The cryptocurrency market has once again experienced a serious smart contract security incident. Blockaid, a well-known blockchain security company, issued an urgent warning on its social media platform X (formerly Twitter), indicating that a persistent attack is currently occurring against the SquidRouterModule contract.
In just 2 hours, it siphoned off $3 million.
According to the initial detection report released by Blockaid, the attack primarily targeted the Ethereum mainnet and the Coinbase-backed Layer 2 network Base.
The hackers were extremely efficient, successfully breaching and draining funds from 86 Gnosis Safe multisignature wallets in just about two hours. The estimated total loss is currently around $3 million , and as the attack is still ongoing, the figure is likely to continue to rise.
Money laundering methods exposed: using Uniswap V3 to exchange DAI
Regarding the flow of the stolen funds, Blockaid analysis indicates that the hackers quickly began money laundering after the success. The attackers pre-established and controlled specific Uniswap V3 liquidity pools, converting all the various tokens stolen from the victims' wallets into the USD stablecoin DAI through these malicious liquidity pools, thereby evading tracking and preserving the value of the stolen funds.
The Blockaid team is currently tracking the attacker's address and transaction details. Cybersecurity experts strongly recommend that users who have interacted with SquidRouterModule and multisignature wallet administrators immediately check and revoke any related contract authorizations to avoid becoming the next victim.
Related reports
97,895 underground forum conversations reveal that the hacker community also hates AI.
DeFi Becomes a Hacker's Backyard? 13 Attacks in One Month, $630 Million Lost
