• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
CoinLaw LogoCoinLaw

Bringing Crypto and Finance Closer to You

  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
CoinLaw Logo
  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Home Β» Cryptocurrency

86 Gnosis Safe Wallets Hit in $3M Squid Exploit

Published on: May 25, 2026
Kelvin Scott
Written By
Kelvin Scott
Kelvin Scott
Finance News Analyst • 520 Articles
Kelvin Scott, with over 8 years of experience, covers the latest trends in digital assets, financial markets, and regulatory developments. W... See full bio
LATEST POSTS:
Coinbase Wins UK MiFID License for Stocks and Derivatives
South Korea Court Proposes Crypto Seizure Rules
Ripple Wins Full MiCA CASP License in Luxembourg
Barry Elad
Reviewed By
Barry Elad
Barry Elad
Founder & Senior Journalist • 579 Articles
Barry Elad is a finance and tech journalist who loves breaking down complex ideas into simple, practical insights. Whether he's exploring fi... See full bio
LATEST POSTS:
Crypto Market Capitalization Statistics 2026: Totals, Dominance, and Trends
Remittances by Country Statistics 2026: Inflows and Cost
How Many People Use Cryptocurrency Worldwide 2026: Global User Count by Year and Region
Gnosis Safe Wallets Hit In 3m Squid Exploit
As Featured In
Bloomberg LogoForbes LogoFortune LogoCoinDesk LogoCoinMarketCap Logo
Share on LinkedIn ChatGPT Perplexity Share on X Share on Facebook

A major crypto security breach linked to the SquidRouterModule drained around $3 million from 86 Gnosis Safe wallets across Ethereum and Base within just two hours.

Key Takeaways

  • Blockaid detected an active exploit targeting the SquidRouterModule on Ethereum and Base.
  • Around 86 Gnosis Safe wallets were drained, with estimated losses reaching $3 million.
  • The attacker reportedly converted stolen funds into DAI using Uniswap V3 pools.
  • Squid stated that the vulnerable module was not developed or operated by its core team.

What Happened?

Blockchain security firm Blockaid reported on May 25 that attackers exploited a vulnerability connected to the SquidRouterModule, leading to the draining of dozens of Gnosis Safe wallets across Ethereum and Base networks.

According to the investigation, the exploit unfolded rapidly, with attackers moving stolen assets through Uniswap V3 pools before consolidating the funds into DAI. Squid later clarified that the compromised module was operated by a third party and was not part of its core routing infrastructure.

🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.

86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧡

β€” Blockaid (@blockaid_) May 25, 2026

Blockaid Detects Active Exploit Across Ethereum and Base

Blockaid said it identified suspicious activity involving the SquidRouterModule after attackers began draining wallets tied to Gnosis Safe integrations. Within roughly two hours, around 86 wallets had already been compromised.

The security firm stated that the attacker swapped stolen assets into DAI through attacker controlled Uniswap V3 pools. The exploit reportedly involved tokens including USDC, USDT, and ENA before the funds were consolidated into a separate wallet.

Blockaid also shared details of the alleged exploiter address, identified as:

β€œ0x9bdc730183821b6bb2b51be30b77c964fa645b91”

According to Etherscan data referenced in the reports, the address had been funded through Tornado Cash and showed dozens of transactions connected to the exploit activity.

A separate consolidation wallet reportedly held around 3.07 million DAI, alongside a small ETH balance following the attack.

Squid Distances Core Protocol From Vulnerable Module

Following the reports, Squid issued a clarification stating that the affected SquidRouterModule was not developed, deployed, or operated by the core Squid team.

The protocol explained that the compromised contract was actually a third party Gnosis Safe module that independently integrated with protocols like Squid. The company stressed that there had been no prior operational relationship between Squid and the vulnerable module provider.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.

A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9

β€” squid (@squidrouter) May 25, 2026

According to Squid, the exploit originated from a flaw in the third party module’s message verification system. The module reportedly accepted a fixed string supplied directly by the caller for security validation.

Attackers allegedly exploited the publicly visible verification string found in the contract’s verified code to execute arbitrary call data and steal funds from connected wallets.

Squid emphasized that its own routing contract architecture differs completely from the compromised module. The team added that user funds, authorizations, and protocol integrations tied directly to Squid remain secure and unaffected.

The project also noted that investigations into the incident are still ongoing.

Newsletter Img
Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

βœ… Join readers from Visa, Vanguard, and the FDIC.

