Purrlend, a decentralized lending and borrowing protocol built on HyperEVM, has been subjected to a suspected attack on MegaETH and HyperEVM with losses estimated at $1.5 million. The incident was first reported by Kirby Ong, founder of HypurrCollective.
Purrlend appears to have been exploited on both MegaETH and HyperEVM.
The attacker escaped with:
449,683.8748 USD/USD
$214,125.3752T0
194,745.1368 $ US dollars
2.0477 $UBTC
1,581.3418 $wstHYPE
19.6052 $UETH
868.4795 $Khibi
757.0228 $Why
Total: $1,197,488.33 on HyperEVM+
163,169.1587… pic.twitter.com/SgP4CsK4Ln
– Kirby Crypto (@KirpyGeo) April 25, 2026
Funds were drained across the two networks, including approximately $1.2 million from HyperEVM and approximately $325,000 from MegaETH. Borlind confirmed that it had detected irregular activity in the protocol and has since paused operations while the team investigates.
We have detected irregular activity in the protocol and are actively investigating it. The protocol has been paused for the time being. Please be extra careful in the meantime. More updates will be posted from this account.
– Purrlend (@purrlend) April 25, 2026
The attacker took approximately $450,000 in USDC, $214,000 in USDT0, and approximately $195,000 in USDH, along with small amounts of encapsulated Bitcoin and several ecosystem tokens including wstHYPE, kHYPE, WHYPE, and UETH.
April is expected to be the worst month for theft since the $1.4 billion Bybit hack in February 2025. Cryptocurrency losses have been on the rise this month, with more than $600 million stolen from the protocols in just 18 days.
A large portion of the damage is due to the attacks you hit Kilbdaw and drift protocol, Together, they represent losses estimated at $577 million, putting the security of DeFi under intense scrutiny.
