Skip to main content
Sign in
Purrlend1 decision on this page

Audit log

Every state-changing event for Purrlend: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-26 18:37:04Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,339,820
    sig
    3ZsK3mhXwPGm…oYmLVU2uexplorer ↗
    hash
    DCqhBViQXnyp…M7kiuXg4sha256 → base58
    verifying row…full verify ↗
    canonical bytes (4641 B) ▸
    {"actor":"system:backfill","investigation_id":"39910c40-bf09-4d18-b078-4b9b70b813a6","kind":"publish","page_slug":"purrlend","published_at":"2026-05-26T18:37:04.069Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Purrlend","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053473","type":"other","url":""},{"credibility":3,"name":"https://www.livebitcoinnews.com/purrlend-exploit-steals-1-5m-on-hyperevm-and-megaeth/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/defi-attack-impact-purrlend-drained/","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053509","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/purrlend-exploit-1-5m-drain-l2s-part-800m-april-defi-bloodbath-2604/","type":"other","url":""},{"credibility":3,"name":"https://purrlends.gitbook.io/purrlend","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053473","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/defi-attack-impact-purrlend-drained/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://purrlends.gitbook.io/purrlend","type":"other","url":""},{"credibility":3,"name":"https://intellectia.ai/news/crypto/purrlend-pauses-protocol-amid-152m-hack-investigation","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/markets/crypto/articles/another-defi-platform-just-got-122925586.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://startupfortune.com/purrlends-15-million-exploit-is-a-small-number-in-april-2026s-catastrophic-defi-security-ledger/","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/purrlend-exploit-1-5m-drain-l2s-part-800m-april-defi-bloodbath-2604/","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605385020","type":"other","url":""}]}],"sources_used":[],"summary":"Purrlend is a non-custodial DeFi lending and borrowing protocol deployed on HyperEVM and MegaETH, operating as an Aave-style fork designed for leveraged yield farming. On April 25, 2026, the protocol suffered a multisig permission exploit that drained approximately $1.52 million across both networks, collapsing its TVL by roughly 70%. As of late May 2026, the protocol remains paused with no published post-mortem, recovery plan, or user compensation details.","timeline":[{"date":"2025-02-01","event":"HyperEVM mainnet launches, enabling new DeFi deployments on Hyperliquid's EVM layer.","source":""},{"date":"2026-04-25","event":"At approximately 1:20 a.m. UTC, Purrlend's 2-of-3 admin multisig executes a suspicious transaction granting an unknown address the 'bridge' role with elevated permissions inherited from the underlying Aave-style implementation.","source":""},{"date":"2026-04-25","event":"Hours after the suspicious role assignment, the attacker uses the granted bridge privileges to mint unbacked tokens and drain liquidity pools across HyperEVM and MegaETH, stealing approximately $1.52 million.","source":""},{"date":"2026-04-25","event":"At approximately 9:10 a.m. UTC, Purrlend pauses all protocol operations and posts a brief statement on X: 'We have detected irregular activity on the protocol and are actively investigating.'","source":""},{"date":"2026-04-25","event":"Kirby Ong, founder of HypurrCollective, first publicly flags the exploit and documents attacker wallet addresses on both HyperEVM and MegaETH block explorers.","source":""},{"date":"2026-04-25","event":"Protocol TVL collapses from approximately $1.5 million to $444,000 as depositor flight follows news of the exploit.","source":""},{"date":"2026-05-26","event":"As of this investigation date, the Purrlend protocol remains paused. No post-mortem, user compensation plan, or recovery details have been published. The exploiting address has not been publicly attributed.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 101309af-f9c3-4d95-95f3-c7fff3af2b3f
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.