Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
  • Opinion
    OpinionShow More
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Gnosis Pay Pauses Bridge Following Active Zodiac Delay Module Exploit

Co-Founder Martin Köppelmann said that most users cannot withdraw funds now but expects to contain most losses and promises full reimbursement to affected users.

Written By Kenrodgers Fabian
Fact Checked by Divya Mistry
Published 2026-06-01
Make The Crypto Times preferred on GoogleGoogle
Share
Gnosis Pay Pauses Bridge Following Active Zodiac Delay Module Exploit
Show AI Summary
Attackers exploited a Zodiac Delay Module vulnerability to bypass security gates in Gnosis Pay’s smart contract system.
The breach manipulated a safety feature designed to introduce a time delay between transactions, allowing unauthorized actions to occur.
Gnosis Pay’s Safe wallet smart accounts, enhanced with modular components, were compromised due to the implementation flaw.

Gnosis has moved to contain a security breach affecting its Gnosis Pay after attackers exploited a vulnerability in the Zodiac Delay Module. Co-Founder Martin Köppelmann confirmed the incident on X, saying the company will compensate all affected users. 

The company asked bridge validators to pause related bridge activity as it worked to limit further damage. Köppelmann initially warned users about an active exploit, writing: “Unfortunately, there is a hack related to @gnosispay and the ‘delay module’. Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.”

Deleted an earlier tweet that asked users to withdraw funds. Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole.

— koeppelmann (@koeppelmann) June 1, 2026

Additionally, he also clarified that an earlier message asking users to withdraw funds had been deleted. “Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole,” he said.

Anatomy of the Zodiac Delay flaw

Gnosis Pay functions by attaching self-custody crypto wallets to everyday consumer spending via a Visa-linked debit card system. To make this safe, the platform utilizes Safe wallet smart accounts enhanced by modular programming components.

One of these core layers is the Zodiac Delay Module, a smart contract modifier engineered to act as a security backstop. It forces a mandatory time delay between when an external transaction is initiated and when it actually executes on-chain. This buffer window is supposed to give defense protocols time to identify and veto unauthorized actions. 

However, the attacker discovered an implementation flaw that completely flipped this security feature. The bug allowed the exploit tool to bypass verification gates and initiate outbound transactions directly from Safes that had the module turned on.

As the exploit unfolded, Köppelmann noted that most retail users would be locked out from executing manual defensive withdrawals. In response, Gnosis teams moved to freeze the protocol by coordinating with validator networks to shut down all outbound bridge paths, cutting off the attacker’s exit routes.

Delay module faces new scrutiny

At press time, Gnosis Pay has not yet released an estimate of the total losses from the security breach. The company has also not published a full technical report on how the exploit occurred. As a result, it remains unclear how many users or accounts were affected. The project said it is still investigating whether all malicious activity has been fully stopped.

The incident has also renewed attention on risks linked to smart contract-based payment systems. Gnosis Pay connects self-custody crypto wallets to everyday spending through a Visa-linked card system.

While this setup allows users to spend crypto in real-world transactions, it also means that weaknesses in permission controls or smart contract modules can expose users to financial risk.

Recent attacks add context

The latest incident comes after another security breach involving infrastructure linked to Gnosis Safe. In that earlier attack, hackers stole about $3 million from 86 Safe wallets across Ethereum and Base, according to blockchain security firm Blockaid. The firm said the exploit was tied to a vulnerable third-party module called SquidRouterModule.

Blockaid reported that attackers took advantage of a flaw in the module’s executeSameChainActions() function. This allowed them to act as trusted delegates and approve transactions without authorization. The stolen funds were then swapped into DAI using liquidity pools on Uniswap V3 controlled by the attackers.

Separately, Gnosis has recently taken a more active approach to recovering lost funds. In April, Gnosis Chain carried out a hard fork that recovered $9.4 million linked to the November 2024 Balancer hack. The recovered assets were moved into a DAO-controlled wallet, while the community debated how the funds should be distributed.

The incidents highlight ongoing challenges in balancing user protection, decentralization, and rapid incident response in crypto systems.

Also Read: Whitehat Hacker Unlocks $2M Stuck in 2016 Ethereum ICO Contract

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Trump Pushed the CLARITY Act, Polymarket Cut Its Odds to 35%
Trump Pushed the CLARITY Act, Polymarket Cut Odds to 35%
Robinhood Files to Launch Internal Employee Investment Fund
Robinhood Files to Launch Internal Employee Investment Fund
Apple Bans Crypto Ads From Maps as Google Keeps Path Open
Apple Bans Crypto From Maps as Google Keeps Path Open
Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short
Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short
Crypto Daily Brief Crypto.com Funding, Bybit Expansion, ETF Inflows Drive Market
Crypto Daily Brief: Crypto.com Funding, Bybit Expansion, ETF Inflows Drive Market

Find Us on Socials

You may also like

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Blockaid Flags BarnBridge Legacy Proposals Over Token Approval Risks

Blockaid Flags BarnBridge Legacy Proposals Over Token Approval Risks

EU, US, UK Target Crypto Wallets in Alleged $300M TrickBot Crackdown

EU, US, UK Target Crypto Wallets in Alleged $300M TrickBot Crackdown

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information