Home
News
Details

Squid Clarifies Third-Party Module Exploit, Core Protocol Unaffected

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,102.15-0.25%
This is the logo of the coin.
DAI
----
This is the logo of the coin.
UNI
$3.3072-3.09%
AI summary iconSummary

expand icon
Squid confirmed a DeFi exploit involving a third-party Gnosis Safe module, SquidRouterModule, which resulted in the theft of approximately $320,000 from 86 wallets on Base and Ethereum. The stolen assets were swapped via an attacker-controlled Uniswap V3 pool into DAI. Squid clarified that the module was not part of its protocol update and emphasized that the core routing contract remains unaffected. The vulnerability allowed arbitrary calls due to weak security credentials. Squid assured users that funds, permissions, and integrations are secure.

According to an official post by Squid (@squidrouter) and monitoring by the on-chain security platform Blockaid (@blockaid_), a third-party Gnosis Safe module named "SquidRouterModule" was recently exploited on the Base and Ethereum networks, resulting in the theft of approximately 86 Gnosis Safe wallets and losses of around $3.2 million. The stolen tokens were subsequently exchanged for DAI via a Uniswap V3 pool controlled by the attacker. Squid officially clarifies that this module was neither developed, deployed, nor operated by them; the name was independently chosen by a third party when integrating with Squid and is unrelated to Squid’s core routing contract (0xce16F69375520ab01377ce7B88f5BA8C48F8D666). The vulnerability stemmed from the third-party module accepting a constant string provided by the caller as a security credential, allowing attackers to execute arbitrary call data and steal assets from victims’ Safe wallets. Squid users’ funds, authorizations, and integrations remain secure, and the team will continue monitoring the situation.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.