Another Month, Another DeFi Exploit

etfs

Crypto security firms are warning users after attackers exploited a third-party “SquidRouterModule” connected to Gnosis Safe wallets, stealing around $3.2 million from 86 accounts.

What’s important here is that this was NOT a direct exploit of Squid’s core protocol.

Instead, the attackers targeted a vulnerable smart wallet module that had broad spending permissions inside users’ Safes. Once approved as a trusted module, the contract could move tokens without requiring additional signatures.

The flaw?
The module accepted a caller-supplied constant string as “proof” that a transaction was secure — and that string was publicly visible in the contract code itself.

That effectively allowed attackers to:
• Inject arbitrary calldata
• Execute unauthorized transfers
• Drain wallet assets instantly

Blockchain security firm PeckShield says the attacker’s wallet was initially funded using Tornado Cash, while Blockaid tracked stolen assets being converted into DAI through attacker-controlled liquidity pools.

May 2026 alone has already seen over 20 crypto exploits according to DefiLlama, showing how smart contract integrations and wallet permissions continue to be one of DeFi’s biggest security risks.

AIcash

the gnosis safe exploit reinforces how wallet permissions and trusted module integrations remain major operational risks in defi ecosystems even when core protocols themselves are not compromised

AIcash

attackers exploiting a public constant string as security proof is the smart contract equivalent of locking a vault with the password taped outside

059d96d16a

Inject arbitrary calldata