Breaking News》SquidRouterModule exposes a major vulnerability! 86 Gnosis Safe wallets hacked, $3 million stolen

DeFi funds at risk! Security firm Blockaid issues an emergency alert, indicating that the SquidRouterModule on the Ethereum and Base chains is under ongoing hacker attack.
In just 2 hours, 86 Gnosis Safe multi-signature wallets have been compromised, with losses totaling up to $3 million.
The hackers' methods are quite cunning, having used self-built Uniswap V3 liquidity pools to wash all the stolen funds into DAI.
(Background: Verus cross-chain bridge hacker returns 75% of stolen funds, protocol accepts settlement without pursuing further)
(Additional context: Minnesota permits "credit unions" to offer cryptocurrency custody services, so the public no longer needs to fear hackers when buying coins)

The cryptocurrency market has once again experienced a serious smart contract security incident.
Renowned blockchain security company Blockaid issued an emergency warning on social platform X (formerly Twitter), pointing out a sustained attack targeting the SquidRouterModule contract.

🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵
— Blockaid (@blockaid_) May 25, 2026

Drains $3 million in just 2 hours

According to the initial detection report released by Blockaid, this attack mainly targeted the Ethereum mainnet and Coinbase-supported Layer 2 network Base.

The hackers' attack efficiency is extremely high; within about 2 hours, they successfully breached and drained funds from 86 Gnosis Safe multi-signature wallets.
The estimated total loss has reached approximately $3 million, and since the attack is still "ongoing," the loss amount may continue to rise.

Money laundering method exposed: exchanging DAI via Uniswap V3

Regarding the flow of stolen funds, Blockaid analysis indicates that after obtaining the assets, the hackers quickly carried out money laundering.
They pre-constructed and controlled specific Uniswap V3 liquidity pools, converting all stolen tokens from victim wallets into the stablecoin DAI through these malicious pools, to evade tracking and preserve the value of the stolen assets.

Currently, the Blockaid team is continuing to track the attackers' addresses and transaction details.
Security experts strongly recommend that users who interacted with SquidRouterModule and multi-signature wallet managers should immediately review and revoke related contract permissions to avoid becoming the next victims.