the founder (from his Discord message)... So, in the best-case scenario, they are lying about how many (real) signers are on the multisig. Add the multiple username changes and other shady behaviors... (signing on the attack txs also follows the same pattern, with 33 and 48 seconds between signers) The "compromised signing device sending fake data to HW" attack type also seems unlikely, considering the attack tx was at a very unusual time (3 AM CET, only tx in their multisig ever signed at CET night).

@HyperFND funds are still there, just freeze them before they are tornadoed

Is this another hack or just a rugpull by @purrlend ? I’ve already been wrecked by the recent Drift and Kelp hacks. Now I’m absolutely devastated by another loss — and this one is even bigger for me personally.

@purrlend @zachxbt @HyperFND any support here?

@purrlend @zachxbt

Word on the streets is that @nadoHQ will have a very short point campaign - better be early gents. Nado referral: app.nado.xyz/?join=WArizyj

@Lighter_xyz TGE just proved how important it is to be early. Perp Dexes are going to stay: stable revenue, fee generators, healthy use case. Be early on @nadoHQ or regret it! You can only enter with a referral, just like Ligther at early stage: app.nado.xyz/?join=WArizyj

[14/14] — Bottom line @nadoHQ is a high-risk, high-upside early-stage perp DEX. If you farm perps seriously, closed alpha is where the edge is. Invite-only access: app.nado.xyz/?join=WArizyj

[13/14] Why timing matters Once NADO exits alpha, point dilution accelerates. Being early is the main edge; strategy is secondary.

[1/14] Introducing NADO NADO is a perp + spot DEX on Ink, built with a CLOB (orderbook) architecture and unified margin. It’s still in closed alpha, meaning early access matters a lot for points/airdrop farming. Referral (invite-only): app.nado.xyz/?join=WArizyj