Recent Funding Round Draws Attention

The exploit comes shortly after Squid announced the completion of a $6 million funding round led by North Island Ventures.

Other participants included Ripple, Dialectic, Borderless Capital, Scenius Capital, along with angel investors tied to projects such as Axelar, Ledger, Polymer Labs, Enso, and Peanut.

The timing of the exploit has placed additional attention on cross-chain infrastructure security, especially around wallet modules, bridges, and permission systems connected to decentralized finance protocols.

DeFi Security Risks Continue to Grow

The SquidRouterModule exploit adds to a growing list of crypto attacks seen throughout May. Security researchers have recently flagged multiple incidents involving wallet permissions, private key compromises, proxy contracts, and bridge infrastructure.

Industry data cited in recent reports showed that crypto related exploits have resulted in more than $17 billion in losses over the past decade.

Security experts continue warning that attackers are increasingly targeting infrastructure layers surrounding smart contracts instead of focusing only on protocol code itself.

CoinLaw’s Takeaway

In my experience, incidents like this show how dangerous third party integrations can become inside DeFi ecosystems. Even if a core protocol remains secure, connected modules and wallet permissions can quietly become weak entry points for attackers.

I found Squid’s clarification important because it highlights a growing issue in crypto where users often cannot distinguish between official infrastructure and independently built integrations. As DeFi systems become more connected, projects will likely face increasing pressure to audit not only their own code but also the external modules interacting with their ecosystems.

Definition of Blockchain. Link to full glossary entry follows the description.Blockchain

A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security.

Read more

Definition of Smart Contract. Link to full glossary entry follows the description.Smart Contract

A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries.

Read more

Definition of DeFi. Link to full glossary entry follows the description.DeFi

Decentralized finance leverages blockchain protocols and smart contracts to enable lending, trading, and borrowing without banks or traditional intermediaries.

Read more

Definition of Cross-Chain. Link to full glossary entry follows the description.Cross-Chain

Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks.

Read more

This article has been reviewed and fact-checked by Barry Elad. CoinLaw follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add CoinLaw as a Preferred Source on Google for instant updates! Follow on Google News
Share ChatGPT Perplexity

References

  • Etherscan Data for Address - 0xA447F71782135AB96a71374271a749Ff7AA54859
Kelvin Scott

Kelvin Scott

Finance News Analyst


Kelvin Scott, with over 8 years of experience, covers the latest trends in digital assets, financial markets, and regulatory developments. With a strong focus on accuracy and clarity, he delivers timely updates to help readers navigate the fast-changing world of crypto and finance. An avid football fan, he never misses a chance to watch a good match, whether it’s Premier League drama or a local game.

Related Posts

Trusttedvolumes Exploited For 5 8m Usd
Cryptocurrency

TrustedVolumes Loses $5.87M in DeFi Attack Linked to 1inch

Kelp Dao Suffers 292m Usd Hack
Cryptocurrency

Kelp DAO Exploit Drains $292M, Lazarus Group Suspected

Hacker Wallet Linked To Kyberswap And Indexed Finance Hacks Moves Funds
Cryptocurrency

Exploiter Behind $65M DeFi Hacks Resurfaces with $2M Token Selloff

Disclaimer:Β The content published on CoinLaw is intended solely for informational and educational purposes. It does not constitute financial, legal, or investment advice, nor does it reflect the views or recommendations of CoinLaw regarding the buying, selling, or holding of any assets. All investments carry risk, and you should conduct your own research or consult with a qualified advisor before making any financial decisions. You use the information on this website entirely at your own risk.

Reader Interactions

Leave a Comment Cancel reply

Primary Sidebar

Connect With Us

facebook x linkedin google-news telegram pinterest whatsapp email
google-preferred-source-badge Add as a preferred source on Google

You Should Also Read

$4.5M CrediX Hack Underscores DeFi’s Multisig Weakness
Sui DeFi Hit: Volo Protocol Loses $3.5M in Vault Exploit
Secret Network Suffers $4.67M Loss in Bridge Exploit

Table of Contents

  • Key Takeaways
  • What Happened?
  • Blockaid Detects Active Exploit Across Ethereum and Base
  • Squid Distances Core Protocol From Vulnerable Module
  • Recent Funding Round Draws Attention
  • DeFi Security Risks Continue to Grow
  • CoinLaw’s Takeaway
Connect on Telegram

Footer

CoinLaw Logo

Bringing Finance Closer to You.

