A vulnerability tied to a third-party Safe wallet module has led to the theft of about $3.2 million across Ethereum and Base after attackers exploited delegated execution permissions to drain dozens of smart accounts within roughly two hours. Blockchain security firm Blockaid said the exploit targeted a contract identified as SquidRouterModule, affecting at least 86 Gnosis Safe wallets, before the stolen assets were converted into Dai through attacker-controlled Uniswap V3 pools. https://twitter.com/blockaid_/status/2058875782810726556 Data shared by the firm showed that the attacker later consolidated the proceeds into a wallet holding roughly 3.07 million DAI. On-chain records linked by Blockaid identified the exploiter address as 0x9bdc730183821b6bb2b51be30b77c964fa645b91 . Etherscan data cited by Lookonchain showed the address had been funded through Tornado Cash and recorded 52 transactions on May 25. https://twitter.com/PeckShieldAlert/status/2058887446268645747? The same investigation also traced one example drain transaction executed at 06:25 UTC, where stolen assets, including USDC, ENA, and USDT, were routed through Uniswap V3 liquidity pools before conversion. How was the exploit executed? Early findings from Blockaid suggested the exploit originated from a flaw inside the executeSameChainActions() function of the third-party module rather than from Safe’s core infrastructure. According to the firm, the attacker deployed Foundry-based exploit contracts that abused the module’s DelegateBundler execution path to impersonate authorized delegates connected to victim wallets. Once the verification checks were bypassed, the attacker could trigger arbitrary swaps directly from the affected Safes without needing the normal multisignature approvals required by the wallet system. Blockaid said the exploit allowed the attacker to exchange legitimate assets for a worthless attacker-created token identified as “u,” before liquidity was removed and the proceeds were converted into DAI. Delegate impersonation suspected in module exploit Further technical analysis shared by SlowMist founder Cos suggested the issue was not tied to compromised private keys. In a translated post on X, Cos said sampled victim wallets were mostly configured as single-signature Safes owned by different users, while the real weakness appeared to come from vulnerable wallet modules attached to those accounts. According to Cos, attackers were able to forge messages and bypass module verification checks, allowing unauthorized redemption and transfer operations from the targeted Safe wallets. The researcher also pointed to the same consolidation wallet identified by Blockaid, where the stolen funds were reportedly settled. Attacker’s wallet holding DAI. Source: Etherscan. The exploit basically relied on how Safe modules operate inside smart contract wallets. Unlike standard Safe transactions that require multiple owner approvals, modules can execute actions directly once users grant them trusted permissions. The flaw inside the SquidRouterModule appeared to stem from improper identity validation, which allegedly allowed malicious payloads to masquerade as approved delegates. Because the module already possessed broad execution permissions inside the connected wallets, the forged requests were reportedly treated as legitimate instructions by the Safe contracts themselves. Affected wallets not linked to Safe Safe Labs CEO Rahul Rumalla later said the compromised accounts “do not seem to be operated on official Safe Wallet product,” adding that investigators still do not know where the wallets were originally created and managed. https://twitter.com/rsquare/status/2058901005664690228 Rumalla stated that the affected wallets were likely deployed through external integrations rather than through Safe’s official interface. Rumalla also said Safe Shield, the company’s built-in warning system powered by Blockaid, had already identified the module as malicious before the incident. According to him, the protection system alerts users when unverified modules or guards request dangerous permissions. Squid denies involvement Meanwhile, Squid denied that its own routing infrastructure or core contracts had been breached. In a statement posted on X, the team said the exploited contract merely shared the SquidRouterModule name and had no connection to Squid’s production router architecture. The protocol added that all Squid users and integrators remained unaffected, while describing the incident as a third-party smart-wallet module exploit unrelated to Squid’s official contracts or services. https://twitter.com/squidrouter/status/2058890710611276238 The attack has added to a growing list of DeFi security incidents reported in 2026. As previously reported by Invezz , last week, Echo Protocol suffered an exploit on Monad after attackers minted roughly $76.7 million worth of unauthorized eBTC tokens through what researchers later linked to an admin key compromise. Investigators in that case also said the blockchain itself was not breached, while weak operational controls surrounding delegated permissions and mint authority allowed the exploit to escalate. The post Here’s how attackers drained $3.2M from Safe wallets on Ethereum and Base appeared first on Invezz
