Squid Distances Itself from $3.2 Million Exploit of Third-Party Module

Squid Distances Itself from $3.2 Million Exploit of Third-Party Module

First seen 26 May 2026, 02:01 UTC Theblock.Co 100% similarity 64.5

Article Content

Browse articles
ThreatCluster

A third-party Gnosis Safe module named 'SquidRouterModule' was exploited, draining around $3.2 million from 86 Safes in about two hours. The exploit was confirmed by security firms Blockaid and PeckShield, revealing that the module was not developed by the Squid protocol. The attacker used a vulnerability that allowed arbitrary calldata execution by supplying a constant string as proof of message security. This enabled the attacker to impersonate authorized delegates and execute unauthorized swaps through Uniswap V3 pools. The stolen assets were converted into a worthless token and later consolidated into approximately 3.07 million DAI. Squid clarified that the module was a third-party product and not affiliated with their team. In 2026, DeFi has seen over $770 million in losses, with a record number of incidents reported in April. Squid has completed nine independent security audits and maintains high uptime.

Key Points: • A third-party module exploited, resulting in $3.2 million loss from 86 Safes. • The exploit allowed attackers to execute arbitrary transactions without signatures. • Squid clarified that the vulnerable module was not created or managed by them.

ThreatCluster AI

Timeline

2026-05-25
Exploit of SquidRouterModule confirmed
A third-party Gnosis Safe module was exploited, draining $3.2 million from 86 Safes in two hours, according to Blockaid and PeckShield.
Theblock.Co
2026-05-25
Squid issues clarification
Squid stated that the 'SquidRouterModule' is unrelated to their protocol and was not developed by their team.
Theblock.Co
2026-05-25
Attack method detailed
The attacker exploited a vulnerability allowing arbitrary calldata execution, impersonating authorized delegates to drain funds.
Theblock.Co

Community

Browse all →