Exploit of Safe Wallet Module Leads to $3.2M Theft

Exploit of Safe Wallet Module Leads to $3.2M Theft

First seen 25 May 2026, 17:32 UTC Bitgetcointelegraph.comKucoin 86% similarity 68.2

Article Content

Browse articles
ThreatCluster

A vulnerability in the third-party module 'SquidRouterModule' exploited Safe wallets, resulting in a loss of $3.2 million. The attack affected at least 86 accounts on Ethereum and Base, with stolen tokens converted to Dai via Uniswap V3 pools. Blockchain security firm Blockaid reported that the exploit allowed attackers to impersonate authorized delegates, bypassing verification. Safe Labs CEO Rahul Rumalla indicated that the affected accounts were not operated on the official Safe Wallet product. The module had previously been flagged as malicious by Blockaid, which is part of Safe Shield's risk detection rules. The incident emphasizes the risks associated with third-party integrations in decentralized finance (DeFi) environments.

Key Points: • A vulnerability in the SquidRouterModule drained $3.2 million from Safe wallets. • The exploit affected at least 86 accounts across Ethereum and Base networks. • Safe Labs confirmed that the affected accounts were not part of the official Safe Wallet product.

ThreatCluster AI

Timeline

2026-05-25
Exploit reported by Blockaid
Blockaid disclosed that a vulnerability in the SquidRouterModule led to a $3.2 million theft from Safe wallets.
Cointelegraph
2026-05-25
Squid clarifies involvement
Squid stated the exploit was unrelated to its core protocol, clarifying that the issue was with a third-party module.
Bitget
2026-05-26
Analysis by SlowMist founder
Yu Xian from SlowMist reported that the vulnerability allowed attackers to bypass verification and transfer funds from Safe wallets.
Kucoin
2026-05-26
Further analysis confirms exploit method
Yu Xian confirmed that the exploit was due to a vulnerability in the SquidRouterModule, affecting multiple wallets.
Kucoin

Community

Browse all →