Recently, the cross-chain router Squid protocol had to stand out in the face of a hacking incident that occurred on a third-party module of its system. This hacking allowed approximately 3.2 million dollars to be siphoned off on platforms like Ethereum and Base. Following this incident, Squid took steps to clarify its position and reassure its users. This text highlights the facts surrounding this hacking and the reactions of the Squid team.
A devastating hack on Gnosis Safe
The hack primarily affected the Gnosis Safe, a module in which about 86 accounts were drained in the span of two hours. This attack, confirmed by companies specializing in blockchain security, underscores the vulnerabilities present in decentralized systems. The hackers managed to exchange the stolen tokens for Dai (DAI) through Uniswap V3 pools, which helped conceal the traces of their transactions.
Squid dissociates from the compromised contract
Following this avalanche of revelations, the Squid team quickly distanced itself from the compromised smart contract, clarifying that “this contract bears our name but is not our code.” They specified that no Squid user was affected by this hacking. Initial reports created some confusion by associating the name “SquidRouter” with this compromised module.
A poorly integrated third-party contract
The implicated contract is referred to as SquidRouterModule on Basescan, complicating the understanding of the events. The Squid team has been clear that it was not involved in the drafting or deployment of this contract on the blockchain. This product is considered a third-party smart wallet, integrated with several protocols, including Squid itself.
A retrospective on the funding of the attack
According to analyses by the security company PeckShield, the hacker was initially funded with 2.1 ETH through Tornado Cash, a service often associated with mixing operations to conceal the origin of funds. This highlights the various means available to attackers to design and execute their hacking strategies.
The hacker’s wallet, identified as 0xA447…54859, contained all of the stolen assets, revealing the extent of this systemic attack and the sophistication of the actors involved.
The implications of this hacking for Squid and the blockchain sector
The repercussions of such an incident are not limited to Squid. This hacking raises broader questions regarding the security of blockchain systems, particularly concerning third-party smart contracts. At a time when blockchain continues to evolve, securing projects has become essential to gain and maintain user trust. Examples of security in the blockchain sector and case studies can be consulted to prepare for the future and avoid such vulnerabilities, as illustrated in this article on the revolutionary impact of blockchain on the banking sector.
To stay informed about developments and avoid future similar incidents, cryptocurrency, blockchain companies, and other sectors must turn to advanced security solutions, and perhaps consider adopting some of the high-tech security technologies featured in other articles here.
In this era of increasing cybersecurity, it is more essential than ever to remain vigilant and adopt a proactive approach to potential threats, as this invasion shows that the security of online assets should not be taken lightly.
