- Hackers stole roughly $3 million from 86 Gnosis Safes on SquidRouterModule.
- Solely wallets that had beforehand accredited weak third-party modules had been focused.
- Squid’s main router contracts and person funds had been unaffected by this exploit.
In line with a Blockaid report, hackers exploited a weak third-party SquidRouterModule linked to the Squid ecosystem.
In a latest put up on X, the enterprise-grade Web3 safety platform stated it exfiltrated roughly $3 million from 86 Gnosis Safes in roughly two hours earlier than exchanging the tokens for DAI by way of an attacker-controlled Uniswap V3 pool.
What made the exploit potential?
Whereas offering particulars of the assault, Blockaid famous that the assault was potential as a result of the affected wallets had beforehand approved a weak third-party module with broad transaction privileges. This allowed attackers to impersonate trusted customers and carry out faux Uniswap V3 swaps with out requiring direct authorization from the pockets proprietor.
Within the X thread, Blockaid defined that the attackers funded their wallets with 2.1 ETH by Twister Money earlier than launching the assault, after which carried out automated assaults towards each the Ethereum and Base networks. The hackers’ subsequent actions had been to take away liquidity from the pool and convert the stolen property into roughly 3.07 DAI that was of their wallets on the time of Blockaid’s reporting.
Associated: DeFi insurance coverage hole prices billions as hacks proceed to rise
Gnosis’ core infrastructure is safe
It’s noteworthy that the reported assault didn’t have an effect on Gnosis’ core Secure infrastructure. Data from Squid and a number of blockchain safety corporations revealed that the vulnerability arose by a separate third-party module built-in into some Secure wallets. Solely customers who trusted and interacted with that module previously had been affected by the exploit.
In line with Squid’s announcement relating to the exploit, its core workforce was not concerned in constructing, deploying, or working the weak contract, regardless of the same identify. The corporate defined that the exploit was potential as a result of the module accepted a publicly recognized fixed string as proof of authorization, permitting hackers to carry out arbitrary transactions and not using a legitimate pockets signature.
Within the meantime, Squid instructed group members that it’s monitoring the scenario and can share updates if something important modifications. The corporate additionally confirmed that no main router contracts or person funds had been affected by the exploit.
Associated: Echo Protocol hack steals $816,000 in faux eBTC mints
Disclaimer: The knowledge contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any variety. Coin Version is just not answerable for any losses incurred on account of using the content material, merchandise, or companies talked about. We encourage our readers to conduct due diligence earlier than taking any motion associated to our firm.