Key Highlights
- About $3 million vanished from 86 Gnosis Safe wallets-Ethereum and Base-within the span of two curfews.
- The filth found its way in through a crooked third‑party module called SquidRouterModule, a chap that pretended to be a trusted overseer.
- Swallowed gone, the loot was politely shuffled into DAI and tucked away in a single pot of roughly 3.07 million DAI.
All of this happened Monday, the day the system let thieves cruise in behind a curtain named SquidRouterModule, rattling the banks of 86 Gnosis Safes on both Ethereum and Base.
A blockchain watchdog, Blockaid, raised a red flag on X and kept an eye on the graveyard rain as the money ran a tight sprint.
🚨 Blockaid spotted a sly attack on SquidRouterModule across Ethereum and Base.
86 Safes drained for nearly $3 million in about two hours.
All stolen tokens liquidated into DAI through attacker‑run Uniswap V3 pools.
More details in🧵– Blockaid (@blockaid_) May 25, 2026
In two sun‑kissed hours, the thieves hauled their loot into DAI, slipping it through Uniswap V3 pools the like of which the attackers owned.
How the Debacle Unfolded
Blockaid said the culprit exploited a flaw in the executeSameChainActions() routine, allowing the would‑be good guys to swallow the whole account list as if they were the authorized owner.
The attackers built Foundry‑based contracts and rushed in through the faulty module, poking at Safes like a husband trying to switch his wife’s casserole recipe.
They concocted a phantom token named “u” with a fat supply, only to use it as a buzzword for the heist.
The token squeezed into pre‑seeded Uniswap V3 pools, drained the Safes, and slid the money into stablecoins.
All lied in a single vault, humming with about 3.07 million DAI-vital to keep the thieves in their bookkeeping.
On‑chain monitoring confirmed the same old chorus across the banks: 86 Safes were on the playlist across Ethereum and Base.
Squid’s Apology and the Real Story
A whistle‑blowing statement from Squid showed a lot of confusion. The team declared that the bug lay in a third‑party module that wasn’t part of their official system.
“This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed,” the project said.
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.
A third‑party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2 million in losses. The vulnerable…
– squid (@squidrouter) May 25, 2026
They reminded everyone that their official router, with its own secure address, was bona fide and still good for business.
By contrast, the module in question accepted a constantly passed string as proof of authorization-like a signed letter that everyone reads, but nobody checks.
With the module in place, victims had handed over the keys before they even noticed the sneaking fox, and the trap was sprung.
Crypto Plunder Keeps on Rising
This is one of many frantic episodes that have marked 2026: PeckShield’s numbers show hackers raking in a staggering $328.6 million across eight bridge‑related breaches so far.
Raw cross‑chain findings from Defillama tally the total blockchain losses at over $16.5 billion, with bridge attacks alone draining about $3.22 billion.
Read More
- USD TRY PREDICTION
- CNY JPY PREDICTION
- USD JPY PREDICTION
- USD HKD PREDICTION
- Brent Oil Forecast
- USD CNY PREDICTION
- NEAR PREDICTION. NEAR cryptocurrency
- BCH PREDICTION. BCH cryptocurrency
- Ethereum to $24K? Jolly Good Show, What?
- Hong Kong’s Strict Stablecoin Rules: Only 2 Licenses Out of 36 Applications Approved!
2026-05-25 20:47