$3.2M Stolen from Gnosis Safe Wallets via SquidRouterModule Exploit

On May 25, a security warning was issued regarding a significant exploit affecting 86 Gnosis Safe wallets. The vulnerability targeted the SquidRouterModule smart contract, causing confusion due to its similarity in name to the official Squid Router network.

The attack resulted in the theft of approximately $3.2 million, which was then converted into DAI tokens using Uniswap V3 pools controlled by the attacker. This process involved exploiting a flaw in the design of the third-party Gnosis Safe module itself.

According to reports, users had authorized these contracts within their Gnosis Safes with elevated privileges without requiring user signatures. The root cause lies in the contract's ability to accept an immutable string provided by the caller as proof of the message's security, which could be bypassed using publicly available source code.