kingtan

It's official. MicroStrategy, $MSTR, is now facing its biggest unrealized loss in history, at -$10.8 billion. In other words, after 6 years of buying Bitcoin, the company is now down -17% on its position. By comparison, the S&P 500 is up +116% over this same timeframe. Since MicroStrategy sold 32 Bitcoin at $77,135 per coin, their positions has lost -$11.8 billion in value. This puts MicroStrategy's stock, $MSTR, down -77% since its record high. Bear market is an understatement.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.