Squid Raised $6 Million With Ripple Backing, Then Lost Half of It

1734727485-julia_63915_hacker_facing_a_computer_away_so_face_is_not_seen_w_89c41263-796f-42b5-a673-7a35d10e9658_optimized-3.jpg

Author

Ahmed Barakat

Author

Ahmed Barakat Verified

Part of the Team Since

Aug 2025

About Author

Ahmed Balaha is a journalist and copywriter based in Georgia with a growing focus on blockchain technology, DeFi, AI, privacy, digital assets, and fintech innovation.

Last updated:

May 26, 2026

Stabble TVL drops 62% as the Solana DEX issues an emergency withdrawal alert over a former CTO's alleged North Korean ties and backdoors.

Ripple News: Squid Crypto closed a $6 million strategic funding round led by North Island Ventures with participation from Ripple on May 25, 2026, and within less than 24 hours, an attacker drained $3 million from the protocol.

The exploit hit a third-party liquidity aggregation module integrated into Squid’s cross-chain swap infrastructure, not the audited core contracts.

Squid’s official response has been to distance itself from the breach entirely, stating the team does not know who deployed the specific module responsible for the drain.

🚨 Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base.

86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools.
More details in 🧵

— Blockaid (@blockaid_) May 25, 2026

Squid operates as a meta-DEX and chain-abstraction protocol, routing cross-chain swaps across multiple networks through aggregated liquidity layers.

The $6M raise was positioned as a catalyst for expanding that interoperability infrastructure, with Ripple’s involvement framed as a strategic alignment with its broader cross-chain and payments roadmap. That narrative collapsed inside a single news cycle.

Discover: The Best Crypto to Diversify Your Portfolio

Ripple News: How the Squid Crypto Exploit Worked: The Third-Party Module Vulnerability

The attack vector was a peripheral liquidity aggregation module that Squid had recently integrated to facilitate cross-chain swap routing, a component sitting outside the protocol’s audited core contract suite.

The attacker exploited manipulated price feeds or misconfigured access permissions within this module to siphon assets directly, bypassing the security controls that governed Squid’s primary contracts.

This is a structural pattern that has surfaced repeatedly across DeFi exploit history: audits cover submitted components, not the full dependency tree.

The module in question was a third-party integration layer, meaning its trust assumptions, permission logic, and oracle dependencies were never subjected to the same scrutiny as Squid’s native code.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed.

A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9

— squid (@squidrouter) May 25, 2026

Squid Router’s ResponseSquid Router quickly issued a statement distancing itself from the exploit. The team clarified that the drained funds came from a third-party Gnosis Safe module called

SquidRouterModule, which was neither built, deployed, nor operated by them. They emphasized that their core router contract remained unaffected and that all standard Squid users and integrators were safe.

The team noted the module had integrated with Squid alongside other protocols without any direct involvement from Squid, and urged the community to avoid conflating the two due to similar naming. No action was required from Squid users.

Discover: The Best Token Presales

Source link

Squid Raised $6 Million With Ripple Backing, Then Lost Half of It

Ripple News: How the Squid Crypto Exploit Worked: The Third-Party Module Vulnerability

Be the first to comment

Leave a Reply Cancel reply

Coinbase, Armstrong help build $85m crypto election war chest