Squid Responds to Security Incident: $3.2 Million Theft Originated from Third-Party Module Vulnerability
Cross-chain protocol Squid issued a statement in response to the attack, clarifying that the incident did not occur in the core protocol or Router contract, but rather stemmed from a serious vulnerability in the third-party Gnosis Safe module "SquidRouterModule," which led to the theft of approximately $3.2 million in assets on Base and Ethereum.
This module was not developed, deployed, or operated by Squid; it merely integrated Squid's functionality into a third-party smart wallet product. The attacker bypassed verification by passing in a public string to execute arbitrary calls, as the affected wallets had set this module as a trusted Safe Module, allowing asset transfers without signatures.
Squid emphasized that the official Router contract, user funds, authorizations, and integrations were unaffected, and users do not need to take additional actions.
Source: Public Information
ABAB AI Insight
Squid, previously an important cross-chain router in the Axelar ecosystem, has handled a large volume of cross-chain transactions. This incident exposes the risks of third-party module integration, continuing the trend of DeFi projects being affected by external module vulnerabilities in Gnosis Safe multi-signature extensions.
On the capital front, Squid is focusing resources on the security audit of the core Router contract and official integrations while encouraging users and wallet providers to strengthen module reviews. The motivation is to reduce systemic reputational risks by clarifying responsibility boundaries and maintaining cross-chain liquidity TVL.
Similar to past cases like the Ronin bridge and Nomad, where external component vulnerabilities led to fund losses, Squid is currently transitioning from rapid expansion of cross-chain infrastructure to enhancing security and third-party governance.
This essentially reflects regulatory changes and industry chain restructuring: third-party module vulnerabilities leading to asset losses, with the mechanism being the high modularity of DeFi composable development expanding the attack surface, forcing projects to shift from simple functional integration to strict boundary delineation and audit requirements, pushing the industry towards more centralized security controls and standardized modules.
ABAB News · Cognitive Law
The more convenient the third-party module, the larger the attack surface.
Once trust is set as default, funds become the target.
Core security remains intact, but ecological vulnerabilities still make users pay.