The creators of the cross-chain bridge Squid have disavowed any association with the SquidRouterModule contract, which was compromised for approximately $3 million. Specialists from Blockaid initially reported the incident.
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵— Blockaid (@blockaid_) May 25, 2026
According to their findings, the attack affected 86 wallets across the Ethereum and Base networks. PeckShieldAlert also published information about the event. The perpetrator funded an address via Tornado Cash with 2.1 ETH and then exchanged the stolen funds for 3 million DAI.
Squid stated that the hackers compromised a third-party Gnosis Safe module. While the vulnerable contract is registered as SquidRouterModule on Basescan, it is not linked to the main project. This is an external product in the form of a smart wallet that chose to integrate with Squid.
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.
A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9
— squid (@squidrouter) May 25, 2026
“The attack succeeded because the third-party module accepted a provided fixed string as confirmation of message security. If passed, it allowed the execution of arbitrary call data and the theft of funds,” the developers’ statement read.
The safe users had added the vulnerable contract as a trusted module, granting it the authority to spend any tokens without requiring a signature. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) has a different architecture and was not impacted.
“This contract bears our name, but it is not our code,” Squid concluded.
Investments
A few days prior to the incident, Squid announced that it had secured $6 million in funding. The project is a cross-chain infrastructure platform that initially developed within the Axelar ecosystem.
We are proud to announce that Squid has raised $6M in funding round led by North Island Ventures and backed by strategic investors!
Our new chapter has begun, with more news coming soon. Today we celebrate and say thank you. CHEERS 💫 pic.twitter.com/4xzUCt8eEa
— squid (@squidrouter) May 22, 2026
The funding round was spearheaded by North Island Ventures, with participation from Ripple, Dialectic, and Borderless.
In total, the project has raised $13.5 million, including an additional $3.5 million in 2023 and $4 million in 2024.
Since its launch in 2023, the platform has facilitated over 4 million transactions totaling more than $6 billion. It has served 1 million users through its own application and partner integrations.
Squid generates revenue from corporate services and plans to introduce transaction fees. Its tools enable the movement of assets between various blockchains such as Bitcoin, Ethereum, Solana, Cosmos, and XRP Ledger.
The developers of XRP Ledger are an official partner of Squid in creating bridges. They manage a validator within the network and participate in the project’s governance.
As a reminder, in April, an unidentified individual exploited a vulnerability in the smart contract of the Hyperbridge cross-chain bridge, gaining administrative rights and minting 1 billion DOT tokens.