Ethereum · Cointelegraph
Squid and Safe Labs say third-party module behind $3.2 million exploit
Compiled by KHAO Editorial — aggregated from 2 sources. See llms.txt for citation guidance.
✓ KHAO Verified
A third-party module drained about $3 million from Safe wallets, with Squid attributing the incident to an external Safe module, saying its core systems were unaffected.
Key facts
- Safe Labs CEO Rahul Rumalla said the accounts “do not seem to be operated on official Safe Wallet product,” adding that it remains unclear how and where they were created and managed, likely created
- A third-party module drained about $3 million from Safe wallets, with Squid attributing the incident to an external Safe module, saying its core systems were unaffected
- A suspected third-party Safe module exploit has drained about $3.2 million from wallets across Ethereum and Base, with multiple teams pointing to an external module as the cause
- According to Blockaid, the attack affected at least 86 Safe accounts within roughly two hours, with all stolen tokens swapped to Dai (DAI) via attacker-controlled Uniswap V3 pools
Summary
A suspected third-party Safe module exploit has drained about $3.2 million from wallets across Ethereum and Base, with multiple teams pointing to an external module as the cause. Blockchain security platform Blockaid reported the incident on Monday, saying it involved a contract labeled “SquidRouterModule,” which initially led to confusion over a possible link to the cross-chain protocol Squid. Squid later said on X that the issue was unrelated to its core protocol and instead involved a third-party module integrated into Safe wallets. “A third-party SquidRouterModule was exploited, not Squid’s Router contract,” Squid said, adding that the contract shares its name but not its code.