BlackHartBlackHart
Hacks Feed/Squid Router (module impersonation)

Squid Router (module impersonation)

May 25, 2026·Ethereum·Access Control
$3.1M
total loss
StatusConfirmed

An attacker drained 86 Gnosis Safes across Ethereum and Base by tricking the Safe owners into enabling a malicious Safe module that impersonated the SquidRouter brand. Once a Safe enables a module, that module can execute transactions on the Safe's behalf without further owner approval. The attacker waited until enough victims had installed the module, then deployed a drainer contract and walked through every Safe in 14 minutes, pulling out tokens and swapping them to DAI through attacker-controlled Uniswap V3 pools. All proceeds, about 3 million DAI, consolidated into a single wallet. This is not a vulnerability in the legitimate Axelar SquidRouter, which has no involvement.

The real Axelar SquidRouter (squidrouter.com)safe(No involvement and no vulnerability)
Gnosis Safe contractssafe(Working as designed; the attack exploited the user-approved module model, not a Safe bug)
Eighty-six victim Safesdrained(Approximately $3M total drained; affected owners should disable the module immediately)
Tokens held by victim Safesdrained(18 unique tokens drained on Ethereum alone, all swapped to DAI)
The attacker-controlled Uniswap V3 poolspartially affected(Per Blockaid, the pools were manipulated to give the attacker favorable swap rates)
What the score saw

Squid Router was not scored by our model, and risk scoring cannot prevent users from enabling a phishing module that simply borrows a vendor's name. The relevant defensive layer here is Safe-owner hygiene around module installation, plus wallet-level checks against fresh contract addresses being approved at the enableModule step.

Exploit anatomy

The attacker deployed a malicious Safe module impersonating the Axelar SquidRouter brand. Eighty-six Safe owners were tricked into enabling it on their Safes, likely via a phishing campaign. Hours later, the attacker deployed a drainer contract from their primary EOA and called it 37 times in 14 minutes, walking through every victim Safe and pulling out tokens. Everything got swapped to DAI through attacker-controlled Uniswap V3 pools and consolidated into one wallet holding 3.07M DAI.

Fund flow
Setup
Attacker EOA
first active 05:16 UTC May 25
0x9bdc7301...645b91
Co-deployer EOA
funded 0.1 ETH by attacker
0x7c82cb4b...a23bb8
Takeover
Malicious SquidRouterModule
deployed by co-deployer; 86 Safes enabled it
0xe6ff0fe0...dc3512
Drainer contract
deployed by attacker just before drain
0xe1d5fcfb...d3265a
Source
86 victim Safes
Ethereum + Base; 36 confirmed on Ethereum
Swap
Attacker-controlled Uniswap V3 pools
manipulated for favorable rates per Blockaid
Consolidation
DAI consolidation wallet
3,070,767 DAI on Ethereum, more on Base
0xa447f717...a54859
Full forensic detail

Step-by-step reconstruction, root cause, counterfactuals, remediation, and disclosure timeline.

Exploit anatomy

1.
Over an unknown period preceding 2026-05-25, an attacker likely ran a phishing campaign impersonating the Axelar SquidRouter brand. Eighty-six Safe owners were tricked into calling enableModule(0xe6ff0fe017d09d690493dec0f0f55e8f9cdc3512) on their Safes, granting the attacker's module execTransactionFromModule access.
enableModule(address)
2.
At 05:42 UTC on 2026-05-25, the co-deployer EOA 0x7c82cb4b... (funded 21 minutes earlier by the main attacker 0x9bdc7301...) deployed the malicious 'SquidRouterModule' at 0xe6ff0fe017... This contract is unverified on Etherscan and impersonates the SquidRouter brand.
0xe6ff0fe0...dc3512constructortx:0x5941a63d...479e3e
3.
At 06:11 UTC, the main attacker EOA 0x9bdc7301... deployed the drainer contract at 0xe1d5fcfb... The drainer's execute(address safe, address token) function (selector 0xf8c8f0a3) is the attack entry point. The contract bytecode hardcodes both attacker EOAs as authorized callers and contains per-chain constants for Ethereum, Base, and Arbitrum.
0xe1d5fcfb...d3265aconstructortx:0x2e91505b...3263e1
4.
Beginning at 06:12:11 UTC, the attacker calls drainer.execute(victimSafe, token) 37 times in 14 minutes on Ethereum. Each call invokes the malicious module, which calls execTransactionFromModule on the victim Safe to transfer tokens to the drainer or approve a DEX router.
0xe1d5fcfb...d3265aexecute(address,address)tx:0xd29d1c8d...3bb854
5.
Tokens are swapped to DAI via attacker-controlled Uniswap V3 pools (identified by Blockaid). The drainer also hardcodes the OKX DEX aggregator at 0x1f1d37a3bf840e35c6a860c7c2da71fe555123ca for routing.
swap routing
6.
DAI proceeds consolidate into a single attacker wallet at 0xa447f71782135ab96a71374271a749ff7aa54859. As of 07:30 UTC the wallet holds 3,070,767 DAI on Ethereum.
0xa447f717...a54859
7.
Same pattern executes on Base. Per Blockaid's count, 86 Safes total were drained across both chains.
8.
Blockaid publishes the alert. Funds remain in the consolidation wallet at report cutoff. No advisory yet from Safe or Axelar.

