CryptoNewsZ
2026-07-03 18:15:44

Gnosis Pay Shares Details of Security Incident on June 1

On Friday, Gnosis Pay released a detailed post-mortem report on the June 1 security incident, in which $1.5 million worth of funds was stolen from the platform. In the report, Gnosis Pay has confirmed the vulnerability present in the Zodiac Delay and Roles Modules. The report comes after the Gnosis Pay CEO promised to cover all losses. On July 3, Gnosis Pay, a self-custodial crypto debit card service developed on Gnosis Chain using Safe smart wallets, shared a detailed post-mortem report related to a security incident that took place on June 1. On 1 June, Gnosis Pay experienced a security incident affecting card accounts. All affected balances were restored. Post-mortem here: https://t.co/2QZhQG4ndr — Gnosis Pay 💳 (@gnosispay) July 3, 2026 What Happened on Gnosis Pay: Incident Details In early June, Gnosis Pay experienced a major security exploit. Co-founder and CEO Martin Koppelmann also confirmed a vulnerability in the Zodiac Delay Module. The main flaw existed in the ERC-1271 signature verification logic within the module. It is the system that only reads the contract’s return value without verifying whether the call had actually executed successfully. The post-mortem report mentioned that “the attack was rapidly detected by the treasury manager, NOCA, via their monitoring infrastructure. We immediately triggered our incident response protocol and identified the root cause within 2 hours.” “The impact was isolated to the card safe software module components (specifically the Delay and Roles Modules provided by Zodiac). To ensure containment during the active triage phase, we systematically paused card transaction processing, authorisation systems, and new user onboarding,” stated in the report . Attackers exploited this by deploying a contract, which is designed to fail but still return a “valid” indicator. By doing this, attackers have forged authorization and withdrawn funds from accounts they did not own. The vulnerability had been introduced with the Zodiac code version 3.4.0 in October 2023 and was patched on June 5. Attackers have stolen approximately $1.5 million across 5,281 wallets, including about $641,000 in GNO, $453,000 in EURe, and $339,000 in USDC.e. After this hack, Koppelmann said, “Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.” A few days after this cyber attack, most of the operations were restored. The company claimed that it had recovered more than 99% of services and completed full user refunds. Crypto Sector Faces Tough Time with a Series of Security Incidents In the last few months, the crypto sector has faced a tough time with security problems. From April to June 2026, hackers have stolen hundreds of millions of dollars through clever attacks on DeFi platforms, bridges, and wallets. The series of cyber hacks in 2026 has sparked fear in the entire crypto community, which is currently going through a bullish wave. In April, the crypto sector suffered major cyberattacks, including Kelp DAO . In around 28 security incidents, the cumulative losses have reached around $635 million. In April, two major cyber attacks took place, including Drift Protocol and Kelp DAO. On April 1, Drift Protocol, a Solana-based trading platform, was compromised in a cyber attack and lost around $285 million. After a few days, Kelp DAO suffered a massive $292 million exploit through a bug in its LayerZero cross-chain bridge. In May and June, the crypto sector has also reported small-scale cyber attacks, where losses dropped to approximately $80 million in May and $76 million in June across dozens of security incidents in each month. One of the major security incidents took place on the Humanity Protocol, where hackers stole around $36 million by compromising private keys on an infected developer machine.

最阅读新闻

相关新闻

获取加密通讯
阅读免责声明 : 此处提供的所有内容我们的网站,超链接网站,相关应用程序,论坛,博客,社交媒体帐户和其他平台(“网站”)仅供您提供一般信息,从第三方采购。 我们不对与我们的内容有任何形式的保证,包括但不限于准确性和更新性。 我们提供的内容中没有任何内容构成财务建议,法律建议或任何其他形式的建议,以满足您对任何目的的特定依赖。 任何使用或依赖我们的内容完全由您自行承担风险和自由裁量权。 在依赖它们之前,您应该进行自己的研究,审查,分析和验证我们的内容。 交易是一项高风险的活动,可能导致重大损失,因此请在做出任何决定之前咨询您的财务顾问。 我们网站上的任何内容均不构成招揽或要约