Key Takeaways:
- About $3.2M was siphoned from both the Ethereum and Base networks using a third-party Safe module exploit.
- Attackers exploited 86 Safe wallets and swapped them for DAI.
- Squid has confirmed that its core protocol, router contracts were not impacted.
A possible exploit in a third-party wallet module caused a company’s Safe assets to be drained over the past few hours, leading to millions of dollars in losses for all users. A third party wallet app vulnerability enabled a hasty hack that caused significant losses to users of Safe accounts across both the Ethereum and Base chains, with millions of dollars lost within hours.
The attacker exploited internal privileges to the module to conduct unauthorized token swaps and send profits to stablecoins, security researchers said.
English (US)