A module impersonating Squid Router drained $3.2 million from Safe wallets while every on-chain monitor watched in silence. Nobody deployed it. Nobody authorised it. And until the money was already moving, nobody knew it existed.
On 26 May 2026, users of Squid Router began noticing something wrong with their Safe wallet balances. The amounts were moving, not to addresses they had authorised, not through transactions they had signed, but through a module they had never approved, deployed by a party nobody could identify, bearing the name of a protocol that immediately said it had nothing to do with it. By the time the drain was confirmed, approximately $3.2 million had left Safe wallets across multiple chains. As of publication, the deployer remains unknown. The module, SquidRouterModule, had been sitting in Safe's module ecosystem, apparently inactive, until it was not.
"We don't know who deployed this." This is the most alarming thing a protocol can say about a contract bearing its name that just drained $3.2 million from users who trusted that name. The name was the attack. The trust was the vulnerability. The module was the instrument.
Safe, formerly Gnosis Safe, is the dominant multi-signature wallet infrastructure for on-chain institutional custody. Its modular architecture allows third-party developers to attach autonomous logic to a Safe wallet: automation rules, spending limits, cross-chain bridges, yield strategies. A module, once enabled, can execute transactions against the Safe without requiring a fresh signature from every key holder. That is the feature. That is also the vulnerability. The module's authorisation is a one-time event, after which it operates autonomously, within whatever constraints it was programmed with. Or, in the case of a malicious module, without constraints at all.
The legitimate Squid Router integration with Safe uses verified, publicly attributed contracts. The SquidRouterModule that drained funds was deployed from an unverified address with no public affiliation to the Squid team. Its name was chosen to impersonate a trusted integration. Its bytecode contained drain logic that had no equivalent in Squid's legitimate codebase. The module sat dormant, possibly for days or weeks, until the attacker activated it. This dormancy period is deliberate: it defeats threshold-based monitoring that only fires on anomalous transaction patterns. A module that never transacts generates no alerts.
execTransactionFromModule(), the privileged bypass allowing modules to transact without key-holder signatures. $3.2M begins moving across chains to attacker-controlled addresses.Every exchange and custodian running Safe wallets has monitoring infrastructure: balance alerts, transaction volume thresholds, anomaly detection on outbound flows. None of it helped here, because the monitoring watches transactions. The module was enabled before any of those transactions occurred. By the time execTransactionFromModule() was called, the attack was already over in every meaningful sense. The damage was determined when the module was enabled, not when it was activated. The activation was the finalisation.
This is not the first time the Safe module ecosystem has been weaponised. The Bybit hack, at $1.46 billion, also exploited the gap between what Safe users see and what Safe modules actually do. In that case, the signing interface was compromised. Here, it was the module registry itself. The attack surface is different. The structural vulnerability is identical: Safe users extend trust to named integrations without verifying what those integrations are authorised to do.
"Standard monitoring watches transactions. Safe module attacks are won before the first transaction. The activation event, enabling the module, is the moment everything was already decided."
Praveen Giri, Founder · QuantChainAnalysis| Attack Component | Detection by Standard Tools | QCA Pre-Mempool Gate |
|---|---|---|
| Module deployment (unknown address) | None, not monitored | Deployment from unverified address flagged; no association with Squid |
| Module enablement on Safe wallets | None, treated as routine user action | Unverified module enablement flagged for review |
| Dormancy period | None, no transactions to monitor | Module in watchlist; activation triggers immediate gate evaluation |
| execTransactionFromModule() drain | Detected after settlement, too late | Blocked in mempool before confirmation, anomalous module execution pattern |
The execTransactionFromModule() call that initiated the drain was submitted to the mempool before confirmation. At that point, QCA's gate would have evaluated: the calling module is unverified, with no publicly attributed deployer, bearing a name mismatched to its on-chain registration, executing a full-balance transfer to an address with no prior relationship to the affected wallets. This is not a legitimate module execution pattern.