Okay, so there was a pretty scary exploit involving Squid, but thankfully it wasn’t a direct hack of their main system. It looks like the problem was with a separate module they use, called SquidRouterModule – a third-party Gnosis Safe component. Basically, someone managed to drain funds from about 86 wallets on Ethereum and Base really quickly – under two hours! – but it wasn’t a failure in Squid’s core technology. They’ve been quick to point that out, which is good to know as an investor.
Summary
- Blockaid flagged an active exploit on the SquidRouterModule affecting 86 Gnosis Safes
- Around $3 million to $3.2 million was stolen and swapped into DAI via Uniswap
- The vulnerability was a fixed string “message security” check that attackers reused
- Squid says its main 0xce16F router contract and user funds are unaffected
Security firm Blockaid reports that the recent attack focused on a specific part of the Gnosis Safe system, called SquidRouterModule, which operates on both Ethereum and Base. This module was used by some users managing multiple digital signatures to handle transactions between different blockchains, involving Squid and other services.
According to Blockaid, an attacker drained roughly $3 to $3.2 million from 86 Gnosis Safe wallets over about two hours. The stolen funds were then combined and sent to one address, which now holds a little over 3.07 million DAI.
According to KuCoin’s reporting, security firms Blockaid and Squid have determined that the hackers converted the stolen cryptocurrency into DAI using a special Uniswap V3 pool they created. They then combined all the stolen funds into a single wallet, likely to make them harder to trace.
The main problem was in how the SquidRouterModule handled message security. Binance Square reported that the module incorrectly trusted a fixed string provided by the user to verify messages. This meant anyone with access to the contract’s code could easily copy that string and execute any commands they wanted.
As an analyst, I’ve determined the attacker leveraged a weakness in how the system verified a specific, publicly known string. This allowed them to trigger unauthorized actions within the affected multi-signature wallets – essentially letting them move funds without needing approval from the owners.
How did the SquidRouterModule exploit drain 86 Gnosis Safes?
According to Binance, a flaw in their system allowed attackers to exploit a security feature. The system incorrectly trusted information provided by users, instead of properly verifying their identity. This critical mistake allowed hackers to access and steal funds from connected wallets.
Gnosis Safe modules have a recognized security risk. Previous research from OpenZeppelin demonstrated that if a module isn’t properly secured, it could allow transactions to be made from a wallet without the owner’s permission.
This particular security issue involved a component named ‘Squid,’ but it wasn’t actually created or managed by the Squid developers. Instead, it was built and implemented by an external company.
Why is Squid distancing its core router from the hack?
Squid clarified in a post on X that the recent incident didn’t affect its main operations or underlying code. They specifically stated that the core contract, which can be found on the blockchain at address 0xce16F69375520ab01377ce7B88f5BA8C48F8D666, wasn’t used in any of the harmful activity.
This issue doesn’t impact Squid’s main technology or agreements. All Squid users and those who’ve integrated it are safe and don’t need to do anything.
Today, a security flaw in a third-party module for Gnosis Safe wallets on both Base and Ethereum led to about $3.2 million in losses. The affected…
— squid (@squidrouter) May 25, 2026
According to KuCoin, Squid has stated that the “SquidRouterModule” wasn’t created, launched, or managed by their team. A separate developer chose the name when connecting it to Squid, and it doesn’t affect the main system’s structure.
The team wants to reassure users that their funds, existing permissions, and connections to other services are still safe. Squid’s main function of moving assets between different blockchains isn’t impacted, and they are continuing to watch the situation closely while working with security experts.
Even so, the situation looks unfavorable. As highlighted by KuCoin, news reports are likely to focus on the “Squid” project being “hacked,” even though the problem is limited to a poorly designed component. This component’s only link to the main project is its branding and its use of Squid as one of several routing tools.
For a while, security experts have cautioned that while Gnosis Safe is powerful, it has a weakness: if a connected module has faulty code, it can make transactions without the owner’s approval. This is precisely what occurred when a security check was circumvented in this instance.
The recent issue with SquidRouterModule highlights a growing risk for interconnected blockchain systems and wallet extensions. It shows that when different parts of a system are combined, and security isn’t carefully checked in those supporting pieces, it can create vulnerabilities that go beyond the main protocol’s own security measures and audits.
This highlights a difficult truth for infrastructure teams like Squid, which Axelar defines as a system for easily moving and swapping assets across different blockchains: even if your own code is secure, problems with third-party tools can still damage your reputation if those tools don’t follow basic security practices.
Read More
- Off Campus Season 1 Soundtrack Guide
- DoorDash responds after customer uses AI to make food look bad and get a refund
- Chainsaw Man Volume 24’s Cover Art Reveals a Brand-New Denji
- Hideo Kojima says Metal Gear Solid 2 became the future he hoped would not happen
- HSR Banner Schedule (Honkai Star Rail)
- Euphoria Season 3’s New R-Rated Sydney Sweeney Scene Proves The Show Is Trolling Us
- How to Get to the Undercoast in Esoteric Ebb
- Ethereum Eyes Break Above $2,420 as Rally Hangs in the Balance
- Silver Rate Forecast
- XRP’s New Credit Hub: A Tale of Tokens and Trust
2026-05-25 18:26