Connect With Us

Follow Us on Google News

Editorial & Trust

  • About
  • Publishing Principles
  • Fact-Check Policy
  • Corrections Policy
  • Ethics Policy
  • Disclaimer
  • Cookie Policy

Worth Checking

  • Best Cloud Mining Platforms
  • Millennial vs. Gen Z Banking
  • Ethereum Gas Fees Statistics
  • Binance vs. Coinbase Statistics
  • Zelle vs. Venmo Statistics
  • Traditional Banks vs. Neobanks
  • Crypto Exchange Hack Statistics
Contact Us
13570 Grove Dr #189,
Maple Grove, MN 55311,
United States
10β€―a.m. – 6β€―p.m. | Every day

Copyright Β© 2024–2026 CoinLaw. All Rights Reserved. Powered by the HODL Force ❀️

  • Privacy Policy
  • Terms
  • Accessibility Statement
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Company
  • About Us
  • Our Team
  • Our Mission
  • Core Values
Discover
  • glossary icon
    Glossary
  • Stats
    Stats Research Process
  • Brand Guide Icon
    Brand Assets
Categories
  • Cryptocurrency
  • Payments
  • Banking
  • Finance
  • Insurance
Cryptocurrency
Crypto Market Capitalization Statistics
Crypto Market Capitalization Statistics 2026: Totals, Dominance, and Trends
How Many People Use Cryptocurrency Worldwide
How Many People Use Cryptocurrency Worldwide 2026: Global User Count by Year and Region
Stablecoin Market Cap Statistics
Stablecoin Market Cap Statistics 2026: Issuer Share and Growth
Coinbase vs Kraken Statistics
Coinbase vs Kraken Statistics 2026: Volume, Fees, Licenses
Solana vs Ethereum Statistics
Solana vs Ethereum Statistics 2026: TVL, Fees, Validators, ETFs
Uniswap vs PancakeSwap Statistics
Uniswap vs PancakeSwap Statistics 2026: Head-to-Head DEX Data
Payments
Remittances By Country Statistics
Remittances by Country Statistics 2026: Inflows and Cost
Cash App vs Zelle Statistics
Cash App vs Zelle Statistics 2026: Speed, Limits and User Data
Venmo vs. PayPal Statistics
Venmo vs PayPal Statistics 2026: Users, Fees and Volume
Toast Statistics
Toast Statistics 2026: ARR, GPV & Revenue Data
Rapyd Statistics
Rapyd Statistics 2026: TPV, Valuation & Licences
Marqeta Statistics
Marqeta Statistics 2026: TPV, Revenue and Customer Mix
Banking
N26 Statistics
N26 Statistics 2026: Customers, Deposits, Revenue and the BaFin Growth Cap
Revolut vs Monzo Statistics
Revolut vs Monzo Statistics 2026: Customers & Profit
Islamic Banking Statistics
Islamic Banking Statistics 2026: Assets, Growth, and Top Markets
Credit Union Statistics
Credit Union Statistics 2026: Assets, Members, Loans
Banking API Statistics
Banking API Statistics 2026: Market Size, Adoption, and Growth
Citigroup Statistics
Citigroup Statistics 2026: Growth Secrets Inside
Finance
Emergency Fund Statistics
Emergency Fund Statistics 2026: How Much Americans Have Saved (and How Much They Should)
Financial Advisor Statistics
Financial Advisor Statistics 2026: Headcount, AUM, and Demographics
Wealth Inequality Statistics
Wealth Inequality Statistics 2026: Hidden Wealth Divide
Blockchain In Supply Chain Finance Statistics
Blockchain in Supply Chain Finance Statistics 2026: Trade Breakthrough
Blockchain In Healthcare Finance Statistics
Blockchain in Healthcare Finance Statistics 2026: Cost Breakthrough
AI-Powered Robo Trading Statistics
AI-Powered Robo Trading Statistics 2026: Big Insights
Insurance
Lemonade Insurance Statistics
Lemonade Insurance Statistics 2026: Customers, In-Force Premium, Loss Ratio, Pet & Auto Segments
Chubb Statistics
Chubb Statistics 2026: Powerful Data Insights
Virtual Reality In Insurance Statistics
Virtual Reality In Insurance Statistics 2026: Innovations, Risks, and Opportunities
US Life Insurance Industry Statistics
US Life Insurance Industry Statistics 2026: Growth Facts
