<![CDATA[Another Month, Another DeFi Exploit]]>47df2d75-cf2f-4ec4-965f-6ca3f1c35721-image.png
Crypto security firms are warning users after attackers exploited a third-party “SquidRouterModule” connected to Gnosis Safe wallets, stealing around $3.2 million from 86 accounts.

What’s important here is that this was NOT a direct exploit of Squid’s core protocol.

Instead, the attackers targeted a vulnerable smart wallet module that had broad spending permissions inside users’ Safes. Once approved as a trusted module, the contract could move tokens without requiring additional signatures.

The flaw?
The module accepted a caller-supplied constant string as “proof” that a transaction was secure — and that string was publicly visible in the contract code itself.

That effectively allowed attackers to:
• Inject arbitrary calldata
• Execute unauthorized transfers
• Drain wallet assets instantly

Blockchain security firm PeckShield says the attacker’s wallet was initially funded using Tornado Cash, while Blockaid tracked stolen assets being converted into DAI through attacker-controlled liquidity pools.

May 2026 alone has already seen over 20 crypto exploits according to DefiLlama, showing how smart contract integrations and wallet permissions continue to be one of DeFi’s biggest security risks.

]]>https://undeads.com/forum/topic/20585/another-month-another-defi-exploitRSS for NodeMon, 08 Jun 2026 09:20:57 GMTTue, 26 May 2026 13:28:05 GMT60<![CDATA[Reply to Another Month, Another DeFi Exploit on Tue, 26 May 2026 23:26:35 GMT]]>Inject arbitrary calldata

]]>https://undeads.com/forum/post/57953https://undeads.com/forum/post/57953Tue, 26 May 2026 23:26:35 GMT<![CDATA[Reply to Another Month, Another DeFi Exploit on Tue, 26 May 2026 14:26:43 GMT]]>attackers exploiting a public constant string as security proof is the smart contract equivalent of locking a vault with the password taped outside

]]>https://undeads.com/forum/post/57920https://undeads.com/forum/post/57920Tue, 26 May 2026 14:26:43 GMT<![CDATA[Reply to Another Month, Another DeFi Exploit on Tue, 26 May 2026 14:26:32 GMT]]>the gnosis safe exploit reinforces how wallet permissions and trusted module integrations remain major operational risks in defi ecosystems even when core protocols themselves are not compromised

]]>https://undeads.com/forum/post/57919https://undeads.com/forum/post/57919Tue, 26 May 2026 14:26:32 GMT