An exploit targeting a Safe module has drained funds from 86 wallets, putting a fresh spotlight on the security risks of delegated permissions and composable DeFi integrations. Squid, a cross-chain protocol, has distanced its core system from the incident, saying the vulnerability lies in the module itself.
The Safe module vulnerability
The attack exploited permissions granted through a Safe wallet module, allowing unauthorized access to 86 wallets. Safe modules are add-ons that extend wallet functionality, often through delegated signing or automated logic. In this case, the module's design gave attackers a way to bypass normal security checks. The exact mechanism hasn't been publicly detailed, but the incident underscores how a single weak link in a modular setup can cascade.
Squid distances itself
Squid moved quickly to clarify that its core protocol was not compromised. The company stated that the exploit was isolated to the Safe module and did not affect Squid's own infrastructure. For users who rely on Squid for cross-chain swaps and transfers, the reassurance is meant to signal that their funds remain safe — as long as they aren't using the affected module.
Delegated permissions under scrutiny
The incident highlights a broader issue in DeFi: delegated permissions. Wallet modules often require broad approval scopes to function, and when those permissions are misused or intercepted, the damage can be widespread. The 86 affected wallets represent a significant hit, but the real concern is the pattern. As protocols stitch together modules from different providers, a vulnerability in one piece can ripple through the entire system.
For now, those who used the vulnerable Safe module are urged to revoke any related permissions and move funds to new wallets. Squid has not disclosed whether it plans to audit or restrict which modules its protocol interacts with. The exploit leaves a lingering question: how do DeFi platforms vet the modules they integrate, and how quickly can they respond when one fails?
