The developers of the cross-chain bridge Squid have denied any involvement with the SquidRouterModule contract, which was breached for approximately $3 million. The security incident was reported by experts at Blockaid.
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵— Blockaid (@blockaid_) May 25, 2026
According to their information, the attack affected 86 wallets on the Ethereum and Base networks. It was also reported by PeckShieldAlert. Their data indicates that the attacker funded the address through Tornado Cash with 2.1 ETH and exchanged the stolen funds for 3 million DAI.
Squid stated that hackers breached a third-party Gnosis Safe module. The vulnerable contract is registered on Basescan as SquidRouterModule, but it is not associated with the main project. It is a third-party product in the form of a smart wallet that chose to integrate with Squid.
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.
A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9
— squid (@squidrouter) May 25, 2026
“The attack succeeded because the third-party module accepted a provided fixed string as message security confirmation. By passing it, one could execute an array of arbitrary call data and steal funds,” the developers stated.
Users of Safes added the vulnerable contract as a trusted module, granting it the right to spend any tokens without a signature. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) has a different architecture and was not affected.
“This contract bears our name but is not our code,” Squid concluded.
Investments
Days before the incident, Squid announced securing $6 million in funding. The project is a cross-chain infrastructure platform initially developed within the Axelar ecosystem.
We are proud to announce that Squid has raised $6M in funding round led by North Island Ventures and backed by strategic investors!
Our new chapter has begun, with more news coming soon. Today we celebrate and say thank you. CHEERS 💫 pic.twitter.com/4xzUCt8eEa
— squid (@squidrouter) May 22, 2026
North Island Ventures led the funding round, with participation from Ripple, Dialectic, and Borderless.
In total, the project has raised $13.5 million — $3.5 million in 2023 and $4 million in 2024.
Since its launch in 2023, the platform has processed over 4 million transactions totaling more than $6 billion. It has served 1 million users through its own application and partner integrations.
Squid generates revenue through corporate services and plans to introduce transaction fees. Existing tools allow asset transfers between different blockchains such as Bitcoin, Ethereum, Solana, Cosmos, and XRP Ledger.
The developers of the latter are official partners of Squid in bridge creation, managing a network validator and participating in project governance.
Back in April, an unknown individual exploited a vulnerability in the Hyperbridge cross-chain bridge smart contract, gained administrator rights, and issued 1 billion DOT.