coin-img-ETHETH-0.38%coin-img-BTCBTC-0.82%coin-img-HYPEHYPE-4.05%coin-img-SOLSOL-1.60%coin-img-USDCUSDC-0.01%coin-img-XRPXRP-0.86%coin-img-NEARNEAR+13.91%coin-img-TONCOINTONCOIN+4.27%coin-img-ETHETH-0.38%coin-img-BTCBTC-0.82%coin-img-HYPEHYPE-4.05%coin-img-SOLSOL-1.60%coin-img-USDCUSDC-0.01%coin-img-XRPXRP-0.86%coin-img-NEARNEAR+13.91%coin-img-TONCOINTONCOIN+4.27%coin-img-ETHETH-0.38%coin-img-BTCBTC-0.82%coin-img-HYPEHYPE-4.05%coin-img-SOLSOL-1.60%coin-img-USDCUSDC-0.01%coin-img-XRPXRP-0.86%coin-img-NEARNEAR+13.91%coin-img-TONCOINTONCOIN+4.27%coin-img-ETHETH-0.38%coin-img-BTCBTC-0.82%coin-img-HYPEHYPE-4.05%coin-img-SOLSOL-1.60%coin-img-USDCUSDC-0.01%coin-img-XRPXRP-0.86%coin-img-NEARNEAR+13.91%coin-img-TONCOINTONCOIN+4.27%

$3.2M Drained From 86 Gnosis Safe Wallets in SquidRouterModule Exploit

An attacker stole about $3.2 million from 86 Gnosis Safe wallets across Ethereum and Base by exploiting a vulnerability in SquidRouterModule, completing the theft in roughly two hours. Blockchain security firm Blockaid said it detected the incident on May 25. The stolen assets were rapidly funneled through Uniswap V3 pools opened by the attacker and converted into DAI, consolidating around $3.07 million into a single address. The destination wallet was identified as 0xa447…54859. The attacker's initial funding reportedly came from Tornado Cash. Blockaid and PeckShield attributed the exploit to improper identity validation inside the module. The module failed to correctly verify the true caller, allowing the attacker to pass caller-supplied strings to impersonate authorized users and trigger transactions without wallet owners' consent. Tokens involved included USDC, ENA, and USDT. Squid said the affected SquidRouterModule is not part of Squid's core protocol or contracts, describing it as an independent third-party add-on. The company said its main protocol remains secure. The incident underscores a long-standing DeFi risk: third-party modules can expand functionality for Gnosis Safe wallets but also increase attack surface, a vector observed since at least 2020. SquidRouterModule was verified on Basescan, but verification on a block explorer only indicates that source code is published, not that it has been audited or proven free of critical flaws. For users, the immediate step is to revoke permissions if a Gnosis Safe wallet has SquidRouterModule enabled. Any wallet that granted the module access may be exposed, even if it was not targeted in this attack. The flow through Tornado Cash and Uniswap V3 also highlights how quickly exploited funds can be moved and obscured, and how rapidly proceeds converted into DAI can be redeployed or bridged. While Squid's core protocol may be unaffected, the company now faces scrutiny over how a module carrying its name, even if independently developed, became the conduit for a multi-million-dollar theft.
Đã chọn
GNO
GNO-0.02%
ETH
ETH-0.35%
Tuyên bố Miễn trừ trách nhiệm: Nội dung trên chỉ là ý kiến của tác giả và không đại diện cho lập trường của BingX. Nội dung này sẽ không được xem là lời khuyên đầu tư từ BingX. Để biết chi tiết, vui lòng tham khảo Điều khoản và Điều kiện.