Home
News
Details

Squid Clarifies That the Attack Involves a Third-Party Module, Not the Core Protocol

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Squid stated that the attack involved a third-party module, not its core protocol. The SquidRouterModule, flagged by Blockaid, was a Gnosis Safe module integrated with Squid and contained a vulnerability that allowed attackers to bypass message verification and steal funds. Squid’s routing contract (0xce16F) remains secure. On-chain data shows no impact on user funds or authorizations. Traders monitoring altcoins should note that this incident underscores the risks associated with third-party integrations.

ChainCatcher report: Cross-chain routing protocol Squid posted on X that the SquidRouterModule involved in the attack disclosed by Blockaid was not developed, deployed, or operated by Squid. It is a third-party Gnosis Safe module that chose to integrate with Squid and other protocols, and there was no prior connection between Squid and this module. Squid stated that this third-party module contained a vulnerability: it accepted a fixed string provided by the caller as a message authentication check. The attacker exploited this publicly visible string within the verified contract code to execute arbitrary call data and steal funds. Squid’s own routing contract (0xce16F) is architecturally entirely different from this module and remains unaffected; user funds, authorizations, and integrations are secure.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.