BitcoinWorld Squid Protocol Says $3.2M Exploit Targeted Third-Party Module, Not Core System Cross-chain protocol Squid has moved to clarify the details surrounding a recent security incident that resulted in the loss of approximately $3.2 million in digital assets. In a statement released to the community, the project emphasized that the exploited contract, identified as the ‘SquidRouterModule,’ was not developed, deployed, or operated by Squid itself. Understanding the Attack Vector The compromised contract, according to Squid, is a third-party module built on top of Gnosis Safe. The protocol explained that this module is structurally distinct from its own router contract. The attacker reportedly exploited a vulnerability in the module’s public fixed-string verification function, allowing them to execute arbitrary call data and drain funds from affected wallets. Squid clarified that the affected Gnosis Safes had previously registered the module as a trusted module. This registration status enabled the attacker to initiate asset transfers without requiring additional signatures from the wallet owners, effectively bypassing standard security checks. Impact Assessment and User Safety The company was explicit in its assessment: its core router contracts, user funds, approvals, and integrated services were not compromised. This distinction is critical for users who may have been concerned about the safety of their assets held directly through Squid’s platform. The incident highlights a growing complexity in the DeFi ecosystem, where the use of third-party modules and smart contract integrations can introduce unforeseen risks. While Squid’s core protocol remains secure, the event serves as a reminder that the broader infrastructure users rely on—such as wallet-level modules—can become attack vectors. What This Means for DeFi Users For users of Gnosis Safe and similar multi-signature wallets, this incident underscores the importance of auditing and understanding every module or app connected to their wallet. Registering a module as trusted grants it significant permissions, and any vulnerability in that module can have severe consequences. Squid has not indicated any plans for a user reimbursement program, as the protocol itself was not directly responsible for the exploit. The affected funds were lost from wallets that had voluntarily integrated the third-party module. Conclusion The $3.2 million exploit is a cautionary tale about the layered security risks present in decentralized finance. While Squid’s core infrastructure remains intact, the incident demonstrates that security in DeFi is only as strong as the weakest link in a user’s personal stack of integrated tools and modules. Users are advised to regularly review and revoke permissions for any modules or contracts that are no longer actively used. FAQs Q1: Were Squid’s own contracts or user funds affected by the exploit? No. Squid has confirmed that its core router contracts, user funds, and approvals were not impacted. The exploit occurred in a third-party module built on Gnosis Safe. Q2: How did the attacker manage to drain the funds? The attacker exploited a vulnerability in the module’s public fixed-string verification function to execute arbitrary call data. Because the module was registered as trusted on the affected Gnosis Safes, asset transfers could be made without additional signatures. Q3: Should users stop using Squid or Gnosis Safe after this incident? Not necessarily. Squid’s protocol remains secure. However, users should review all modules and apps connected to their wallets, revoke permissions for unused or unverified modules, and stay informed about the security practices of third-party integrations. This post Squid Protocol Says $3.2M Exploit Targeted Third-Party Module, Not Core System first appeared on BitcoinWorld .
