How @purrlend @0xmil0 exploited 1,5M$ and possibly more with his previous project with the help of several large crypto companies and insiders, including @merkl_xyz @VB_Audit even mentions from @bread_ & @megaeth, alongside @0xmil0 previous project Ploutos:

So how come @0xmil0 says it's not the same person and that his wallet was never hacked? Words of one of the researchers: As someone who has significant experience coordinating high-security multisigs, I can confidently say that it's literally impossible for multiple people to sign in such a short time. Once, maybe, but not every single transaction. Only 1 person was KYC'd. There are no messages or traces of second or third owner ever existing SECOnD owner literally has only 30 good morning and good night messages on their Discord server and was only ever active via Phone while Milo was only ever active via PC. x.com/fbsloXBT/status/204990…

Purrlend Rugg\Exploit, all info we have gathered so far: Their Twitter account changed names 5 times: Changed X names a bunch of times: username: dmusedex last_checked: 2023-03-04 username: tinbotsnft lastchecked: 2024-01-16 username: tinsol last_checked: 2024-09-17 username: tinhype last_checked: 2025-05-11 username: purrlend last_checked: 2025-07-18 Their admin multisig (2/3, no timelock...) added the exploiter as "bridge" 8 hours ago (which was available in the old Aave version, and can mint unbacked tokens) ( @fbsloXBT ): hyperevmscan.io/tx/0x73ac9cf… Owners are @0xmil0, guy called Amos on Discord which I tried searching for on Twitter, didn't find him, joined Discord the same day he joined Purrlend Discord server. Third owner isn't on Discord (Words of 0xmil0). signer1: 0x2BceF069eAEA664397A28F99b0DE5D4A4f78E23E signer2: 0x7312F0b280f4Bbaa47fC6485809f1C5Cc629d7bB If you go to DeBank, they are all connected and one was funded from Binance: debank.com/profile/0x7312f0b… Auditor is @CDSecurity_io , their site was down when this event unfolded, we have contacted him, you can see some screenshows of messages he sent us. CD Security's github: github.com/CDSecurity/audits… Here's his response (CD Security): What the owner of the protocol wanted us to do is simply compare if their contracts are 1:1 as aave v3 core. And thats the only thing we have done. It was 1:1 as it can be seen from the security report. We asked him specifically if he wants to do a full audit so we can flag even any centralisation issues, etc. but he refused that. Funds right now lay at: etherscan.io/address/0x09CF4… 0xMilo message: I wasn't the only owner there are 2 others and my wallet wasn't compromised nor was it involved in this. My wallet is always in cold storage. Then it seems the signers are the other two oners, inside rug pull. @SEAL_911 and few other projects like Merkl where they were supposedly KYC'd as well. This is the company that KYC'd them: @VB_Audit github.com/VBS-Labs/KYC-Vali… vitalblock.org/ Seems they're member of some DeFi Security Alliance, didn't look too much into them yet. Only 1 person was KYC'd there.

What I am farming now: I have a large position in @piku_dao USP Uniswap pool that gives me 100% APY Merkl rewards on their future token (Even if it turns out to be 50%, still great), also earn around 1% APY on Uniswap fees and since my position is 80% USP I also earn 10-15% APY on that as well per year, pretty good opportunity right now. I have a good position in @piggybank_fi for @xStocksFi, which yields 5-10% (SIP500 also grows an additional 10% on average per year), so around 20% APY plus xStocks and Piggy points. Have a solid position in Altura @alturax Pendle LP pool, making 5% or so on Merkl rewards and around 30% on the Pendle APY itself, so not so good right now, will probably move this to somewhere else once their pool ends, especially since I found out their points are useless. Farming MegaETH via @purrlend as it has a good Merkl campaign on USDT there so around 30% APY, though you can loop it so it's more on a 50-60% side. I am farming that nice APY plus Purrlend airdrop (They're currently talking with VCs, it seems they will raise). On top of those, I might qualify for something from MegaETH. On EulerFinance, I made a multiplier position on ynRWAx/USDC pair, which generates me 32% APY another 7% on Merkl, a smaller position for this @YieldNestFi product. Those are now 95% of my portfolio, though mostly Piku and xStocks\xStocks/Krakenn farming. Still waiting and using or have used these for potential airdrops: Hyperbeat, Liminal, Hyperliquid S3, Unit, Theo, Project X, bungee, Jumper, Relay, Mayan, LayerZero S3, SquidRouter, Mindo, bantr, Ritual, Phygitals, Certik, Fwogs, Moody Mights, nansen, Debank, Rabby, Flashbots, and a few others like OpenSea, T-Rex, billions, XMTP, GetOro and I got nfts for t-rex and few of those other ones. If 80% of those decide to airdrop, I should eat good, that list I just wrote doesn't even include ones like base, so pretty sure if we see some altseason, those should give me something especially since I farmed hard some of them... I've also farmed some perp Dexes: - TradeXYZ (15M Volume) - nado 350 Points - Extended 3,300 Points - TreadFI 450 Points - DefiApp 80K Exp - Hibachi 7700 Points - bullpen 300 Points - decibel 200 AMPS - Ostium 650 Points - Hyperliquid 20M Volume All of those perp dexes together if there's some small alt season, will hopefully give 5 figs, though considering I might still farm few thousand Extended points and some others, it might go easily above that..