Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
    2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
    The Robinhood Chain Paradox Built for Tokenized Stocks, Dominated by Memecoins
    The Robinhood Chain Paradox: Built for Tokenized Stocks, Dominated by Memecoins
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
  • Opinion
    OpinionShow More
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Zodiac Reveals Flaw Behind Gnosis Pay Exploit, Safe Unaffected

The flaw impacted specific Zodiac module setups, while Safe smart contracts and wallet infrastructure remained unaffected, according to teams.

Written By Shubham Soni
Published 2026-06-03
Make The Crypto Times preferred on GoogleGoogle
Share
Zodiac Reveals Flaw Behind Gnosis Pay Exploit, Safe Unaffected
Show AI Summary
Vulnerability in Zodiac modules affects user accounts with specific configurations, potentially exposing them to unauthorized transactions.
Over 95% of identifiable affected accounts have taken corrective action, with users urged to review and mitigate their configurations.
The incident highlights the importance of secure third-party module integration, as the root cause is linked to flaws in Zodiac’s Roles Modifier and Delay Modifier modules.

The team behind Zodiac has disclosed the vulnerability linked to the recent Gnosis Pay security incident, revealing that the issue stemmed from flaws in two Zodiac modules rather than the underlying Safe wallet infrastructure.

In a security update posted on X on June 2, Zodiac said the vulnerability affected Roles Modifier v2 and Delay Modifier v1.1.0 under a specific set of conditions. The disclosure follows a security incident that prompted Gnosis Pay to halt bridge activity while teams worked to contain unauthorized transactions.

Community Notice: Zodiac Roles Modifier v2 and Delay Modifier v1.1.0 — Security Update

We identified a vulnerability in two Zodiac modules: Roles Modifier v2 and Delay Modifier v1.1.0. It affects only accounts where one of these modules is enabled AND a Safe account with a…

— Zodiac (@zodiaceco) June 2, 2026

Flaw limited to specific Zodiac configurations

According to Zodiac, the vulnerability only affected accounts where either the Roles Modifier v2 or Delay Modifier v1.1.0 module was enabled and where a Safe account using a vulnerable fallback handler had been assigned as a module or role member.

The team emphasized that the issue did not affect Safe smart contracts, Safe{Wallet} infrastructure, account recovery systems, or the Safe user interface. Zodiac also said other module configurations were not impacted.

The project stated that it had been working directly with affected users before publicly disclosing the issue and that more than 95% of identifiable affected accounts had already taken corrective action. Users with either module enabled were urged to review their configurations and apply the recommended mitigation steps.

Root cause linked to third-party modules

Following Zodiac’s disclosure, Safe Labs issued a clarification stating that the vulnerability originated in two third-party Zodiac modules rather than in Safe’s core infrastructure. 

An important clarification on the issue Zodiac has disclosed:

This is a vulnerability in two third-party Zodiac modules (Roles Modifier v2 and Delay Modifier v1.1.0).

Important: Safe smart contracts, Safe{Wallet} infrastructure and UI and account recovery, are not affected.… https://t.co/fTMyMFLyg2

— Safe{Labs} (@SafeLabs_) June 2, 2026

The organization reiterated that Safe smart contracts, wallet infrastructure, and user-facing systems were not affected. Safe Labs said it is coordinating with Zodiac, Gnosis, and members of the security community as response efforts continue.

Meanwhile, Co-Founder of Gnosis Martin Köppelmann said the newly disclosed vulnerability represents the root cause of the Gnosis Pay incident and noted that several projects beyond Gnosis Pay were affected. He added that teams had attempted to notify impacted projects privately before public disclosure.

Here is the root cause of the current Gnosis Pay incident. Several other projects are affected. We tried to inform everyone privately in advance, but if you haven’t heard yet and are using a Zodiac module — Delay or Roles — please urgently check whether you are affected 👇 https://t.co/NtC1i8CRgb

— koeppelmann (@koeppelmann) June 2, 2026

How the exploit impacted Gnosis Pay

The vulnerability came to light after Gnosis Pay disclosed an active exploit involving the Zodiac Delay Module. Gnosis Pay connects self-custody crypto wallets to a Visa-linked payment card system using Safe smart accounts and modular security components. One of those components, the Zodiac Delay Module, is designed to impose a waiting period between transaction approval and execution, providing time to detect and block unauthorized activity.

Investigators found that the vulnerability allowed attackers to bypass intended security controls and execute transactions from affected Safes. As the exploit unfolded, Gnosis coordinated with bridge validators to pause bridge operations and limit further movement of funds.

At the time of the incident, Köppelmann said the company expected to contain most losses and pledged that affected users would be fully reimbursed.

Gnosis Pay begins recovery process

As response efforts continued, Gnosis Pay said on June 2 that the incident had been fully contained and that operations would begin resuming in phases starting Wednesday evening (GMT+2).

In a detailed X thread, the company said every user will receive a new card-linked Safe connected to their existing card and identity profile. For users affected by the exploit, the new Safe will be funded with the same balance that was held previously. Unaffected users will be required to migrate funds from their existing Pay Safe to the new account structure.

Gnosis Pay also said it plans to release additional details about the incident at a later date and warned users to remain vigilant against scammers and impersonators attempting to exploit the situation. The company stressed that team members would not contact users privately or request funds through direct messages.

Post-mortem expected

Zodiac said a full post-mortem will be published once the investigation is complete. The team apologized for the disruption caused by the incident and said it continues to assist affected users.

The disclosure provides the clearest explanation so far of the technical issue behind the Gnosis Pay exploit, while narrowing its scope to a specific combination of Zodiac modules and Safe account configurations rather than a broader flaw in Safe’s wallet infrastructure.

Also Read: Coinbase Backs Ethena as ENA Surges on Adoption Expectations

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
2 Years of the ₹2,000 Cr WazirX Hack: The Money Never Came Back. Neither Did the Founder
CASHCAT Trader Loses 72% From $3.8M Peak as Token Crashes
CASHCAT Trader Loses 72% From $3.8M Peak as Token Crashes
Cardano Hands Node Development to Community in Major Shift
Cardano Hands Node Development to Community in Major Shift
FTX Creditors Set for $900M Windfall in Fifth Repayment
FTX Creditors Set for $900M Windfall in Fifth Repayment
Will XRP Hit $1.50? July’s Biggest ETF Inflows Meet Declining Whale Selling

Find Us on Socials

You may also like

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information