Cryptobriefing
$3.2M Drained from Gnosis Safe Wallets via SquidRouterModule Exploit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
An attacker exploited a vulnerability in the SquidRouterModule, a third-party add-on, to drain approximately $3.2 million from 86 Gnosis Safe wallets across Ethereum and Base in just two hours. The breach was identified by Blockaid on May 25, 2026, and involved improper identity validation that allowed the attacker to impersonate authorized users. The stolen assets included USDC, ENA, and USDT, which were quickly converted to DAI through Uniswap V3 pools. Squid clarified that the compromised module was not part of their core protocol, distancing themselves from the incident. Users with Gnosis Safe wallets utilizing this module are advised to revoke permissions immediately. The incident highlights ongoing risks associated with third-party modules in decentralized finance (DeFi).
Key Points: • An exploit in the SquidRouterModule drained $3.2 million from 86 Gnosis Safe wallets. • The attack was executed through improper identity validation, allowing unauthorized transactions. • Users are urged to revoke permissions for the SquidRouterModule to mitigate risks.