The Ripple media scene saw a spectacular development, as the Squid Crypto protocol finalized a $6 million strategic funding round led by North Island Ventures and with participation from Ripple on May 25, 2026, but the joy was short-lived; In less than 24 hours, an attacker managed to withdraw $3 million from the protocol.
The hack targeted a third-party liquidity aggregator integrated with Squid’s cross-chain swap architecture and did not affect the underlying contracts that had undergone security review. For its part, Squid’s official response completely disavowed this breach, emphasizing that the team does not know who deployed the specific unit responsible for draining the funds.
Squid acts as a pooling protocol for decentralized exchanges (meta-DEX) and chain abstraction, routing swaps across multiple networks via pooled liquidity layers. The $6 million raise was intended to serve as a catalyst for expanding this interoperability architecture, framing Ripple’s involvement as a strategic alliance with its broader roadmap for cross-chain payments, but that narrative collapsed in a single news cycle.
Ripple News: How did the Squid Crypto hack happen? Vulnerability of third-party module
The attack vector was a liquidity pool submodule that Squid recently integrated to facilitate cross-chain routing of swaps, a component that sits outside of the protocol’s main validation contract stack. The attacker exploited price feed manipulation or errors in the configuration of access permissions within this module to directly withdraw assets, bypassing security controls governing Squid’s core contracts.
This scenario reflects a structural pattern that has repeated itself in the history of DeFi hacks; Audits cover only the delivered components, not the entire dependency tree. Because the module in question was a third-party integration layer, its trust assumptions, authorization logic, and Oracle dependencies were never subjected to the same level of scrutiny as the original Squid code.
The Squid Router team quickly released a statement distancing itself from the incident, explaining that the funds drained came from a third-party Gnosis Safe module called SquidRouterModule, which the team did not build, deploy, or even operate. They emphasized that the main router nodes were not affected and that all Squid users and modular integrators were safe.
The team noted that this module merged with Squid alongside other protocols without any direct involvement on their part, and urged the community not to confuse the two due to similar names. They also confirmed that Squid users are not currently required to take any action.
The post Squid Crypto Protocol Hacked and $3 Million Stolen After Backing Ripple appeared first on Cryptonews Arabic.
