0xWayne

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.

Important Announcement Trading on THORChain is currently halted after a vault was compromised. Initial indications are user funds are safe and only protocol owned funds are affected. The network automatically detected abnormal behavior and halted signing activity, which alerted the broader community and prevented further outbound transactions. The investigation is still ongoing to determine the root cause. Contributors are actively working on the issue and we will report updates as we progress toward a solution. What we currently know: * One of the six Asgard vaults appears to have been compromised. * Current estimates place the loss at approximately $10.7m USD * The network automatically detected the abnormal behavior and halted signing activity, preventing further outbound activity. * Nodes securing the vault were subject to their bonded RUNE being slashed as a result of the unauthorized outbound transactions. * Churn activity has been paused while the investigation and remediation efforts are ongoing. * Onboarding additional chains and operations requiring churns will be delayed until the network is stabilized. * Initial indications show no individual user swaps were affected. We are asking all node operators to immediately review their infrastructure, hosts, key management systems, and operational security for any signs of compromise or abnormal behavior, and to report anything suspicious in Discord. Node operators participating in the affected vault are requested to securely provide Bifrost logs to the dev team for analysis using 'make relay' .

absolutely insane that the browser extension overwrites transaction instruction sent by an app and slaps a 0.8% fee on top and the user doesn’t even know that they were charged by the extension transparency in crypto needs to be way better charging a fee is fine, the user should be made clear who they’re being charged by and what for