US Auto Insurance Industry Statistics
US Auto Insurance Industry Statistics 2026: What You Must Know Now
UK Insurance Industry Statistics
UK Insurance Industry Statistics 2026: Growth Data
Categories
  • Cryptocurrency
  • Investments
  • Fintech
  • Compliance
  • Finance
Cryptocurrency
Polymarket Enables Bitcoin Lightning Deposits Via Spark
Polymarket Enables Bitcoin Lightning Deposits via Spark
Tether Usdt Return To Bitcoin Tests Rgb Rollout
Tether USDT Return to Bitcoin Tests RGB Rollout
Vaneck S Avalanche Etf Declares First Cash Payout
VanEck’s Avalanche ETF Declares First Cash Payout
Ctrl Wallet Shuts Down Permanently
Ctrl Wallet Shuts Down Permanently, No Refunds Offered
American Bitcoin Corp Anounces Reverse Stock Split With Btc Holdings Update
American Bitcoin Tops 8,000 BTC After Reverse Split
Bitmine S Eth Holdings Reach 11 1 Billion
Bitmine’s ETH Holdings Reach $11.1 Billion
Investments
Former Tether Cio Seeks To Sell 1 26 Stake
Former Tether CIO Seeks to Sell 1.26% Stake via PJT Partners
Binance Reportedly Set To Lead Mesh S 2b Round
Binance Reportedly Set to Lead Mesh’s $2B Round
Kiwoom Chases Bithumb Stake South Korea
Kiwoom Chases Bithumb Stake as South Korea Crypto Expands
Sbi Seals 288m Bitbank Acquisition
SBI Seals $288M Bitbank Acquisition to Expand in Japan
Kraken Plans 72m Investment In Aave For A Stake
Kraken Eyes Major Aave Deal With $71M Investment Plan
Bybit Launches Pwm 2 0 For Vip2 Wealth Investors
Bybit Launches PWM 2.0 for VIP2+ Wealth Investors
Fintech
21shares Drops Cf Benchmarks For Ftse Across All Crypto Etfs
21Shares Drops CF Benchmarks for FTSE Across Six Crypto ETFs
Crypto Com Launches Loaded Lions Mane City Mobile
Crypto.com Launches Loaded Lions: Mane City Mobile
Sberbank Plans Russian Crypto Wallet Launch
Sberbank Plans Crypto Wallet as Russia Licenses Market
Bitgo Slashes 15 Of Jobs
BitGo Slashes 15% of Jobs to Accelerate AI and Stablecoins
Certik Joins Xdc Network As Validator
CertiK Joins XDC Network to Advance RWA Adoption
Meta Plans Arena Prediction Markets App
Meta Plans Arena Prediction Markets App to Rival Polymarket
Compliance
Coinbase Wins Uk Mifid License For Stocks And Derivatives
Coinbase Wins UK MiFID License for Stocks and Derivatives
South Korea Court Proposes Crypto Seizure Rules
South Korea Court Proposes Crypto Seizure Rules
Ripple Wins Full Mica Casp License In Luxembourg
Ripple Wins Full MiCA CASP License in Luxembourg
South Africa Unveils New Crypto Taxation Framework
SARS Publishes Draft Crypto Tax Guide for Comment
Bridge Secures Mica And Emi Licenses
Bridge Secures MiCA and EMI Licenses Across EU
Bank Of Russia Digital Ruble Rollout Ready
Bank of Russia: Digital Ruble Rollout Ready for September
Finance
Kraken Lets Traders Post Tokenized Stocks As Collateral
Kraken Lets Traders Post Tokenized Stocks as Collateral
Kalshi Targets Ipo After Massive Valuation
Kalshi Targets IPO After Massive Growth and $22B Valuation
Coinbase To Launch Tokenized Us Stocks
Coinbase Sparks New Race With 1:1 Backed Tokenized Stocks
Bitmine Launches 300m Preferred Stock Offering
Bitmine Launches $300M Preferred Stock to Buy More ETH
Coinbase Lists Spacex Pre Ipo Perpetual Futures
Coinbase Lists SpaceX Pre IPO Perpetual Futures
Binance Expands Into 24 7 Us Stocks Trading
Binance Expands Into US Stocks With New bStocks Service
Newsletter Img

Too much noise in crypto?

We respect your time. You get one high-impact briefing a week. If the market is quiet, so are we.

βœ… Join readers from Visa, Vanguard, and the FDIC.
Newsletter Img

The Weekly Briefing

We track the market 24/7. You get a 5-minute summary. If it’s quiet, we skip it.

βœ… Read by pros at Visa, Vanguard, and the FDIC.