PurrHack

gm @purrlend @0xmil0, do we have any news from the hacker?

8/ The ask is simple: @merkl_xyz please keep campaigns permissionless, but curate the frontend better. Ploutos, now @purrlend . This is the second time users got routed into an Aave fork that later blew up. Total loss so far ~$2M Better risk labels. Better screening. Better user protection. cc @GuillaumeNervo @AngleProtocol @zachxbt

@merkl_xyz @purrlend 7/ To be clear: This is not saying @merkl_xyz caused either incident. They did not. But reward frontends create distribution and perceived legitimacy. If users discover a protocol through a rewards frontend, many treat that as a soft trust signal.

Incentive campaigns are becoming part of DeFi’s norm Users see rewards, TVL, ecosystem mentions, and assume some baseline diligence was done. After Ploutos and now @purrlend , it is time to ask: How much risk context should reward platforms show before users deposit? A 🧵

@Defi_Warhol @purrlend

Projects with zero haters: - Pumpfun - Monad - Plasma - OpenSea - Solana - Kalshi - Axiom - Starknet - Aster - Metamask - Eclipse - Starknet - Ink - Lighter - ZKsync - Infinex Miss anything?

@stacy_muur Purrlend was not a hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu…

Worst month for DeFi ever.

@tobific Purrlend was not a hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

so many hacks in just one months over $600M gone Kelp, Drift, Rhea, Hyperbridge, Purrlend, Wasabi & many more just keep in mind that it's not worth it to risk your 100% portfolio to get that 6% apy just hold, buy good coins like BTC & HYPE, and chill

@rajsh7894 @purrlend

Scam projects (updated list): - Space - Gensyn - Pharos - RaveDao - Genome - Openmind - EdgeX - Perle Labs - Onefootball Club - Aztec - Superform - Venom - Zama - Warden - Tria - Rainbow wallet - Layerbank - Space - Aleo - TROVE - GAIB - Aligned - Irys - HeyElsa - Neura - Antix - Portal - MYX Finance - Scroll - Infinex - Camp Network - Eclipse - aPriori - Mantra - Allora - World Liberty - Almanak - DeepNode AI - Ari - Unich - tea Protocol - Kinto - Zenchain - Orochi - Recall Which Project is Joining the list Next ?

@Shift_DeFi @Shift_DeFi Purrlend was not a hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

3 exploits, 3 surfaces in 1 week: > Purrlend (HyperEVM/MegaETH): admin multisig granted bridge access $1.5M. > Scallop (Sui): a 2023 contract still callable. $142K. > Litecoin: outdated nodes processed invalid txs. 13-block reorg. Active code was held in all three.

@wublockchain12 @wublockchain12 Purrlend was not a hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

据 Purrlend 官方披露，2026 年 4 月 25 日其在 HyperEVM 与 MegaETH 部署发生安全事件，损失约 152 万美元，原因为团队 2/3 多签管理员钱包被攻破，攻击者获取包括 BRIDGE_ROLE 在内的多项管理权限后，通过 mintUnbacked 铸造约 200 万 pUSDm 及 485 万 pUSDC 等无抵押代币，并作为抵押借出真实资产，最终从协议池中提取约 152 万美元资产；事后攻击者将资产兑换为 USDC 与 ETH 并通过 Mayan、LiFi 等跨链转移，约 652 ETH 仍可在链上地址追踪；项目方表示已暂停协议、撤销权限并启动调查，与安全机构及执法部门合作追踪资金，称事件源于多签配置缺乏时间锁的操作安全问题而非智能合约漏洞，计划引入时间锁、强化多签安全及权限控制，并研究用户补偿方案，协议将维持暂停直至安全确认。 wublock123.com/news/purrlend-…

@y_cryptoanalyst @AftermathFi @ZetaChain @Scallop_io @purrlend @volo_sui @ThetanutsFi @y_cryptoanalyst Purrlend was not a hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

这个月的crypto 黑客似乎是被打通了任督二脉，疯狂在链上肆虐。 04.29: @AftermathFi 被盗 $1.14M 04.27: @ZetaChain 被盗 $334K 04.26: @Scallop_io 被盗 $142K 04.25: @purrlend 被盗 $1.52M 04.21: @volo_sui 被盗 $3.5M 04.20: @ThetanutsFi 被盗 $50K 04.20: @juiceboxETH 被盗 $52K 0418: @KelpDAO 被盗 $293M 0416: Grinex 被盗 $15M 0416: @rhea_finance 被盗 $18.4M 0412: @hyperbridge 被盗 $2.5M 0401: @DriftProtocol 被盗 $285M 几乎平均每隔1天就会出现1次或大或小的黑客事件。

@kirbyongeo @kirbyongeo Effectively Purrlend was likely an inside job, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

Purrlend appears to be exploited on both MegaETH and HyperEVM. Attacker made off with: 449,683.8748 $USDC 214,125.3752 $USDT0 194,745.1368 $USDH 2.0477 $UBTC 1,581.3418 $wstHYPE 19.6052 $UETH 868.4795 $kHYPE 757.0228 $WHYPE Total: $1,197,488.33 on HyperEVM + 163,169.1587 $USDT0 36.8639 $WETH 75,745.4505 $USDm Total $324,549.49 on MegaETH. Grand total: $1,522,037.82 or $1.5M exploited. Exploiter's address: hyperevmscan.io/address/0xd801… mega.etherscan.io/address/0xd801…

Hey @bread, appreciate you and congrats on the @megaeth TGE launch. Really happy for you guys and wishing Mega the best. Small ask for next time: please do deeper DD before soft-promoting ecosystem projects. @purrlend rugged its users, and a lot of people got badly hurt. x.com/PurrHack/statu…

Nothing is a straight line. Credit, in particular, is tough right now for novel solutions + assets. Wishing the Avon team the best going forward and look forward to what their next product iteration is, wherever it's deployed. Mega alts: @aave, @purrlend, @orchidcredit

@0xWenMoon @0xWenMoon Purrlend was not a DPRK hack, we highly suspect it was a team rug, check out our latest article: x.com/PurrHack/statu… We are looking for an orderly resolution and would appreciate any help we can get, like/RT thanks!

DPRK is the biggest DeFi power user ever 👀 Made ~$635M from DeFi in April alone! Utilising 28 protocols in 30 days: Copy their strategy: 1) apr 1 - drift - $285m 2) apr 3 - silo v2 - $392k 3) apr 4 - tmm - $1.67m 4) apr 5 - denaria finance - $165k 5) apr 9 - aethir - $423k 6) apr 12 - hyperbridge - $2.5m 7) apr 12 - subquery - $60k 8) apr 13 - dango - $410k 9) apr 13 - mona - $61k 10) apr 14 - zerion - $100k 11) apr 16 - rhea finance - $18.4m 12) apr 16 - grinex - $15m 13) apr 18 - kelp dao - $293m 14) apr 20 - juicebox v3 - $52k 15) apr 20 - thetanuts finance - $50k 16) apr 21 - volo protocol - $3.5m 17) apr 22 - kipseli - $80k 18) apr 23 - giddy finance - $1.3m 19) apr 25 - purrlend - $1.5m 20) apr 26 - scallop - $150k 21) apr 27 - singularity finance - $413k 22) apr 27 - zetachain - $300k 23) apr 28 - judao - $228k 24) apr 28 - quant - $138k 25) apr 29 - aftermath perps - $1.14m 26) apr 29 - sweat foundation - $3.5m 27) apr 29 - syndicate - $330k 28) apr 30 - wasabi protocol - $5m+ DeFi has reached PMF, making Kim Jong Un even fatter