A third-party module has drained $3.2 million from Safe wallets, according to statements from Squid and Safe Labs. The two firms attributed the exploit to an external Safe module, while Squid emphasized that its core systems were not compromised.
The Source of the Breach
Investigators traced the loss to a module connected to Safe wallets — not to the wallet infrastructure itself. Safe Labs and Squid jointly identified the external module as the entry point. The exact nature of the vulnerability hasn't been disclosed, but the companies made clear that the Safe protocol's fundamental code remained untouched.
What Wasn't Affected
Squid specifically stated that its core systems were unaffected. That distinction matters: the exploit targeted a layer added on top of the wallet, not the base security of the wallet or Squid's internal network. Users whose funds were taken likely installed or interacted with the compromised module, though neither firm has released details on how the module was selected or vetted.
The Response
Squid and Safe Labs have offered few specifics beyond attributing the incident to the external module. No names of the module's developers or its operator have been released. The companies haven't announced whether they'll reimburse affected users or if they plan to tighten module approval processes. The $3.2 million figure represents the total drained — roughly 1,600 ETH at current prices — but the firms haven't broken down how many wallets were hit or whether any funds have been frozen.
As of now, investigators are still working to determine how the third-party module was exploited and whether the attackers had inside knowledge of the system. The lack of a public post-mortem leaves users wondering what measures will prevent a repeat of this type of incident.
