Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Industry

Gnosis Safe Users Hit by $3M Exploit Tied to Fake Token Scheme

The company said the vulnerable contract was integrated with Squid but was not built, deployed, or operated by its team.

Written By Iyiola Adrian
Fact Checked by Shubham Soni
Published 2026-05-25·Updated 2 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Gnosis Safe Users Hit by $3M Exploit Tied to Fake Token Scheme

Key Highlights

  • About $3M was stolen from 86 Gnosis Safe wallets on Ethereum and Base in about two hours.
  • The attack reportedly exploited a vulnerable third-party module (SquidRouterModule) that let attackers act like trusted users and drain funds.
  • The stolen assets were swapped into DAI and moved into one main wallet (~3.07M DAI) after being drained through fake tokens and Uniswap V3 pools.

A $3M exploit hit 86 Gnosis Safe wallets on Ethereum and Base on Monday, after attackers allegedly used a vulnerable third-party module known as SquidRouterModule.

The issue was flagged by blockchain security firm Blockaid, which said on X that it was monitoring the active attack as funds were being stolen from many wallets at the same time.

🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.

86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵

— Blockaid (@blockaid_) May 25, 2026

According to the firm, the attack lasted about two hours, and the stolen funds were quickly converted into DAI stablecoin using Uniswap V3 pools controlled by the attacker.

How the attack happened

According to Blockaid, attackers used a flaw in the module’s executeSameChainActions() function, which allowed unauthorized execution inside Safe accounts. This gave attackers the ability to impersonate approved delegates and run actions as if they were legitimate users of the Safe system.

Blockaid reported that attackers deployed Foundry-based exploit contracts to trigger delegated calls through the vulnerable module. These calls allowed them to perform token swaps directly from victim Safes. A fake token called “u” was reportedly created with a large supply and was only used for the attack.

The token was paired with real assets inside pre-funded Uniswap V3 liquidity pools. After draining funds from Safes, attackers removed liquidity and completed swaps into stablecoins.

The stolen assets were then routed into a consolidation wallet reportedly holding about 3.07 million DAI, which became the main storage address for the proceeds.

On-chain data showed repeated drain patterns across multiple wallets, confirming that 86 Safes were affected across the Ethereum and Base networks. 

Squid clarification and response

Squid, a decentralized cross-chain liquidity platform, quickly responded to the incident on X, clarifying that the “SquidRouterModule” contract was not part of its official system.

“This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed,” the team wrote.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.

A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9

— squid (@squidrouter) May 25, 2026

They also confirmed that their official router contract (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) was not involved and is still safe.

Squid further stated that the issue came from a third-party Safe module that accepted a caller-supplied constant string as proof of authorization, which was visible in the contract code. 

Because victims had added this module as a trusted Safe extension, it gained permission to execute transactions without requiring signatures. 

The confusion stemmed from the similarity in contract names, which made the vulnerable module appear associated with Squid despite having no direct operational connection to the platform.

Crypto exploits continue in 2025

This incident adds to a growing list of exploits in 2026. According to recent data from PeckShield, hackers have stolen about $328.6 million across eight bridge-related exploits this year alone.

Separate data from Defillama showed that total crypto losses have exceeded $16.5 billion over time, with cross-chain bridge attacks accounting for roughly $3.22 billion of those losses.

Also Read: Verus Hacker Returns $8.5M After Bridge Exploit Deal

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Coinbase's SEC Slayer Paul Grewal Quits for a Mystery Startup
Coinbase’s SEC Slayer Paul Grewal Quits for a Mystery Startup
How Ethereum's AI Agents Are Finding Real Security Vulnerabilities
How Ethereum’s AI Agents Are Finding Real Security Vulnerabilities
MARA Stock Jumps 11% After Texas Power Site Acquisition Deal
MARA Stock Jumps 11% After Texas Power Site Acquisition Deal
LAB Burns 1% of Token Supply After 90% Price Collapse
LAB Burns 1% of Token Supply After 90% Price Collapse
Solana Policy Institute Pushes CFTC to Rethink Crypto Rules
Solana Policy Institute Pushes CFTC to Rethink Crypto Rules

Find Us on Socials

You may also like

Relay Warns of Scam Tokens Vanishing on Robinhood Chain

Relay Warns of Scam Tokens Vanishing on Robinhood Chain

Quantum Threat? BitGo Adds New Protection for Bitcoin Wallets

Quantum Threat? BitGo Adds New Protection for Bitcoin Wallets

Ondo Expands Solana Push With 24/7 Tokenized Stock Liquidity

Ondo Expands Solana Push With 24/7 Tokenized Stock Liquidity

Kalshi Pushes Perpetual Futures Beyond Crypto With CFTC Talks

Kalshi Pushes Perpetual Futures Beyond Crypto With CFTC Talks

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information