Lights, camera, crypto disaster-Squid tried to reel in a $3.2 million shark only to find it had swapped its bait and vanished into the ether.
Like a bad sequel that never made the cut, the so‑called SquidRouterModule was a third‑party Gnosis Safe module that the attackers bit off, and then bled away roughly $3.2 million across Ethereum and Base in a frantic 86 accounts and only two hours.
Squid’s “Whoops…I Didn’t Mean to Do That” Moment
Blockaid reported the helter‑skelter: the bad guys whisked the loot into DAI via wilfully curated Uniswap V3 pools-classic “copycat” style.
Meanwhile, PeckShield spun a side plot: the villain was first funded with a modest 2.1 ETH from Tornado Cash, then slipped the stolen treasure into a wallet starting 0xA447…54859, where it now sits like a tired star waiting for its own show.
Follow us on X to catch the next episode of this crime‑family drama.
#PeckShieldAlert The SquidRouterModule has been exploited for ~$3M in assets.
The exploiter-originally funded with 2.1 $ETH from #TornadoCash-has swapped the stolen funds for ~3M $DAI. The stolen assets are currently sitting in the exploiter’s wallet 0xA447…54859– PeckShieldAlert (@PeckShieldAlert) May 25, 2026
In true Hollywood fashion, Squid spilled the beans on X, clarifying that the contract’s name made a cameo but it was not part of Squid’s original script. None of the audience-aka users-were harmed.
“Early public reporting may reference ‘SquidRouter’ due to the contract’s verified name on Basescan. The accurate framing is: a third‑party SquidRouterModule was exploited, not Squid’s Router contract,” the team announced.
The fiasco highlighted how those on Basescan, where the busted module sits under “SquidRouterModule,” caused a plot twist early on. Squid’s real router-operating from 0xce16F69375520ab01377ce7B88f5BA8C48F8D666-is happily unharmed, with all user balances, approvals, and integrations still in their rightful place.
“The exploit worked because the third‑party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes added this faulty contract as a trusted Safe Module, giving the contract the ability to spend any tokens in the Safe without signatures,” the protocol explained.
In a season of relentless plot twists, this episode is just one in a string of crypto capers this month-DefiLlama tracked more than 20 exploits in May 2026. And if your theater seats are still empty, stay tuned: the next thief might just borrow your theme music.
https://www.youtube.com/watch?v=k_hnS1RjsJI
Read More
- USD CNY PREDICTION
- Silver Rate Forecast
- Gold Rate Forecast
- EUR HKD PREDICTION
- USD THB PREDICTION
- CNY JPY PREDICTION
- USD RUB PREDICTION
- GBP EUR PREDICTION
- USD AUD PREDICTION
- Gogol’s Tale: Templeton’s Crypto Circus Marches On!
2026-05-26 08:06