Slow Fog Cosine: The issue with the Squid security incident is not the private key, but rather a vulnerability in the Safe wallet module

The founder of Slow Fog, Yu Xian, posted on the X platform to interpret the Squid security incident. He stated that sampling found that the related Safe wallets were all single-signature, and the owners were all different, but the issue was not with the private keys; the problem lay in the modules (SquidRouterModule) used by these Safe addresses, which had vulnerabilities. Attackers could forge messages, easily bypass relevant validations, and initiate subsequent exchange operations to transfer funds from the target Safe wallet. In addition, Yu Xian also disclosed information about the address where the attackers' profits were deposited.

Previously, it was reported that a third-party Gnosis Safe module was exploited on Base and Ethereum, resulting in a loss of approximately $3.2 million, with the victims being 86 Gnosis Safes that had added this contract as a trusted Safe Module. The contract was named "SquidRouterModule" on Basescan, and subsequently, Squid clarified that it was not affected by the Gnosis Safe-related vulnerability incident.