Cross-chain protocol Squid clarified that the 'SquidRouterModule' contract, which was implicated in a recent attack of approximately $3.2 million, was not developed, deployed, or operated by Squid. Squid explained that the contract in question is a third-party module based on Gnosis Safe and is structurally entirely different from its own router contract. It is reported that the attacker exploited a publicly disclosed fixed string verification vulnerability within the module to execute arbitrary call data and steal funds. Furthermore, the affected Gnosis Safes had registered this module as a trusted module, which allowed asset transfers without a signature. Squid emphasized that its router contract and user funds, approvals, and integration services were not affected.
