Loading prices…
🩸BEARISH

Squid Protocol Exploit Drains $3.2M via Gnosis Safe Module

A third-party multisig module — not Squid's own contracts — was the attack surface, and the $6M raise from Ripple's $3M slot becomes a painful backdrop rather than a marquee win.

Cross-chain router Squid disclosed on May 25 that a third-party Gnosis Safe module was exploited across Base and Ethereum, draining roughly $3.2M from wallets using the module. Squid's core protocol and contracts were not affected, and the team said no user or integrator action is required.

The disclosure lands less than 24 hours after Squid closed a $6M funding round backed by Ripple, making the optics brutal: half the raise gone to a third-party vulnerability the team didn't operate. The exploit targeted a Safe module used to manage treasury and operational wallets, not the routing logic that moves user funds across chains.

Why it matters

Smart-account modules sit outside the protocol a team ships but still hold the keys to its treasury. When a module is exploited, the affected projects absorb the reputational hit even though the failure is upstream. The incident adds to a growing list of Safe-module incidents that have pushed institutional custodians to demand module-level attestations, not just contract audits, before signing cheques.

Market impact

The loss is contained to Squid's operational wallets and does not affect user funds or routing, but the timing — fresh capital, fresh exploit — will dominate the news cycle for the protocol. Watch for a post-mortem on which Safe module version was vulnerable and whether other Ripple-portfolio teams running similar treasury setups take defensive action.

Related tokens
$XRP

Frequently asked questions

  1. Did the Squid hack affect user funds or the routing protocol?

    No. Squid's core protocol and contracts were not affected, and the team said no user or integrator action is required. The exploit hit a third-party Gnosis Safe module used to manage operational and treasury wallets.

  2. How much was lost in the Squid exploit?

    Approximately $3.2M was drained from wallets using the vulnerable Safe module across Base and Ethereum, according to Squid's May 25 disclosure.

  3. What was the timing relative to Squid's funding round?

    Squid disclosed the exploit less than 24 hours after closing a $6M funding round that included Ripple as a named backer, making roughly half the raise the size of the loss.

  4. Is this a Squid protocol bug or a third-party issue?

    Third-party. The vulnerable surface was a Gnosis Safe module used for wallet management, not Squid's own routing contracts.

  5. What should users and integrators do?

    Per Squid's statement, no action is needed — the exploit did not touch user funds or integrator-facing infrastructure. Affected wallets were confined to the team's own operational and treasury accounts.

Source attribution
Aggregated from Crypto News · Verified · Last refreshed 45d ago
Open original →