Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
TradFi
Gate Card
Rewards
Square
Latest
Hot
News
Profile

Squid: The security incident is unrelated to the Squid core protocol and contracts; all Squid users and integrators are unaffected.

MarsBitNews
Mars Finance reports that Squid issued a statement on the X platform stating that this incident is unrelated to the Squid core protocol and contracts, and all Squid users and integrations are unaffected, requiring no action. A third-party Gnosis Safe module on the Base and Ethereum networks was attacked, resulting in a loss of approximately $3.2 million. The vulnerable contract is verified on Basescan under the name “SquidRouterModule,” but this contract was not built, deployed, or operated by Squid; it is a third-party smart wallet product that chooses to integrate Squid and other protocols, and has no connection to Squid. The attack method involves this third-party module accepting a constant string provided by the caller as a message security proof, which is publicly visible in the verified contract code. After input by the attacker, it can execute arbitrary calldata arrays, allowing theft of funds at will. The victim’s Safe wallet added this problematic contract as a trusted Safe Module, enabling it to control any tokens within Safe without signatures. Squid’s own routing contract (0xce16...D666) has a different architecture and is unaffected; Squid user funds, authorizations, and integrations are completely secure. Early reports or mentions of “SquidRouter” in the contract verification name on Basescan should be accurately described as: a third-party SquidRouterModule was attacked, not Squid’s Router contract. Although the contract name is the same as Squid, it is not part of Squid’s code. Squid is continuously monitoring the situation and will update information if there are significant developments.
ETH-0.2%
GNO-1.21%
SAFE-1.89%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • 3
  • Share
Comment
Add a comment
Add a comment
GateUser-9d67589f
· 1h ago
This blow was clearly delivered, but the brand image still took some damage.
View OriginalReply0
ProofOfCoffee
· 11h ago
Gnosis Safe module ecosystem also needs to strengthen audits
View OriginalReply0
TransparentDomeCity
· 14h ago
Wallet integration risk exposure, users need to stay vigilant
View OriginalReply0
GasFeeGambit
· 14h ago
The attacker's method is quite interesting; they can even trick modules with publicly available constants.
View OriginalReply0
RugProofRita
· 14h ago
The Base ecosystem has been a bit turbulent lately.
View OriginalReply0
NoMoreRugs
· 14h ago
SquidRouterModule this name can indeed be easily misunderstood
View OriginalReply0
ColdWalletUnderTheNeonLights
· 14h ago
Blaming third-party modules, this naming is too misleading.
View OriginalReply0

  • Pinned

Sitemap