Ripple Information: Squid Crypto closed a $6 million strategic funding spherical led by North Island Ventures with participation from Ripple on Might 25, 2026, and inside lower than 24 hours, an attacker drained $3 million from the protocol.
The exploit hit a third-party liquidity aggregation module built-in into Squid’s cross-chain swap infrastructure, not the audited core contracts.
Squid’s official response has been to distance itself from the breach fully, stating the workforce doesn’t know who deployed the precise module liable for the drain.
Blockaid detected an ongoing exploit focusing on the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI through attacker-controlled Uniswap V3 swimming pools.
Extra particulars in— Blockaid (@blockaid_) Might 25, 2026
Squid operates as a meta-DEX and chain-abstraction protocol, routing cross-chain swaps throughout a number of networks by way of aggregated liquidity layers.
The $6M increase was positioned as a catalyst for increasing that interoperability infrastructure, with Ripple’s involvement framed as a strategic alignment with its broader cross-chain and funds roadmap. That narrative collapsed inside a single information cycle.
Uncover: The Greatest Crypto to Diversify Your Portfolio
Ripple Information: How the Squid Crypto Exploit Labored: The Third-Celebration Module Vulnerability
The assault vector was a peripheral liquidity aggregation module that Squid had lately built-in to facilitate cross-chain swap routing, a element sitting outdoors the protocol’s audited core contract suite.
The attacker exploited manipulated value feeds or misconfigured entry permissions inside this module to siphon property immediately, bypassing the safety controls that ruled Squid’s major contracts.
This can be a structural sample that has surfaced repeatedly throughout DeFi exploit historical past: audits cowl submitted elements, not the complete dependency tree.
The module in query was a third-party integration layer, which means its belief assumptions, permission logic, and oracle dependencies had been by no means subjected to the identical scrutiny as Squid’s native code.
This incident is unrelated to Squid’s core protocol and contracts. All Squid customers and integrators are unaffected and no motion is required.
A 3rd-party Gnosis Secure module was exploited as we speak throughout Base and Ethereum, leading to roughly $3.2M in losses. The weak… https://t.co/I3gGmdBvE9— squid (@squidrouter) Might 25, 2026
Squid Router’s ResponseSquid Router rapidly issued a press release distancing itself from the exploit. The workforce clarified that the drained funds got here from a third-party Gnosis Secure module referred to as
SquidRouterModule, which was neither constructed, deployed, nor operated by them. They emphasised that their core router contract remained unaffected and that every one customary Squid customers and integrators had been secure.
The workforce famous the module had built-in with Squid alongside different protocols with none direct involvement from Squid, and urged the group to keep away from conflating the 2 as a consequence of comparable naming. No motion was required from Squid customers.
Uncover: The Greatest Token Presales
The publish Ripple Information: Squid Raised $6 Million With Ripple Backing, Then Misplaced Half of It to a Hack Much less Than 24 Hours Later appeared first on Cryptonews.