Compliance & Security

Squid is committed to operating a secure, compliant cross-chain infrastructure. This page documents Squid's compliance policies, wallet screening, and token whitelisting procedures.

Restricted Jurisdictions

Squid does not permit swaps originating from or destined for the following sanctioned jurisdictions:

Cuba
Iran
North Korea
Syria

Transactions involving addresses linked to these jurisdictions will be blocked.

Wallet Screening & AML

Squid uses TRM Labs' blacklist API to vet wallet addresses for Anti-Money Laundering (AML) compliance.

How it works

Before processing a route, Squid checks the fromAddress and toAddress against TRM's risk database.
Wallets flagged for illicit activity by TRM, including association with sanctioned entities, darknet markets, ransomware, or stolen funds, will be blocked from executing transactions.
This screening is applied automatically and does not require any action from integrators.

If a legitimate user's wallet is incorrectly flagged, they should contact Squid support for resolution.

Token Whitelisting

Squid maintains a strict token whitelisting process to prevent fake or spoofed tokens from being available for swaps.

Why whitelisting?

Cross-chain routing involves moving value across multiple DEXs and bridges. Spoofed tokens — tokens mimicking legitimate assets with similar names or symbols — can lead to:

Loss of funds via manipulated liquidity pools
Incorrect pricing and route calculations
Reputation damage for integrators

Automatic token monitoring

Squid continuously monitors and automatically adds validated tokens that meet our quality criteria from trusted sources:

CoinGecko — tokens listed on CoinGecko with verified contract addresses are automatically evaluated for inclusion.
Defined.fi — tokens tracked by Defined.fi with sufficient liquidity and trading activity are automatically evaluated.

This ensures that the Squid token list stays up to date with legitimate, actively traded assets without requiring manual submissions for well-known tokens.

Manual token whitelisting

For tokens not yet picked up automatically, you can submit a request:

Submit a request via the Token Whitelisting Form.
The Squid team reviews the token contract for:
- Verified source code on the relevant block explorer
- Sufficient liquidity on supported DEXs
- Legitimate project history and team
- No evidence of malicious behavior (honeypots, hidden minting, etc.)
Upon approval, the token is added to the supported token list and becomes available via the /v2/tokens and /v2/sdk-info endpoints.

Tokens that are not whitelisted will not appear in the Squid API responses and cannot be used in route requests.

Smart Contract Security

Squid's smart contracts are designed to never hold liquidity — they only orchestrate calls to DEXs and other involved contracts. This avoids security risks usually associated with token bridges.

For full audit details, see Audits & Security.

Shared Responsibility Model

Squid utilizes a Shared Responsibility Model for security and compliance. Our core cryptographic infrastructure and Trusted Execution Environment (TEE) policy engine are provided by Cubist, which is SOC 2 Type II compliant. This ensures that the hardware-level security, key management, and policy enforcement layers of the Squid platform meet rigorous, audited institutional standards.

Previous"Powered by Squid" Policy NextAudits & Security

Last updated 14 days ago