Squid Clarifies $3M Gnosis Safe Module Exploit Was Not Core Router

The Exploit and Squid's Response

An attacker drained approximately $3 million from 86 wallets on Ethereum and Base through a vulnerability in SquidRouterModule, a Gnosis Safe module that integrated with Squid's routing infrastructure. Squid moved to clarify publicly that its core cross-chain routing contracts remained uncompromised, and that the vulnerability lay in a third-party module, not its own codebase.

What the SquidRouterModule Was

The SquidRouterModule was designed to allow Gnosis Safe users to execute cross-chain swaps and transfers through Squid's routing layer. By isolating the breach to this module rather than Squid's primary contracts, the company sought to limit reputational damage and reassure users of its main platform that their funds routed through Squid's core infrastructure were not at immediate risk from this incident.

Ongoing Impact Assessment

The distinction between a third-party module and core protocol is material for Squid users, though it does not recover funds already taken. Security researchers and Gnosis Safe users will likely examine how the module was integrated and whether similar architectural weaknesses exist in other Safe modules built on top of DEX routers.

Why It Matters

For Traders

The breach was isolated to a Safe module, not Squid's core router; users routing through Squid directly face lower immediate risk than Safe users who relied on SquidRouterModule.

For Investors

Third-party integrations with routing protocols introduce surface area for exploits; this incident highlights risks of relying on external modules even when core infrastructure is sound.

For Builders

Protocol-to-Safe module integrations require hardened contract design; assume module vulnerabilities will occur and design core routers to remain isolated from third-party failures.