Cross-chain platform Squid Router, which recently raised $6 million from Ripple, mistakenly found itself at the center of a scandal due to a hacker attack on third-party software with a similar name. Initial reports on social media claimed that $3 million had been stolen from the protocol, but on-chain analysis and official statements from the developers refuted these rumors.
As revealed from reports by Blockaid and PeckShield, due to a critical vulnerability in the code of the third-party SquidRouterModule module, the attacker was able to bypass the security check using a publicly available text string and impersonate a trusted delegate. Since the affected users had previously added this defective contract to their wallets as trusted, the hacker gained the right to spend their assets without personal signatures.
SquidRouterModule hacker wallet, Source: Peckshield Alert citing Etherscan
Through Uniswap V3, the hacker forcibly swapped the victims' real tokens for fake tokens, then extracted liquidity and withdrew the funds to wallet "0xA447...54859". As a result, the hacker drained 86 Gnosis Safe addresses across Ethereum and Base in just two hours, stealing 3.07 million DAI.
HOT Stories Crypto King Barry Silbert: Privacy Era is Here Zcash (ZEC) Paints Falling Star as Momentum Fades, Toncoin (TON) on Verge of Bullish Boundary, Shiba Inu (SHIB) Price Reset Is Near: Crypto Market Review
Why is Squid Router not involved?
The panic in the media arose solely because of the name of the vulnerable contract. The Squid Router team and its co-founder known online as "fig" quickly stated that the SquidRouterModule contract belongs to an unknown third-party smart wallet that integrated Squid without the developers' knowledge. The platform's original contract, "0xce16F69375520ab01377ce7B88f5BA8C48F8D666", has a different architecture and was not affected.
User funds and approvals across all 100+ networks are fully safe.
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.
A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9
You Might Also Like
Mon, 05/25/2026 - 11:43 New 'TrapDoor' Virus Steals Crypto Wallets: Solana, DeFi, AI Developers Under ThreatByGamza Khanzadaev
The attempt to damage Squid's reputation happened at the moment of the project's maximum media rise: on May 22, the platform announced a strategic $6 million round from Ripple, North Island Ventures and angels from Axelar and Ledger. These funds are aimed at expanding the ecosystem, which since 2023 has already processed more than $6 billion in volume for one million users.
The incident has no impact on the operations, infrastructure or development plans of the legitimate DeFi protocol.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
