Squid: The attacked contract is a third-party module and is unrelated to the Squid core protocol

The cross-chain routing protocol Squid stated on platform X that the SquidRouterModule involved in the attack disclosed by Blockaid was neither developed, deployed, nor operated by Squid, but rather a third-party Gnosis Safe module that chose to integrate with protocols like Squid, with no prior connection between the two parties.

Squid indicated that this third-party module has a vulnerability that accepts a fixed string provided by the caller as message security verification. The attacker exploited this string, which is publicly visible in the verified code of the contract, to execute arbitrary call data and steal funds. Squid's own routing contract (0xce16F) is architecturally completely different from this module and is unaffected; user funds, authorizations, and integrations are all secure.