- On Friday, Gnosis Pay released a detailed post-mortem report on the June 1 security incident, in which $1.5 million worth of funds was stolen from the platform.
- In the report, Gnosis Pay has confirmed the vulnerability present in the Zodiac Delay and Roles Modules.
- The report comes after the Gnosis Pay CEO promised to cover all losses.
On July 3, Gnosis Pay, a self-custodial crypto debit card service developed on Gnosis Chain using Safe smart wallets, shared a detailed post-mortem report related to a security incident that took place on June 1.
What Happened on Gnosis Pay: Incident Details
In early June, Gnosis Pay experienced a major security exploit. Co-founder and CEO Martin Koppelmann also confirmed a vulnerability in the Zodiac Delay Module. The main flaw existed in the ERC-1271 signature verification logic within the module. It is the system that only reads the contract’s return value without verifying whether the call had actually executed successfully.
The post-mortem report mentioned that “the attack was rapidly detected by the treasury manager, NOCA, via their monitoring infrastructure. We immediately triggered our incident response protocol and identified the root cause within 2 hours.”
“The impact was isolated to the card safe software module components (specifically the Delay and Roles Modules provided by Zodiac). To ensure containment during the active triage phase, we systematically paused card transaction processing, authorisation systems, and new user onboarding,” stated in the report.
Attackers exploited this by deploying a contract, which is designed to fail but still return a “valid” indicator. By doing this, attackers have forged authorization and withdrawn funds from accounts they did not own.
The vulnerability had been introduced with the Zodiac code version 3.4.0 in October 2023 and was patched on June 5. Attackers have stolen approximately $1.5 million across 5,281 wallets, including about $641,000 in GNO, $453,000 in EURe, and $339,000 in USDC.e.
After this hack, Koppelmann said, “Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.” A few days after this cyber attack, most of the operations were restored. The company claimed that it had recovered more than 99% of services and completed full user refunds.
Crypto Sector Faces Tough Time with a Series of Security Incidents
In the last few months, the crypto sector has faced a tough time with security problems. From April to June 2026, hackers have stolen hundreds of millions of dollars through clever attacks on DeFi platforms, bridges, and wallets. The series of cyber hacks in 2026 has sparked fear in the entire crypto community, which is currently going through a bullish wave.
In April, the crypto sector suffered major cyberattacks, including Kelp DAO. In around 28 security incidents, the cumulative losses have reached around $635 million. In April, two major cyber attacks took place, including Drift Protocol and Kelp DAO. On April 1, Drift Protocol, a Solana-based trading platform, was compromised in a cyber attack and lost around $285 million. After a few days, Kelp DAO suffered a massive $292 million exploit through a bug in its LayerZero cross-chain bridge.
In May and June, the crypto sector has also reported small-scale cyber attacks, where losses dropped to approximately $80 million in May and $76 million in June across dozens of security incidents in each month. One of the major security incidents took place on the Humanity Protocol, where hackers stole around $36 million by compromising private keys on an infected developer machine.
cryptopolitan.com
cointelegraph.com
coindesk.com
thecryptobasic.com