Currencies38131
Market Cap$ 2.28T+2.20%
24h Spot Volume$ 27.10B-18.1%
DominanceBTC56.45%+0.50%ETH9.49%+1.21%
ETH Gas0.14 Gwei
Cryptorank
/

Squid Clarifies Role After $3.2M Gnosis Safe Exploit


Squid Clarifies Role After $3.2M Gnosis Safe Exploit

Share:

AI Overview

An exploit of a third-party Gnosis Safe module named 'SquidRouterModule' drained about $3.2 million from 86 Safes across Ethereum and Base in roughly two hours, with attackers converting assets via Uniswap V3 into a worthless 'u' token and consolidating about 3.07 million DAI now held in a wallet starting 0xa447...54859. Squid clarified its core router was not built, deployed, or operated by the compromised module and remained unaffected; security firms say the flaw allowed attackers to bypass signature verification by accepting a caller-supplied constant string and abusing the module's DelegateBundler path, underscoring DeFi security and third-party module risk in the crypto ecosystem.

Bearish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

The project clarified that the vulnerable contract was not built, deployed, or operated by Squid, despite early reports linking the exploit to its protocol. According to the team, the compromised module independently integrated with Squid among other protocols, while Squid’s core router infrastructure was unaffected throughout the attack.

Gnosis Safe Exploit Drains $3.2M

A third-party module connected to the Gnosis Safe ecosystem was exploited across the Ethereum and Base networks, which resulted in approximately $3.2 million being drained from 86 different Safes in a matter of two hours. Blockchain security firms Blockaid and PeckShield were among the first to report details surrounding the incident.

The vulnerable contract was verified on Basescan under the name “SquidRouterModule,” which initially led to confusion due to its association with Squid. However, Squid quickly clarified that the contract was not built, deployed, or operated by the project itself.

Pseudonymous Squid co-founder Fig stated in a post on X that the compromised module was unrelated to Squid’s core infrastructure. According to the team, the protocol’s main router architecture stayed completely separate and was not affected by the exploit at all.

The attack was reportedly made possible because the module accepted a caller-supplied constant string as proof that a transaction message was secure. By passing this value, attackers were allegedly able to bypass signature verification mechanisms and execute arbitrary call data from victim wallets.

Squid explained that this flaw effectively gave attackers the ability to spend tokens held in affected Safes without requiring legitimate wallet approvals. Security researchers said the exploit relied on Foundry-based exploit contracts that targeted the module’s DelegateBundler execution path.

According to Blockaid, the attackers impersonated authorized delegates tied to each Safe and initiated arbitrary token swaps through Uniswap V3 liquidity pools. The stolen assets were converted into an attacker-created worthless token known as “u” through specially seeded liquidity pools controlled by the exploiter. After routing the assets through these pools, the attacker reportedly removed liquidity and consolidated the proceeds into approximately 3.07 million DAI. PeckShield stated that the funds are currently being held in a wallet beginning with “0xa447...54859.”

Squid criticized early public reporting that incorrectly connected the exploit directly to its protocol. The team explained that the vulnerable contract merely shared the Squid name and independently integrated with several protocols, including Squid, without direct involvement from the project itself.

Read the article at Coinpaper

In This News

Coins

$ 1.80K

+3.44%

$ 0.99973

0%

$ 3.63

+9.58%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 1.80K

+3.44%

$ 0.99973

0%

$ 3.63

+9.58%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Bithumb guides users on Humanity (H) claim portal after security incident

Bithumb guides users on Humanity (H) claim portal after security incident

BitcoinWorld Bithumb guides users on Humanity (H) claim portal after security incide...
Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

In Brief Thai police uncovered a $122M crypto wallet laundering romance scam money. ...