3.2 Million Dollar Hack Targets Ethereum and Base Networks via Third-Party Module
On May 25, 2026, an exploit of a third-party component resulted in the theft of approximately 3.2 million dollars from digital wallets. The breach, impacting multiple addresses on Ethereum and Base networks, underscores vulnerabilities in decentralized finance (DeFi) infrastructures, particularly with poorly integrated tools.
Theia Market Signal Identification - AI Assisted
An exploit targeting a third-party component resulted in the unauthorized withdrawal of about 3.2 million dollars from several digital wallets on May 25, 2026. The breach, which affected wallets on Ethereum and Base networks, was executed within two hours.
The vulnerability lay in the SquidRouterModule, which shares a name with a legitimate protocol but originates from a different source. Safe, the multi-signature wallet platform, confirmed that affected accounts were not created using its official interface.
The attackers exploited a flaw in the third-party contract, allowing them to issue unauthorized token swaps, compromising at least 86 Safe accounts. The Safe Shield defense system flagged the malicious contract before the incident occurred, indicating potential risks for users.
Comments