On 2026-05-28, decentralised exchange New Market Trading was drained of roughly $3.98M after an attacker exploited an authorisation flaw in one of its Gnosis Safe modules. The early loss estimate comes from on-chain forensics published by rekt.news (retrieved 2026-05-28); the figure may move as more transactions are traced. The exploit targeted the module's permission-check logic, not the core Safe contract.
TL; DR: New Market Trading's Gnosis Safe module trusted the wrong caller identity, letting an attacker drain ~$3.98M (early estimate). Self-custodial swap users who route through non-custodial services like GhostSwap were never exposed; funds held inside the exploited Safe were.
What happened to New Market Trading
A Gnosis Safe — the multisig wallet contract — sat at the centre of New Market Trading's treasury and liquidity routing. Around the Safe, the team had deployed a custom módulo: a smart contract granted permission to move funds out of the Safe without requiring the full multisig threshold. Modules are a normal Safe extension pattern. They are also the most common place Safe-based protocols get drained.
De acordo com o eBook da Digibee rekt.news incident report (retrieved 2026-05-28), the attacker called a function on the module that should have been restricted to a specific trusted address but was instead checking the wrong identity field. The attacker supplied an address they controlled, the check passed, and the module executed transfers out of the Safe. Approximately $3.98M in assets moved in under 12 minutes.
The core Gnosis Safe contract did exactly what it was told to do. The flaw lived in the module's onlyAuthorised lógica.
Why Safe modules keep failing this way
Authorisation flaws — code that trusts the wrong identity field — are consistently in the top exploit categories tracked by rekt.news's 2025 annual report (retrieved 2026-05-28) and the Immunefi 2024 crypto losses report (retrieved 2026-05-28). A function meant for the Safe's owner check msg.sender. A function meant for the module's keeper checks tx.origin. A function meant for a delegate checks an address stored in a struct that an earlier function let the caller overwrite. Each of these is a one-line bug with a multi-million-dollar blast radius.
A Gnosis Safe by itself is well-reviewed code — the Safe contracts have been audited multiple times by firms including Runtime Verification and Ackee Blockchain (audit reports retrieved 2026-05-28). Some Safe modules in the wild also carry audit reports. Many do not. New Market Trading's module — based on what is publicly visible on Etherscan — was bespoke. There is no public audit page linked from their docs as of the time of writing.
The lesson is structural, not New-Market-Trading-specific: the security of a Safe-based protocol is the security of the weakest module attached to it, not the security of the Safe itself.
Where this leaves swap users
If you held assets inside the New Market Trading Safe — as a liquidity provider, as a counterparty mid-trade, or because the protocol custodied your funds during a swap — you are exposed to the loss.
If you swapped através de a non-custodial pass-through service, your funds were in the service for the minutes it took to route the swap, then in your own wallet. No on-chain Safe, no module, no shared custody.
That is the structural difference between custodial DEX architectures and non-custodial swap services like GhostSwap. It is not a claim that GhostSwap cannot be exploited — every service has attack surface. It is a claim about where the attack surface lives.
GhostSwap vs Safe-custody DEX architectures
| Propriedade | Troca de fantasmas | Safe-module DEX (general pattern) |
|---|---|---|
| Custody during swap | Non-custodial pass-through; funds do not sit in a shared contract | Funds sit in the Safe / module-controlled vault for the lifecycle of the position |
| Requisitos da conta | No account, no email, no KYC | Wallet connect; some require KYC for fiat ramps |
| Cobertura de ativos | 1,600+ pairs across 200+ assets | Varia conforme a cadeia. |
| Conclusão típica | ~8 minutes median (p95 ~30 min, varies with chain congestion) | Instant on-chain, but exit liquidity may be locked if a module is paused |
| Modelo de preço | Floating rate + aggregated liquidity from leading crypto markets | AMM-priced; subject to pool-state manipulation |
| Blast radius of a single exploit | The exploited route; your funds were never pooled with others | Every depositor in the affected Safe / module |
The pair count, asset coverage, completion-time numbers, and pricing language above come from GhostSwap's live product-truth data (retrieved 2026-05-28).
How to swap safely while the dust settles
- Do not bridge into a paused protocol's pool to "catch the bottom." Post-exploit DEX pools frequently see follow-on drains as patches roll out.
- Prefer pass-through swaps over pool-deposit swaps for one-shot trades. If you are moving BTC to XMR or USDT to ETH once, you do not need to deposit into anything. Use the BTC→XMR pair page ou de Widget de troca ao vivo na página inicial and your funds touch the service for minutes, not days.
- Verify the destination chain before sending. Most post-exploit losses to retail users come from phishing sites mimicking the legitimate protocol, not the original exploit.
- Check the contract age before approving. New modules deployed in the days after a known incident are disproportionately likely to be malicious copies.
Perguntas frequentes
Q: Was GhostSwap affected by the New Market Trading exploit?
A: No. GhostSwap is a non-custodial pass-through service — funds do not sit in a shared Safe or module-controlled vault. The exploit targeted New Market Trading's own treasury contract; there is no shared infrastructure.
Q: Can the same kind of bug happen to GhostSwap?
A: No service is immune to bugs. The structural difference is what is at risk: in a Safe-module DEX, every depositor's funds are pooled in the exploited contract. In a pass-through swap, the funds in flight are limited to the swaps active during the attack window, not a pooled treasury.
Q: I had funds in New Market Trading. What can I do?
A: Monitor the team's official channels for a recovery plan and any whitehat negotiation. Per the rekt.news report (retrieved 2026-05-28), the attacker's address is being tracked on-chain. Do not interact with any "recovery contract" not announced through the team's verified accounts — these are almost always secondary phishing.
Q: What is a Gnosis Safe module and why do they keep getting exploited?
A: A module is a smart contract granted permission to move funds out of a Safe without the full multisig threshold. They exist because requiring 3-of-5 signatures for every keeper action is operationally impractical. They get exploited because authorisation checks inside the module — "is the caller allowed to do this?" — are easy to write wrong and the blast radius is the entire Safe balance.
Keep swapping without the custodial blast radius
If you are looking at the New Market Trading headlines and want to move funds without depositing into another shared-custody contract, the Página inicial do GhostSwap hosts the live swap widget — no account, no email, 1,600+ pairs, median completion ~8 minutes. For specific routes, the Página do par BTC para XMR e buy-crypto landing cover the common starting points.
More on the trade-offs of non-custodial swap architecture is at the widget de troca da página inicial.
