TL;DR
Bitcoin shows a bullish technical trend as a third-party module called SquidRouterModule hit Safe wallets. Attackers took about $3.2 million from 86 accounts on Ethereum and Base in two hours. Squid and Safe Labs said the issue did not affect Squid’s core protocol. Attackers swapped stolen tokens to Dai through Uniswap V3 pools they controlled.
Context
Safe, formerly Gnosis Safe, is a multi-signature wallet on several networks. It needs multiple users to approve a transaction before it runs. This adds strong security. It stops one person from moving funds alone. Users can add optional modules to Safe wallets. These are smart contracts that let approved code act for the wallet.
The use of third-party modules in crypto wallets has raised concerns. Similar incidents have shown that external integrations can create security risks.
Blockchain security firm Blockaid reported the incident on Monday. They found a contract called “SquidRouterModule” was the source of the exploit. This name caused confusion at first. It made some think the cross-chain protocol Squid was involved. Squid quickly clarified on X. They said the issue was not related to their core protocol. “A third-party SquidRouterModule was exploited, not Squid’s Router contract,” Squid said. They noted the contract shares their name but not their code.
The incident shows the risks of third-party modules in smart account systems. When a module gets broad execution permissions, it can move funds if hacked. Blockaid’s analysis showed how fast the attack was. Attackers hit at least 86 Safe accounts in about two hours. All stolen tokens were turned into Dai through Uniswap V3 pools run by the attackers.
What Token Metrics Data Shows
Data as of May 25, 2026. Bitcoin is often seen as a sign for crypto market sentiment. It trades near $77,500. The price is up about 1% on the day and about 1.4% over the past week. The market cap is around $1.55 trillion. These numbers suggest the market is steady.
Token Metrics technical data on BTC shows mixed signals. The token-market signal is bullish. The trend momentum turned positive. This shows smart-money netflow. But the token stays in the middle of its recent range. It is not breaking out up or down. The price is stuck in the middle. Momentum is neutral. It is not too weak or too stretched. Volatility is moderate. This suggests the market is calm. It does not expect extreme moves soon. First support is near $73,800. If the price falls, it might bounce there. The next resistance is around $81,800. The price may struggle to go higher.
For investors, Bitcoin’s current position suggests caution. The bullish signal with neutral momentum points to possible upward moves but lacks strong conviction. The moderate volatility suggests this could be a good time to build positions. The mid-range placement means traders should wait for a clear breakout before taking large positions.
Polymarket consensus shows low expectations for a big Bitcoin dip soon. One market asks if Bitcoin will dip to $72,000 on May 25. It shows only a 0.15% chance. This is about $5,500 below the current price. Another market puts the odds of a dip to $55,000 in May at just 0.55%. That is about $22,500 below current levels. These low probabilities suggest traders see little immediate downside risk. This holds true even with the Safe wallet exploit news.
Token Metrics Daily Pulse called this event a “lead change” story. This shows its importance in the day’s crypto news. While the exploit did not directly affect Bitcoin’s price, it adds to security incidents in DeFi. Such events can hurt broader market confidence over time.
What’s New
The exploit focused on a third-party module added to Safe wallets. Blockaid’s investigation found SquidRouterModule was the weak contract. Attackers used this flaw to start unauthorized token swaps from hacked wallets.
Squid’s response helped clear things up. They confirmed their core Router contract stayed safe and untouched. The confusion came because the bad module used their name without their code. This similar name misled some about where the vulnerability came from.
Safe wallets run on many networks. The recent attack hit wallets on Ethereum and Base. The attackers moved fast. They struck within two hours. Their method was to turn all stolen tokens into Dai. They used Uniswap V3 pools they controlled for these swaps. This let them quickly change various tokens into a stable asset.
What to Watch
- Watch Safe’s official updates for news on more affected wallets or fixes.
- Look for statements from Blockaid about the full scope of the vulnerability and other modules at risk.
- Track on-chain activity from the attacker’s addresses for any movement of the stolen Dai funds.
- See how markets react to other tokens kept in Safe wallets, especially those used with third-party modules.
- Check for updates from Safe Labs on security improvements after this incident.
- Look for any regulatory news about security standards for third-party wallet modules.
- Watch for similar flaws to be found in other wallet protocols after this incident.
Disclaimer: This information is provided for educational purposes only and should not be considered financial advice.
Continue your research: Use Token Metrics crypto market research tools to compare market context, risk signals, and related crypto news before making decisions.
