吴说区块链
吴说区块链|5月 01, 2026 06:42
According to Purrlend's official disclosure, a security incident occurred on April 25, 2026, involving their deployments on HyperEVM and MegaETH, resulting in a loss of approximately $1.52 million. The cause was the compromise of the team's 2/3 multi-signature admin wallet. The attacker gained multiple management permissions, including BRIDGE_ROLE, and used the mintUnbacked function to mint around 2 million pUSDm and 4.85 million pUSDC in unbacked tokens. These tokens were then used as collateral to borrow real assets, ultimately extracting about $1.52 million worth of assets from the protocol pool. Afterward, the attacker swapped the assets for USDC and ETH and transferred them cross-chain via Mayan, LiFi, and other platforms. Approximately 652 ETH can still be tracked on-chain. The project team stated that they have paused the protocol, revoked permissions, and launched an investigation. They are working with security firms and law enforcement to trace the funds. The team clarified that the incident stemmed from operational security issues related to the lack of a time lock in the multi-signature setup, rather than a smart contract vulnerability. They plan to introduce a time lock, strengthen multi-signature security and permission controls, and are exploring user compensation plans. The protocol will remain paused until security is fully ensured. https://(wublock123.com)/news/purrlend-multi-sig-hack-loss-1-52m-usd-60402
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads