Squid is distancing itself from a recent crypto exploit that drained nearly $3 million from dozens of wallets, stressing that the attack targeted a third-party Gnosis Safe module rather than its core cross-chain infrastructure.<\/p>\n\n\n\n
The exploit affected a module called SquidRouterModule, which was integrated with certain Gnosis Safe wallets on Ethereum and Base. According to blockchain security firm Blockaid, attackers managed to drain funds from 86 wallets in less than two hours before converting the stolen assets into DAI through a custom Uniswap pool.<\/p>\n\n\n\n
Reports estimate total losses between $3 million and $3.2 million.<\/p>\n\n\n\n
Security researchers said the vulnerability came from a flawed \u201cmessage security\u201d system inside the SquidRouterModule.<\/p>\n\n\n\n
Instead of properly verifying transaction authenticity, the module reportedly relied on a fixed string submitted by the caller as proof of authorization. Because the string was publicly visible in the contract code, attackers were able to reuse it and execute arbitrary transactions from affected wallets.<\/p>\n\n\n\n
This effectively allowed malicious actors to move assets without needing wallet owner approval.<\/p>\n\n\n\n
Blockchain analysts noted that the attacker quickly swapped stolen tokens into DAI through a custom-built Uniswap V3 pool before consolidating the funds into a single wallet address.<\/p>\n\n\n\n
The incident highlights the risks tied to wallet modules and extensions, especially when weak security checks are introduced into systems connected to high-value multisig wallets.<\/p>\n\n\n\n
Following the exploit, Squid released statements emphasizing that its main protocol infrastructure was not compromised.<\/p>\n\n\n\n
The company said its core cross-chain routing contracts, including its primary router contract, were not involved in the malicious transactions and that existing user funds and protocol-level integrations remain secure.<\/p>\n\n\n\n
Squid also clarified that the SquidRouterModule was not developed, deployed, or operated by the project itself. According to the team, the module was created by an independent third-party integrator that used the Squid name while building on top of the protocol.<\/p>\n\n\n\n
Even so, the branding overlap has placed Squid directly in the spotlight as headlines continue linking the project\u2019s name to the exploit.<\/p>\n\n\n\n
The incident has renewed concerns around the broader security model used by Safe wallet modules.<\/p>\n\n\n\n
Security researchers have long warned that attached Safe modules can execute transactions without direct owner confirmation if their internal logic contains flaws or misconfigurations. Earlier research from OpenZeppelin highlighted that poorly designed modules can bypass the normal multisig approval process entirely.<\/p>\n\n\n\n
In this case, the exploit appears to have followed exactly that pattern.<\/p>\n\n\n\n
The attack also reflects a growing issue within decentralized finance infrastructure, where third-party extensions and integrations can introduce vulnerabilities even when the underlying protocol itself remains secure.<\/p>\n\n\n\n
For the wider crypto industry, the SquidRouterModule exploit serves as another reminder that risks often emerge from peripheral tools rather than core audited contracts.<\/p>\n\n\n\n
Cross-chain protocols and wallet ecosystems increasingly depend on layered integrations, SDKs, and external modules. While this composability improves functionality, it also expands the attack surface for hackers.<\/p>\n\n\n\n
Even projects with strong security practices can still face reputational damage when third-party integrations fail basic security standards.<\/p>\n\n\n\n
As investigations continue, the exploit is likely to fuel fresh discussions around stricter auditing requirements for wallet modules and third-party DeFi integrations moving forward.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Squid is distancing itself from a recent crypto exploit that drained nearly $3 million from dozens of wallets, stressing that the attack targeted a third-party Gnosis Safe module rather than its core cross-chain infrastructure. The exploit affected a module called SquidRouterModule, which was integrated with certain Gnosis Safe wallets on Ethereum and Base. According to…<\/p>\n","protected":false},"author":3,"featured_media":14777,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63,70],"tags":[65,2123,93],"class_list":["post-14775","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto-news","category-finance","tag-crypto","tag-squid","tag-wallet"],"yoast_head":"\n