Root cause

Once a Gnosis Safe enables a module, that module gains execTransactionFromModule access and can execute arbitrary transactions on the Safe's behalf without further owner approval. This is the documented Safe integration model. The exploit happened because 86 Safe owners enabled an attacker-deployed module believing it was related to the legitimate Axelar SquidRouter. The on-chain pattern is consistent with a phishing campaign that mimicked the SquidRouter brand and walked targets through a flow culminating in enableModule(0xe6ff0fe017...) being signed. Once the attacker had collected enough victims, they deployed a drainer contract and triggered every victim Safe to transfer tokens out within a 14-minute window on Ethereum (and additional time on Base). All stolen tokens were swapped to DAI through attacker-controlled Uniswap V3 pools and consolidated into one wallet. This is not a vulnerability in the legitimate Axelar SquidRouter, which does not require any Safe module installation.

Prevention analysis

Safe owners verify every enableModule target against the project's official address registry before signing.

If owners had cross-checked 0xe6ff0fe017... against the real Axelar SquidRouter documentation (which does not require any Safe module), the module installation would have been rejected at the signing step.

Safe UI warns when an enableModule target was deployed less than 30 days ago.

Brand-new module addresses carry inherent risk. A simple UI warning at the Safe transaction confirmation step would have flagged this module (deployed less than an hour before the attack began).

Browser wallet extensions flag known phishing module addresses.

Once Blockaid identified the malicious module, wallet extensions like Rabby, MetaMask, and Frame can add the address to their phishing block list so future enableModule calls show a warning.

Safe enableModule defaults to a 24-hour timelock with an advanced-user override.

Phishing dApps survive only as long as the user signs immediately. A timelock gives external monitors a window to flag the address before the module activates.

Similar incidents

Bybit cold wallet

Signers approved a malicious Safe transaction (February 2025, ~$1.5B). Same lesson: what the signer sees in the UI may not match what executes on chain. Different surface (transaction content vs. module install).

StablR

Compromised signer key on a required=1 multisig that controlled mint authority (May 2026, ~$11M). Different mechanism but same operational-security failure family: signers either tricked or compromised.

Remediation

1.If you own any Safe, immediately call getModules() on every Safe address you control and verify that 0xe6ff0fe017d09d690493dec0f0f55e8f9cdc3512 is not in the list. If it is, call disableModule(0xe6ff0fe017...) immediately. The module can drain your Safe at any time without further signature.
2.Coordinate with major exchanges (Binance, Coinbase, Kraken, OKX, Bybit, KuCoin) and analytics providers (TRM, Chainalysis, Elliptic) to flag the consolidation wallet 0xa447f71782135ab96a71374271a749ff7aa54859. Any DAI deposit from this address should be blocked or frozen.
3.Safe (the wallet product) should publish a UI warning naming the malicious module address so it appears for any user who has the module enabled.
4.Axelar should publish an official advisory stating clearly that the legitimate SquidRouter does not require any Safe module installation, with the malicious module address called out.
5.Wallet providers (MetaMask, Rabby, Frame, Trezor Suite, Ledger Live) should add the malicious module and consolidation wallet addresses to their phishing block lists.
6.Build a public, signed registry of approved Safe modules for the top 10 brands (1inch, Across, Cowswap, Uniswap, Curve, Aave, Lido, etc.). Browser extensions and Safe UIs can check against this registry before allowing an enable.
7.Add a 24-hour timelock by default to Safe enableModule. The phishing dApp survives only as long as the user signs immediately.

Timeline

2026-05-25Attacker EOA 0x9bdc7301 becomes active on-chain. No prior history.
2026-05-25Attacker sends 0.1 ETH to co-deployer EOA 0x7c82cb4b.
2026-05-25Co-deployer deploys the malicious 'SquidRouterModule' at 0xe6ff0fe017.
2026-05-25Attacker deploys the drainer contract at 0xe1d5fcfb.
2026-05-25First drain call. Selector 0xf8c8f0a3, args (victim Safe, token).
2026-05-25Last Ethereum drain call. 37 drain calls in 14 minutes, 36 unique Safes, 18 unique tokens.
2026-05-25Base drain in progress. Per Blockaid, 86 Safes total across both chains.
2026-05-25Blockaid publishes the exploit alert via X. Consolidation wallet 0xa447f717 holds 3,070,767 DAI on Ethereum. No advisory from Axelar or Safe yet.
Sources
Blockaid alert (X)Etherscan: attacker EOAEtherscan: co-deployer EOAEtherscan: drainer contractEtherscan: malicious moduleEtherscan: consolidation walletExample drain txSafe modules documentationAxelar SquidRouter (the real one)
Blockaid (@blockaid_) for initial detection, the 86-Safe victim count, identification of attacker-controlled Uniswap V3 pools, and naming the consolidation wallet. Etherscan for contract metadata. BlackHart (forensic reconstruction, drainer-bytecode reverse engineering, victim Safe enumeration).
Continuous adversarial monitoring

Get your protocol scored across 12 dimensions, or request ongoing coverage.

Request ScoringView Plans