Squid Distances Itself From $3.2 Million Hack of Lookalike Third-Party Contract

Cross-chain router Squid disowned a third-party Gnosis Safe module called SquidRouterModule after attackers drained approximately $3.2 million across Ethereum and Base. The exploit targeted 86 Gnosis Safe accounts within a two-hour window, according to blockchain security firm Blockaid.

The attackers leveraged a lookalike contract to deceive users into interacting with malicious code. Blockaid tracked the theft in real-time, observing perpetrators converting stolen tokens into Dai (DAI) stablecoin, a common obfuscation tactic that makes fund tracing harder for investigators.

Squid's response emphasizes the distinction between official protocol infrastructure and third-party integrations built atop it. The SquidRouterModule was not developed or maintained by Squid's core team, reducing the protocol's direct liability. This separation matters legally and operationally, though it creates a trust problem for users who conflate branding with legitimacy.

The incident underscores a persistent vulnerability in DeFi infrastructure. Gnosis Safe modules extend functionality for contract wallets, but they also expand the attack surface if poorly audited or maliciously designed. Users approving third-party modules assume counterparty risk without always understanding the implications.

The $3.2 million loss reflects the volume moving through these composable systems. Squid, which facilitates cross-chain swaps and routing, operates in a competitive space alongside 1inch, 0x, and other aggregators. A security incident tied to the brand, even tangentially, risks confidence erosion.

Blockaid's rapid detection and public flagging prevented potentially larger losses. The firm's monitoring of token flows and contract interactions caught the exploit before attackers could move funds further down the chain. This points to improved ecosystem vigilance compared to earlier DeFi summers when hacks went undetected for hours.

Squid's official distancing also serves as a reminder that protocol governance and security responsibility lie with developers. Third-party modules built on top of core infrastructure inherit risk but