A vulnerability in an external module associated with Gnosis Safe (rebranded as Safe) multi-signature wallets enabled an attacker to siphon roughly $3.2 million from 86 user accounts on Ethereum and Base networks. The rapid operation occurred within approximately two hours on May 25, 2026, drawing immediate attention from leading blockchain security monitors. Blockchain security platforms Blockaid and PeckShield promptly identified and disclosed the incident.
Their investigations pointed to a contract named SquidRouterModule, which certain Safe owners had installed as an optional extension for handling delegated operations or routing tasks.
Officials from both Safe and the legitimate Squid cross-chain protocol emphasized that the module was neither created nor endorsed by their teams.
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵— Blockaid (@blockaid_) May 25, 2026
The core protocols of both projects remained fully operational and untouched.
The flaw centered on inadequate caller authentication within the module.
Specifically, the contract’s design has now permitted impersonation of authorized entities through various forms of manipulated inputs in functions such as executeSameChainActions.
This allowed the perpetrator to trigger token movements and swaps directly from the compromised Safes without needing multi-signature owner confirmations.
#PeckShieldAlert The SquidRouterModule has been exploited for ~$3M in assets.
The exploiter, who was originally funded with 2.1 $ETH from #TornadoCash, has swapped the stolen funds for ~3M $DAI. The stolen assets are currently sitting in the exploiter's wallet 0xA447…54859 pic.twitter.com/RAmpIZQhQh— PeckShieldAlert (@PeckShieldAlert) May 25, 2026
Assets were funneled through pre-deployed Uniswap V3 liquidity pools set up by the attacker, then converted predominantly into DAI.
The proceeds—around $3.07 million in DAI—were gathered into a primary wallet address starting with 0xa447f71782135ab96a71374271a749ff7aa54859. Funding for the attack reportedly traced back to approximately 2.1 ETH withdrawn from Tornado Cash.
This breach highlights persistent challenges in the DeFi ecosystem concerning modular wallet extensions.
While Safe’s multi-signature framework is engineered to demand collective approvals for high-risk actions, third-party modules can create unintended bypass routes if they fail to enforce strict origin verification or context checks.
Users who enabled this particular module inadvertently expanded their wallet’s attack surface.
In response, security experts are urging Safe users to audit all enabled modules, revoke permissions for unfamiliar or inactive ones, and prioritize vetted integrations only.
The incident reinforces the principle that wallet security depends heavily on the strength of every connected component.
Both Safe and Squid teams advised the community to exercise heightened caution with any add-ons promising automation or cross-chain features.
No recoveries have been reported so far, and the attacker’s wallet continues to hold the consolidated funds.
On-chain analysts are tracking potential movements while law enforcement and security firms pursue further attribution.
The incident adds to recent DeFi security concerns, serving as a stark illustration of how quickly automated exploits can scale across permissioned environments. The broader crypto ecosystem is now being reminded that self-custody tools, while empowering, require diligent maintenance. Regular permission reviews and thorough due diligence on external contracts remain essential practices to mitigate similar risks.