Gnosis Pay Exploit: Full User Reimbursement Promised Following Security Incident - Blockonomi
by Oliver Dale · BlockonomiKey Takeaways
Table of Contents
- Key Takeaways
- Critical Vulnerability Discovered in Zodiac Delay Module
- Emergency Response Protocols Activated
- Reimbursement Promise Highlights Smart Contract Payment Challenges
- Gnosis announces complete reimbursement for all victims of Gnosis Pay security incident
- Critical vulnerability in Zodiac Delay Module enables unauthorized transaction execution
- Emergency containment measures deployed across compromised Safe wallet infrastructure
- EURe and GNO token holders urged to withdraw funds immediately
- Security incident highlights ongoing vulnerabilities in blockchain payment solutions
A critical security vulnerability forced Gnosis into emergency response mode after malicious actors exploited a weakness in the Zodiac Delay Module. The attack compromised Safe-based payment infrastructure and prompted immediate containment protocols. The company has committed to providing complete restitution to all affected users.
Critical Vulnerability Discovered in Zodiac Delay Module
The security compromise originated from a previously unknown vulnerability within the Zodiac Delay Module integrated into Gnosis Pay infrastructure. This component typically enforces time-based restrictions on outbound transactions to enhance security. However, attackers discovered a method to circumvent these protections and execute unauthorized transfers from vulnerable Safe wallets.
The Gnosis Pay platform bridges cryptocurrency holdings with traditional payment networks by utilizing Safe smart contract wallets. These accounts connect digital assets to physical payment cards for everyday transactions. The modular architecture that enables this functionality inadvertently created an attack vector when one component contained exploitable code.
Martin Köppelmann, co-founder of Gnosis, publicly acknowledged the delay module vulnerability. He confirmed that attackers gained the ability to trigger transactions from compromised Safe accounts. The development team immediately classified the situation as a critical security emergency requiring immediate user action.
Emergency Response Protocols Activated
Gnosis implemented multiple defensive strategies to minimize ongoing damage as the exploitation continued. The organization contacted bridge validators with requests to temporarily suspend operations, effectively limiting potential exit channels for stolen assets. This infrastructure-level intervention aimed to restrict attacker mobility while security teams analyzed the breach.
Users received urgent notifications to immediately withdraw EURe stablecoins and GNO tokens from potentially vulnerable accounts. Köppelmann acknowledged that manual withdrawal might not be feasible for all users. The response strategy therefore prioritized system-wide protective measures to safeguard remaining funds.
Blockchain security provider PeckShield independently confirmed the active exploitation targeting Gnosis Pay users. The firm issued public warnings encouraging account holders to verify their exposure status and move assets to secure locations. Throughout the incident, Gnosis maintained its commitment to absorb all financial losses experienced by users.
Reimbursement Promise Highlights Smart Contract Payment Challenges
Gnosis has not yet disclosed the total financial impact of the security breach. A comprehensive technical post-mortem analyzing the exploit methodology remains unpublished. The exact number of compromised accounts has not been confirmed in official communications.
This incident intensifies scrutiny of blockchain-based payment infrastructure security. Gnosis Pay represents an innovative approach to cryptocurrency spending, connecting non-custodial wallets directly to Visa’s payment network for mainstream commerce. While this design preserves user sovereignty over funds, it simultaneously creates dependencies on secure permission management.
The vulnerability adds to a concerning pattern of attacks targeting Safe wallet ecosystems. Blockaid previously documented a separate incident resulting in $3 million in losses across 86 Safe wallets deployed on Ethereum and Base networks. These repeated compromises demonstrate how third-party modular components can introduce significant security risks into cryptocurrency payment platforms and wallet systems.