Summary: Squid distances core protocol from Safe module exploit affecting 86 wallets

Published: 30 days and 23 hours ago
Based on article from AMBCrypto

The $3 Million Gnosis Safe Exploit: Distinguishing Core Protocols from Third-Party Vulnerabilities

A recent security breach involving dozens of Gnosis Safe wallets has resulted in a $3 million loss, sparking a debate over the security of third-party integrations. While early reports linked the incident to the cross-chain protocol Squid, the company has clarified that its core infrastructure remains secure and unaffected by the exploit.

Technical Breakdown of the Vulnerability

On May 25, blockchain security firm Blockaid identified a two-hour exploit window affecting 86 Gnosis Safes across the Ethereum and Base networks. The attackers targeted a specific function within a contract labeled “SquidRouterModule,” which allowed them to impersonate authorized delegates. By exploiting a flaw that accepted caller-supplied strings as security proof, the hackers executed arbitrary token swaps directly from the victim's wallets. The stolen assets were funneled through manipulated Uniswap V3 pools and eventually consolidated into approximately $3.07 million worth of DAI.

Squid Protocol Denies Involvement

In response to the incident, Squid issued a statement clarifying that the “SquidRouterModule” was not built, deployed, or operated by their team. The protocol emphasized that the vulnerable module was a third-party smart-wallet product that integrated with Squid but remained independent of their core router contracts. Because the module had been added as a "trusted" component by users, it possessed the permission to spend assets without requiring additional signatures, which the attackers used to bypass standard security hurdles.

The Rising Threat of Composable DeFi Risks

This incident highlights a growing trend in decentralized finance where attackers bypass a protocol's battle-tested core contracts to target weaker auxiliary modules. The exploit underscores the significant risks associated with delegated execution systems and the reputational "spillover" that occurs when third-party integrations share naming conventions with established brands. As DeFi ecosystems become more interconnected, the security of the entire network increasingly relies on the weakest link in the chain of permissions and middleware.

Original article
altFINS

Social media:

FAQ
[email protected]
[email protected]
[email protected]
[email protected]
Data
Trade
Insights
App Store Google Play
Cookies Policy - Privacy Policy - Terms of Use - © 2025 Altfins, j. s. a.