Exploits Articles

Third-party Safe module bypassing intact signature shields with a public hardcoded authorization key

The $3.2M SquidRouterModule Exploit: How a Public String Drained 86 Safe Wallets

A third-party module named SquidRouterModule drained $3.2M from 86 Gnosis Safe wallets on Ethereum and Base. Full attack chain, the auth flaw, and the lesson.

Aron Turner·May 26, 2026

Poisoned developer IDE extension exfiltrating internal repositories and secrets into an external archive vault

exploits

GitHub's 3,800-Repo Breach: How a Poisoned VS Code Extension Burned the World's Biggest Code Host

One poisoned VS Code extension on one GitHub employee's laptop cost the company ~3,800 internal repositories. Here is the attack chain, the Mini Shai-Hulud worm internals, and the rotate-everything checklist that follows.

Aron Turner·May 21, 2026

Breached cyberpunk vault door with a single compromised lock: the 1-of-1 LayerZero DVN that let $292M leave Kelp DAO

exploits

Kelp DAO's $292M Hack and Aave's $6B Fallout: One Config Parameter Broke DeFi

A 1-of-1 LayerZero DVN let attackers drain 116,500 rsETH ($292M) from Kelp DAO, loop it through Aave V3 for $266M in ETH, and wipe $6B in Aave TVL in 24 hours. No Solidity bug. One config parameter broke DeFi.

Aron Turner·Apr 20, 2026

Drift Protocol $270M exploit breakdown — Solana durable nonces weaponized in DPRK-attributed multisig attack

exploits

Drift Protocol's $270M Exploit: How Solana's Durable Nonces Became a Social Engineering Weapon

An attacker drained $270M from Drift Protocol by abusing Solana's durable nonce feature to pre-sign malicious multisig transactions weeks before execution.

Aron Turner·Apr 3, 2026

Aave oracle liquidation incident breakdown

exploits

Aave's $27M Liquidation Incident: How a Stale Oracle Parameter Wiped Out 34 Users

A desynchronized oracle parameter caused Aave to undervalue wstETH by 2.85%, triggering $27M in wrongful liquidations across 34 users. Full technical breakdown.

Aron Turner·Mar 12, 2026