
Nearly $3 million was stolen from 86 Safe wallets after hackers exploited a vulnerable third-party SquidRouterModule linked to the Squid ecosystem. The attack happened within about two hours, with attackers using fake Uniswap V3 swaps to drain user funds. The stolen assets were later converted into more than 3 million DAI.
Blockchain security firm Blockaid says the attack was possible because affected wallets had previously approved a vulnerable third-party module with broad transaction permissions.
The attacker exploited the module’s executeSameChainActions() function to pretend to be a trusted user and carry out fake Uniswap V3 swaps without needing direct approval from wallet owners.
Before launching the attack, the hacker funded their wallet with 2.1 ETH through Tornado Cash and then carried out automated attacks across both the Ethereum and Base networks.
After draining the funds, the attacker removed liquidity from the pools and converted the stolen assets like USDC & USDT into about 3.07 million DAI, which is still sitting in the attacker’s wallet.
No. The core Safe infrastructure itself was not compromised.
According to Squid and blockchain security firms, the issue came from a separate third-party module integrated into some Safe wallets. Users who never added or trusted the vulnerable module were not affected.
According to Squid’s announcement, the vulnerable contract was not built, deployed, or operated by its core team despite sharing a similar name.
The company explained that the exploit worked because the module accepted a publicly known constant string as proof of authorization, allowing attackers to execute arbitrary transactions without valid wallet signatures.
Furthermore, Squid also confirmed its main router contracts and user funds were never affected.
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
The LAB price just reminded the market why low-float assets and leveraged traders are a…
The GRAM price is finally showing signs of life after spending much of Q2 looking…
The crypto market likes to pretend it's decentralized until the bluechip crypto’s start moving. Then…
Story Highlights The live price of the Stellar crypto is If payment adoption and tokenization…
Gram price rallied nearly 9% over the past 24 hours, outperforming much of the broader…
Pi Network, which once traded near $3, has now fallen below $0.30 and is currently…