Back

Purrlend Faces $1.52M Loss from Multi-Signature Wallet Breach

Severity: High (Score: 65.2)

Sources: Bitget, Weex

Summary

Purrlend reported a security incident during the deployment of HyperEVM and MegaETH, leading to a loss of approximately $1.52 million. The breach occurred when an attacker compromised the team's 2-out-of-3 multi-signature wallet, granting a malicious externally owned account (EOA) permissions such as BRIDGE_ROLE. The attacker minted unbacked pUSDm and pUSDC through the mintUnbacked function, using these tokens as collateral to borrow assets from the liquidity pool. In response, Purrlend has paused the protocol, revoked related permissions, and is collaborating with security teams, law enforcement, and cross-chain bridge partners to trace and recover the stolen funds. The incident highlights vulnerabilities in multi-signature wallet management and the importance of robust security practices in DeFi protocols. Key Points: • Purrlend lost approximately $1.52 million due to a multi-signature wallet breach. • The attacker exploited the mintUnbacked function to create unbacked tokens for asset borrowing. • Purrlend has paused its protocol and is working with authorities to recover the funds.

Key Entities

  • Data Breach (attack_type)
  • Purrlend (company)
  • HyperEVM (company)
  • MegaETH (company)
  • Iran (country)
  • CWE-269 - Improper Privilege Management (cwe)
  • trade.xyz (domain)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed