Sabitlenmiş Tweet
squid
4.6K posts
squid
@squidrouter
Everything is here, you just have to look. Seamless execution across 100+ networks ✨
Katılım Temmuz 2022
25 Takip Edilen54.9K Takipçiler
@GuavySentiment This is a third-party exploit unrelated to Squid's core protocol and contracts. Squid user funds, approvals, and integrations are unaffected by this exploit and remain fully secure.
For more information, please read our announcement below.
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
📉🔻 DAI - $3 Million SquidRouterModule Exploit Rocks Ethereum and Base
Sentiment: -4 | Clout: 80 | Speculation: 4/10 | 📉 $Squid Bearish Confidence: 8/10
A recent DeFi exploit targeting the SquidRouterModule on Ethereum and Base has drained $3 million from 86 Gnosis Safes in just two hours. The attacker converted stolen assets into DAI through Uniswap V3 pools, highlighting the ongoing risk of smart contract vulnerabilities in the crypto space.
#DAI #CRYPTO #DeFi #Crypto #Blockchain
English
@EyeWhales This is a third-party exploit unrelated to Squid's core protocol and contracts. Squid user funds, approvals, and integrations are unaffected by this exploit and remain fully secure.
For more information, please read our announcement below.
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
@WizzyOnChain This is a third-party exploit unrelated to Squid's core protocol and contracts. Squid user funds, approvals, and integrations are unaffected by this exploit and remain fully secure.
For more information, please read our announcement below.
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
@timmi_arno @gnosis_ This is a third-party exploit unrelated to Squid's core protocol and contracts. Squid user funds, approvals, and integrations are unaffected by this exploit and remain fully secure.
For more information, please read our announcement below.
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
🚨 $3,000,000 DRAINED from Squid Router in fresh exploit!
Hackers exploited SquidRouterModule on @gnosis_ Safe wallets (Ethereum & Base). 86+ multisigs emptied.
Attacker wallets:
• 0x9bdc730183821b6bb2b51be30b77c964fa645b91
• 0xa447f71782135ab96a71374271a749ff7aa54859 (holds ~3.07M ethereum:0x6b175474e89094c44da98b954eedeac495271d0f)
Funds swapped to ethereum:0x6b175474e89094c44da98b954eedeac495271d0f and consolidated. More details soon if the project doesn’t get a white hat return.
Blockaid@blockaid_
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base. 86 Gnosis Safes drained for ~$3M in ~2 hours. All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools. More details in 🧵
English
🚨 86 Gnosis Safes just got drained for ~$3.2M in two hours. The exploited contract is named "SquidRouterModule," but Squid's official protocol @squidrouter was NOT hacked.
Here is how it actually happened 👇
THE EXPLOIT
> A third-party Gnosis Safe module on Ethereum and Base was exploited for ~$3.2M
> All stolen funds were instantly swapped to DAI via attacker-controlled Uniswap V3 pools
THE FLAW
> Victims had added this module as a "trusted Safe Module," giving it permission to spend tokens without user signatures
> The module used a publicly visible string as "proof" of security. Attackers simply copied this string to bypass signatures and drain wallets at will
THE CONFUSION
> Early reports blame "SquidRouter" because the attacker's contract was deceptively named "SquidRouterModule" on Basescan
> Squid did not build, deploy, or operate this contract. It was a third-party tool that merely integrated with Squid
> The official Squid router and all user funds are completely unaffected. No action is needed if you use the real protocol.
English
@TheBlockCo Squid is safe and remains unaffected
This was a third party module
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
'We don't know who deployed this': Squid distances itself from $3.2 million third-party module exploit theblock.co/post/402487/we…
English
Please share widely.
a third-party module was exploited, not Squid’s Router contract. The contract shares our name but is not our code.
Squid remains safe and unaffected.
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
🚨 ‘We don’t know who deployed this’: Squid distances itself from $3.2 million third-party module exploit
theblock.co/post/402487/we…
English
@ItsBitcoinWorld This was a third party, not Squid itself
Squid remains unaffected
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
On-chain security firm Blockaid has identified an active attack targeting the SquidRouterModule of the cross-chain protocol Squid. #BLOCKCHAIN #CRYPTOCURRENCY #DeFi #hack #Security
bitcoinworld.co.in/blockaid-squid…
English
LATEST: According to @blockaid_, an ongoing exploit targeting the SquidRouterModule on Ethereum and Base has drained 86 Gnosis Safes for nearly $3M in under 2 hours, with stolen funds swapped to DAI through attacker-controlled Uniswap V3 pools.
English
Live exploit targeting @squidrouter flagged by @blockaid_.
86 Gnosis Safes drained.
~$3M gone in ~2 hours.
Ethereum and Base are affected.
The attacker forced swaps through @Uniswap V3 pools and ended up with ethereum:0x6b175474e89094c44da98b954eedeac495271d0f.
If you use @safe, check your modules now.
English
fwiw, @squidrouter users are safe.
This is an unrelated incident as mentioned below 👇
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
@MAXdeg0 This is not accurate.
Squid was unaffected
x.com/squidrouter/st…
squid@squidrouter
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
English
🚨 Squid Protocol was hacked
An attacker compromised 86 Gnosis Safe wallets across Ethereum and Base, draining over $3M within hours.
The stolen funds were quickly swapped into DAI through Uniswap pools.
Another reminder that in DeFi, security is only as strong as the weakest integration.
English
@PeckShieldAlert Wow. Sad. Announced funding just days ago and now exploited?
English
#PeckShieldAlert The SquidRouterModule has been exploited for ~$3M in assets.
The exploiter, who was originally funded with 2.1 $ETH from #TornadoCash, has swapped the stolen funds for ~3M $DAI. The stolen assets are currently sitting in the exploiter's wallet 0xA447...54859
English
🚨 SquidRouterModule Exploit Drains ~$3M
@blockaid_ said an ongoing exploit targeted SquidRouterModule on #Ethereum and #Base.
The attack drained 86 Gnosis Safes for around $3M, with stolen funds swapped into DAI via attacker-controlled Uniswap V3 pools.
Blockaid@blockaid_
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base. 86 Gnosis Safes drained for ~$3M in ~2 hours. All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools. More details in 🧵
English
@0xAirr @blockaid_ Squid was unaffected!
A third-party module was exploited, not Squid’s Router contract. The contract shares our name but is not our code.
Squid remains safe and unaffected.
English
This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.
A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us.
The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure.
Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.
Blockaid@blockaid_
🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base. 86 Gnosis Safes drained for ~$3M in ~2 hours. All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools. More details in 🧵
English
This funding round is the start of our next (and most exciting) chapter at Squid.
We can't wait to show you 🫧
squid@squidrouter
We are proud to announce that Squid has raised $6M in funding round led by North Island Ventures and backed by strategic investors! Our new chapter has begun, with more news coming soon. Today we celebrate and say thank you. CHEERS 💫
English