Cross-chain router Squid has publicly distanced itself from a third-party Gnosis Safe module, SquidRouterModule, following a $3.2 million exploit. The attack, which drained funds from 86 Gnosis Safe accounts in roughly two hours, targeted a lookalike contract that Squid says is not its own.

Blockchain security firm Blockaid flagged the incident, noting that the attacker swapped stolen tokens into Dai (DAI). The exploit affected assets across Ethereum and Base networks, but Squid maintains that its own protocol infrastructure was not compromised.

The breach underscores ongoing risks in the DeFi ecosystem, where third-party modules and forks can create confusion. Gnosis Safe, a widely used multisig wallet platform, has not yet commented on whether it will address module vetting or security audits in response.

This event signals the need for clearer labeling and security standards around third-party integrations. Users may need to double-check contract addresses, as lookalike names can mislead even experienced participants. The quick pivot by Squid to disavow the module may help limit reputational damage but also raises questions about accountability in open-source ecosystems.

No investor or team commentary was included in the report, and Squid has not announced any plans for user restitution. The broader market impact appears limited for now, but the incident adds to a growing list of smart-contract exploits in 2023.