Home
News
Details

SlowMist's Yu Xian: The Squid security incident was caused by a vulnerability in the Safe Wallet module.

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,079.33-1.18%
AI summary iconSummary

expand icon
Citing ChainCatcher, SlowMist founder Yu Xian explained that the Squid security breach resulted from a vulnerability in the SquidRouterModule used by Safe wallets—not from private key exposure. Attackers forged messages to bypass verification and drained funds from 86 Gnosis Safe wallets on Base and Ethereum, totaling $3.2 million. Squid later confirmed it was unaffected. The incident underscores the need for stronger safe-haven assets and enhanced CFT measures in DeFi infrastructure.

ChainCatcher report: Yu Xian, founder of SlowMist, posted on X to analyze the Squid security incident, stating that sampled analysis revealed all related Safe wallets were single-signature, with different owners. However, the issue was not with private keys, but with a vulnerability in the module (SquidRouterModule) used by these Safe addresses—attackers could forge messages to easily bypass verification and initiate subsequent exchange operations to transfer funds from the target Safe wallets. Additionally, Yu Xian disclosed information about the attacker’s profit accumulation addresses. Previously, a third-party Gnosis Safe module exploited on Base and Ethereum resulted in approximately $3.2 million in losses, affecting 86 Gnosis Safe wallets that had added this contract as a trusted Safe Module. The contract is named “SquidRouterModule” on Basescan. Subsequently, Squid clarified that it was not affected by the Gnosis Safe-related vulnerability incident.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.