Squid says $3.2M attack unrelated to core protocol

Cross-chain protocol Squid has clarified that the 'SquidRouterModule' contract involved in a recent attack worth approximately $3.2 million was not developed, deployed, or operated by the project. Squid explained that the contract is a third-party module based on Gnosis Safe and is structurally completely different from its own router contract. The attacker reportedly exploited a vulnerability in the module's public fixed-string verification to execute arbitrary call data and steal the funds. The company added that the affected Gnosis Safes had registered the module as a trusted module, which enabled asset transfers without requiring signatures. Squid emphasized that its router contracts, user funds, approvals, and integrated services were not affected.