A suspected third-party Protected module exploit has drained about $3.2 million from wallets throughout Ethereum and Base, with a number of groups pointing to an exterior module because the trigger.
Blockchain safety platform Blockaid reported the incident on Monday, saying it concerned a contract labeled “SquidRouterModule,” which initially led to confusion over a potential hyperlink to the cross-chain protocol Squid.
Squid later stated on X that the problem was unrelated to its core protocol and as a substitute concerned a third-party module built-in into Protected wallets.
“A 3rd-party SquidRouterModule was exploited, not Squid’s Router contract,” Squid stated, including that the contract shares its identify however not its code.
The incident highlights how a trusted pockets module can be utilized to maneuver funds if it has been granted broad execution permissions inside a sensible account.
86 Gnosis Safes drained for $3 million in about two hours
Protected, previously Gnosis Protected, is a multi-sign pockets operating on a number of networks, which requires a minimal variety of customers to approve a transaction earlier than execution.
It will also be prolonged with non-compulsory modules, that are sensible contracts that permit accredited code to execute actions on behalf of the pockets.
Associated: DeFi hacks shake institutional confidence as dangers outpace yields
Based on Blockaid, the assault affected not less than 86 Protected accounts inside roughly two hours, with all stolen tokens swapped to Dai (DAI) through attacker-controlled Uniswap V3 swimming pools.
Supply: PeckShieldAlert
The suspected root trigger is a vulnerability in SquidRouterModule, which allegedly allowed the attacker to impersonate licensed delegates and set off unauthorized token swaps, Blockaid stated.
Module attribution and Protected response
Protected Labs CEO Rahul Rumalla stated the accounts “don’t appear to be operated on official Protected Pockets product,” including that it stays unclear how and the place they had been created and managed, doubtless created via externally deployed integrations.
Supply: Rahul Rumalla
He stated Protected Pockets surfaces such dangers via “Protected Protect,” a characteristic designed to flag doubtlessly malicious or unverified modules and guards earlier than they’re used. The CEO added that the exploited module had already been flagged as malicious by Blockaid, which is included in Protected Protect’s threat detection ruleset.
Cointelegraph approached Protected and its CEO for remark however didn’t obtain a response by publication time.
Journal: ETH bears growling, Tom Lee’s shopping for, XRP to ‘explode’: Market Strikes