Skip to content
- Squid confirmed exploited wallet module operated separately from official protocol infrastructure.
- Attackers drained millions after exploiting vulnerable verification logic inside Safes.
- Shared SquidRouterModule branding created confusion surrounding unrelated protocol infrastructure security.
Squid is shifting its main protocol from a multi-million dollar exploit, which was aimed at Gnosis Safe wallets on the Ethereum and Base networks. The clarification came after there was an increasing amount of confusion about a “SquidRouterModule” on Basescan that was named a contract. Blockaid, the blockchain security firm, states hackers stole almost $3.2 million from 86 Gnosis Safes in approximately 2 hours. Additionally, the attacks took advantage of the Uniswap V3 liquidity pools controlled by the attackers to mint DAI using the stolen tokens.
The contract was “vulnerable,” and was not part of the Squid’s “core infrastructure,” she said. Additionally, the company explained that a third-party smart-wallet product independently deployed and operated the compromised module while integrating Squid services among other protocols.
The platform also explained that its official router contract had not been impacted and is still operating normally during the hack. Apart from that, user balances, approvals to the tokens and already existing integrations that were related to the main protocol stayed safe throughout the incident, Squid confirmed.
Also Read: Ancient Bitcoin Whale Sends $203M BTC to Trading Firms, Traders Alarmed
Exploit that was initiated as a result of the wrong Verification Process.
The module is a third-party module that was used for verification check with a constant string supplied by the caller, and was exploited, according to Squid. Consequently, attackers used that publicly accessible string to execute arbitrary calldata through the vulnerable contract. The wallets affected were already a trusted Safe integration for the wallet trust module. Because of those permissions, the contract gained authority to transfer tokens without requiring additional wallet signatures from owners.
Furthermore, the exploit raised fears about the credibility and trustworthiness of wallet modules that are linked to decentralized finance (DeFi) platforms. The extra risks posed by the multisig wallets’ over-permission issue are still being studied and explored. Squid also noted that the router infrastructure that it uses is entirely different from the exploited module. In addition, the company reported that its production systems were not breached in the attack through its compromised contract, “as the production systems remained unaffected,” it said.
Shared Naming Structure Cause Market Confusion.
The first reports suggested the vulnerable contract had the ‘SquidRouterModule” branding on Basescan, which made it seem like the exploit was connected to the Squid Internet. The attack was not against its core routing software, however, but against a module “that is there only as a third party installation,” said Squid.
In addition, the company said, there was a problem with the names which led to incorrect assumptions after the reports of hacks in the crypto communities. The clarification was designed to insulate Squid’s production systems from the smart-wallet product, which it deemed to be more vulnerable.
It also addressed the bigger question of security for the external wallets that are being used in decentralized finance. Further, there are continuous analysis efforts underway to establish whether the same types of permissions are applied to other wallet integrations and other smart contract platforms. Squid said it will closely monitor and will follow the principle of “information sharing as there is some” and provide more updates if there are any developments.
Also Read: RLUSD Liquidity Explosion Pushes XRP Ledger Activity to Massive Weekly Heights
