A rogue module, named “SquidRouterModule,” has been identified as the culprit behind the draining of approximately $3.2 million from 86 wallets across the Ethereum and Base networks. The exploit lasted two hours, during which the stolen funds were converted into roughly 3.07 million DAI and transferred to a wallet controlled by the attacker. Despite sharing the name, Squid disclaimed any connection to the module, stating that it was developed and deployed by an unknown third party.
The flaw in the module’s authentication logic allowed the attacker to execute arbitrary calldata and dispose of tokens without requiring valid signatures. This was achieved by deploying Foundry-based exploit contracts that manipulated the module’s DelegateBundler path, impersonating authorized delegates to trigger swaps through Uniswap V3 pools. The assets were funneled into a worthless token, created by the attacker, and then consolidated into DAI.
Squid emphasized that the compromised module is unrelated to their operations, and no approvals are at risk on any chain. The DeFi sector continues to face challenges, with losses in 2026 already surpassing $770 million, including a peak in April with 30 incidents resulting in over $630 million lost.
