Ripple Information: Squid Crypto closed a $6 million strategic funding spherical led by North Island Ventures with participation from Ripple on Could 25, 2026, and inside lower than 24 hours, an attacker drained $3 million from the protocol.
The exploit hit a third-party liquidity aggregation module built-in into Squid’s cross-chain swap infrastructure, not the audited core contracts.
Squid’s official response has been to distance itself from the breach solely, stating the group doesn’t know who deployed the precise module answerable for the drain.
Blockaid detected an ongoing exploit focusing on the SquidRouterModule on Ethereum and Base.
86 Gnosis Safes drained for ~$3M in ~2 hours.
All stolen tokens swapped to DAI through attacker-controlled Uniswap V3 swimming pools.
Extra particulars in— Blockaid (@blockaid_) Could 25, 2026
Squid operates as a meta-DEX and chain-abstraction protocol, routing cross-chain swaps throughout a number of networks via aggregated liquidity layers.
The $6M elevate was positioned as a catalyst for increasing that interoperability infrastructure, with Ripple’s involvement framed as a strategic alignment with its broader cross-chain and funds roadmap. That narrative collapsed inside a single information cycle.
Uncover: The Finest Crypto to Diversify Your Portfolio
Ripple Information: How the Squid Crypto Exploit Labored: The Third-Celebration Module Vulnerability
The assault vector was a peripheral liquidity aggregation module that Squid had lately built-in to facilitate cross-chain swap routing, a element sitting outdoors the protocol’s audited core contract suite.
The attacker exploited manipulated value feeds or misconfigured entry permissions inside this module to siphon belongings straight, bypassing the safety controls that ruled Squid’s main contracts.
It is a structural sample that has surfaced repeatedly throughout DeFi exploit historical past: audits cowl submitted elements, not the total dependency tree.
The module in query was a third-party integration layer, that means its belief assumptions, permission logic, and oracle dependencies have been by no means subjected to the identical scrutiny as Squid’s native code.
This incident is unrelated to Squid’s core protocol and contracts. All Squid customers and integrators are unaffected and no motion is required.
A 3rd-party Gnosis Protected module was exploited right this moment throughout Base and Ethereum, leading to roughly $3.2M in losses. The susceptible… https://t.co/I3gGmdBvE9— squid (@squidrouter) Could 25, 2026
Squid Router’s ResponseSquid Router shortly issued an announcement distancing itself from the exploit. The group clarified that the drained funds got here from a third-party Gnosis Protected module referred to as
SquidRouterModule, which was neither constructed, deployed, nor operated by them. They emphasised that their core router contract remained unaffected and that every one commonplace Squid customers and integrators have been protected.
The group famous the module had built-in with Squid alongside different protocols with none direct involvement from Squid, and urged the neighborhood to keep away from conflating the 2 as a consequence of comparable naming. No motion was required from Squid customers.
Uncover: The Finest Token Presales
The put up Ripple Information: Squid Raised $6 Million With Ripple Backing, Then Misplaced Half of It to a Hack Much less Than 24 Hours Later appeared first on Cryptonews.