Skip to main content
Sign in

Purrlend

avoid.net/purrlend22/100·72% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]
anchored·3ZsK3m…VU2u

Summary

Purrlend is a non-custodial DeFi lending and borrowing protocol deployed on HyperEVM and MegaETH, operating as an Aave-style fork designed for leveraged yield farming. On April 25, 2026, the protocol suffered a multisig permission exploit that drained approximately $1.52 million across both networks, collapsing its TVL by roughly 70%. As of late May 2026, the protocol remains paused with no published post-mortem, recovery plan, or user compensation details.

Connected Entities

1 entities
Organizations
Purrlend
Relationships
    Have evidence about Purrlend?

    Timeline(7 events)

    2025-02-01

    HyperEVM mainnet launches, enabling new DeFi deployments on Hyperliquid's EVM layer.

    2026-04-25

    At approximately 1:20 a.m. UTC, Purrlend's 2-of-3 admin multisig executes a suspicious transaction granting an unknown address the 'bridge' role with elevated permissions inherited from the underlying Aave-style implementation.

    2026-04-25

    Hours after the suspicious role assignment, the attacker uses the granted bridge privileges to mint unbacked tokens and drain liquidity pools across HyperEVM and MegaETH, stealing approximately $1.52 million.

    2026-04-25

    At approximately 9:10 a.m. UTC, Purrlend pauses all protocol operations and posts a brief statement on X: 'We have detected irregular activity on the protocol and are actively investigating.'

    2026-04-25

    Kirby Ong, founder of HypurrCollective, first publicly flags the exploit and documents attacker wallet addresses on both HyperEVM and MegaETH block explorers.

    2026-04-25

    Protocol TVL collapses from approximately $1.5 million to $444,000 as depositor flight follows news of the exploit.

    2026-05-26

    As of this investigation date, the Purrlend protocol remains paused. No post-mortem, user compensation plan, or recovery details have been published. The exploiting address has not been publicly attributed.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:defillama

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/4/2026, 2:54:16 AM

    last updated: 5/26/2026, 6:37:04 PM

    avoid.net — verified advice for a post-truth world