Squid closed a $6 million strategic funding round on May 25. The next day, an attacker stole roughly $3 million from a third-party liquidity aggregation module tied to the platform. The timing is brutal — and the incident throws a spotlight on the risks embedded in cross-chain infrastructure.
A quick turn from funding to exploit
North Island Ventures led the round. Ripple participated. The money was meant to expand Squid's cross-chain interoperability as a meta-DEX and chain-abstraction protocol. Within 24 hours, those plans took a back seat. An attacker exploited a module called SquidRouterModule on Ethereum and Base. The breach affected 86 Gnosis Safes. Stolen funds were converted to DAI through attacker-controlled Uniswap V3 pools.
How the attack worked
The exploit targeted a third-party module outside Squid's audited core contracts. According to Squid, the module relied on manipulated price feeds or misconfigured access permissions. It wasn't part of the protocol's own code. That distinction matters to Squid. Whether it matters to users is less clear.
The attacker moved fast. They converted the stolen crypto to DAI and likely began layering through mixers. The exact method of the price-feed manipulation hasn't been disclosed. Squid says the module was not deployed or operated by them.
Squid's stance: not our code
Squid has been clear: the breach is unrelated to its core protocol. It says it did not deploy or operate the exploited module. The statement is meant to reassure developers and integrators. But the module was called SquidRouterModule. It lived in Squid's ecosystem. For many observers, that distinction may feel academic.
Third-party modules are common in DeFi. They offer plug-and-play liquidity aggregation. But when one gets drained, the brand attached to it takes the hit. Squid now faces the challenge of explaining exactly who was responsible for that module — and why it was allowed to connect to the same routers and safes.
What the funding was supposed to buy
The $6 million round was supposed to accelerate Squid's push into chain abstraction. The idea is to let users trade across multiple blockchains without managing bridges or wrapped tokens. Ripple's involvement signaled interest in connecting XRP Ledger to other ecosystems. That work is still underway. But the exploit is a distraction. Security audits, module vetting, and incident response will now consume resources that were slated for product expansion.
No timeline has been given for when the affected module will be restored or replaced. Squid has not announced any compensation for the 86 Gnosis Safes that lost funds. Those questions remain open. For now, Squid is left to explain how a third-party module tied to its infrastructure got drained hours after a major funding announcement.
