Squid denies hacking their contract worth $3 million - ForkLog: cryptocurrencies, AI, singularity, the future

# At Squid denied hacking their contract for $3 million

The developers of the cross-chain bridge Squid denied involvement in the SquidRouterModule contract, which was hacked for approximately $3 million. The security incident report was published by Blockaid experts.

🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.

86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵

— Blockaid (@blockaid_) May 25, 2026

According to their information, the attack affected 86 wallets on the Ethereum and Base networks. They also reported it to PeckShieldAlert. According to them, the attacker funded the address through Tornado Cash with 2.1 ETH and exchanged the stolen funds for 3 million DAI.

Squid stated that hackers compromised an external Gnosis Safe module. The vulnerable contract is registered on Basescan as SquidRouterModule, but it is not connected to the main project. It is an external product in the form of a smart wallet that decided to integrate with Squid.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.

A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9

— squid (@squidrouter) May 25, 2026

“The attack succeeded because the external module accepted a provided fixed string as confirmation of message security. If it is passed, it can execute an array of arbitrary call data and steal funds,” the developers said.

Safe users added the vulnerable contract as a trusted module, giving it the right to spend any tokens without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) has a different architecture and was not affected.

“This contract bears our name but is not our code,” Squid summarized.

Investments

A few days before the incident, Squid announced raising $6 million. The project is a cross-chain infrastructure platform that initially developed within the Axelar ecosystem.

We are proud to announce that Squid has raised $6M in funding round led by North Island Ventures and backed by strategic investors!

Our new chapter has begun, with more news coming soon. Today we celebrate and say thank you. CHEERS 💫 pic.twitter.com/4xzUCt8eEa

— squid (@squidrouter) May 22, 2026

North Island Ventures led the funding round, which included Ripple, Dialectic, and Borderless.

In total, the project attracted $13.5 million — an additional $3.5 million in 2023 and $4 million in 2024.

Since its launch in 2023, over 4 million transactions totaling more than $6 billion have been processed through the platform. It has served 1 million users via its own app and partner integrations.

Squid earns revenue from enterprise services and plans to introduce a transaction fee. Existing tools allow moving assets between different blockchains such as Bitcoin, Ethereum, Solana, Cosmos, and XRP Ledger.

The developers of the latter are official partners of Squid in creating bridges; they manage validators in the network and participate in project governance.

Recall that in April, an unknown actor exploited a vulnerability in the cross-chain bridge smart contract Hyperbridge, gained admin rights, and issued 1 billion DOT.