Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
    MiCA Deadline Hits Top Safe Crypto Platforms for EU Users in July 2026
    MiCA Deadline Hits: Top Safe Crypto Platforms for EU Users in July 2026
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Gnosis Pay restored all affected balances after attackers exploited a Zodiac module flaw affecting over 5,200 wallets.

Written By Sharmistha Suman Sharmistha Suman
Edited by Shubham Soni Shubham Soni
Published 1 hour ago·Updated 1 hour ago
Make The Crypto Times preferred on GoogleGoogle
Share
Gnosis Pay Restores 100% User Funds After $1.8M Crypto Exploit

Key Highlights

  • Gnosis Pay confirmed 100% of affected user funds were restored.
  • The incident affected over 5,281 wallets and drained about $1.5 million.
  • Gnosis Pay absorbed all losses internally and restored services within days.

Gnosis Pay, a decentralized self-custodial payment network, has released a detailed post-mortem on a security incident that occurred on June 1, 2026. The company confirmed that while attackers exploited a vulnerability in its card safe infrastructure, all user funds were fully restored with no losses borne by customers. Gnosis Pay absorbed the entire financial impact of the breach.

In a post-mortem report published on Friday, the team stated that Gnosis Pay’s monitoring systems, led by treasury manager NOCA, detected the first large unauthorized transfer at 06:17 UTC on June 1. Within two hours, the team identified the root cause. Card services were immediately taken offline, the bridge to Gnosis Chain was paused, and attacker-linked addresses were shared with stablecoin issuers for isolation.

On 1 June, Gnosis Pay experienced a security incident affecting card accounts. All affected balances were restored.

Post-mortem here: https://t.co/2QZhQG4ndr

— Gnosis Pay 💳 (@gnosispay) July 3, 2026

The company also notified external projects that used similar infrastructure. The affected Zodiac modules were patched and submitted for review by ChainSecurity, while an emergency fund was established to support users with immediate needs.

Timeline of fund restoration 

By June 3 evening, Gnosis Pay had reactivated the first affected accounts, restoring balances and re-enabling cards. A phased rollout of newly engineered card safe modules followed, with full services restored to 99% of users by June 6 and remaining accounts completed shortly after. No users lost funds.

The attack targeted the Delay Module and Roles Module, components from the Zodiac framework used in Gnosis Pay’s card safe infrastructure. Attackers leveraged a subtle flaw in signature validation (ERC-1271 implementation) that failed to verify whether contract calls succeeded. This allowed them to forge approvals and queue unauthorized withdrawals from user safes.

How the incident unfolded

The vulnerability had existed in Zodiac version 3.4.0 since October 30, 2023. 

Attackers extracted approximately $1.5 million across various assets, primarily GNO, EURe, USDC.e, and others. An additional ~$300,000 in funds became temporarily inaccessible, with recovery efforts ongoing. In total, the incident affected 5,281 wallets holding at least $1.

Gnosis Pay said it covered all losses internally and maintained open communication with partners and users. The detailed post-mortem includes a clear timeline, technical description of the exploit (with the attacker contract address: 0x5a77953caa27ed4638f4dfdc665b8064d0e97a35), and asset breakdown.

What proactive steps did the company take

In response to the exploit, Gnosis Pay outlined several proactive steps:

  • Expanding its security team with external researchers.
  • Conducting a full internal review of on-chain and off-chain systems.
  • Commissioning an independent holistic security assessment.
  • Broadening audit scope to include external dependencies.
  • Enhancing monitoring of upstream projects for timely patches.
  • Rolling out an improved Gnosis Pay v2 product with better observability and streamlined operations.

Third-party dependencies remain a matter of intense audit 

The incident highlights the importance of auditing not only proprietary code but also third-party software dependencies used in crypto infrastructure.

While Gnosis Pay’s decision to absorb the estimated $1.8 million impact prevented customer losses, it also underscores the operational costs associated with maintaining user protections following security incidents.

As stablecoin-based payment cards gain wider adoption, the security of underlying infrastructure, particularly shared open-source components, is likely to remain a key focus for both operators and users.

Also Read: BTSE Expands Into Indonesia With Regulated Crypto Platform

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Crypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Sharmistha Suman
By Sharmistha Suman
Sharmistha Suman is a Crypto Journalist at The Crypto Times, based in Bhopal, Madhya Pradesh. She covers Bitcoin and Ethereum price action, Indian crypto regulation, and emerging Web3 protocols, with a particular focus on how Indian retail and institutional investors participate in the global digital asset market. She joined The Crypto Times in April 2026. Sharmistha has been writing on cryptocurrency and blockchain since 2022. Before joining The Crypto Times, she contributed to The News Crypto and Todayq, and produced independent research on Indian crypto adoption, the country's evolving regulatory framework, and the developer ecosystems building on Ethereum and Solana. She holds a Master's degree in Digital Journalism and a Bachelor's degree in Journalism and Creative Writing, both from Makhanlal Chaturvedi National University of Journalism and Communication in Bhopal.
Shubham Soni
By Shubham Soni
Follow:
Shubham Soni is the Editor at The Crypto Times, based in Ujjain, Madhya Pradesh. He oversees the editorial desk, reviewing daily news coverage of cryptocurrency markets, US and Indian regulation, institutional adoption, the Solana ecosystem, AI agents, and Real World Assets (RWAs). All policy and markets coverage at The Crypto Times passes through his desk before publication. Before joining The Crypto Times in October 2025, Shubham managed news desks at Sportskeeda and Opoyi, covering global politics, sports, and entertainment for high-volume newsrooms serving the US and Indian markets. His four years in fast-paced newsrooms shaped his approach to fact-checking, source verification, and structural editing on complex stories. Shubham holds a Master's degree in Journalism from Makhanlal Chaturvedi National University of Journalism and Communication (Bhopal) and a Bachelor's degree in Journalism from Amity University Rajasthan. 

Latest News

Standard Chartered, FalconX Among 37 Firms Added to ESMA’s MiCA List
Standard Chartered, FalconX Among 37 Firms Added to ESMA’s MiCA List
Moonbeam Exits Polkadot, Migrates GLMR to Base for AI Pivot
Moonbeam Exits Polkadot, Migrates GLMR to Base for AI Pivot
Bitget Expands Beyond Crypto With US Stock Options Trading
Bitget Expands Beyond Crypto With US Stock Options Trading
Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit
Hinkal Protocol Reveals Initial Cause Behind $820K Ethereum Exploit
IMF Says Tokenization Could Reshape the Global Finance System
IMF Says Tokenization Could Reshape the Global Finance System

Find Us on Socials

You may also like

Hinkal Protocol Exploited 450+ ETH Laundered via Tornado Cash & THORChain

Hinkal Protocol Exploited: $820K Laundered via Tornado Cash & THORChain

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Velocity Defends Drift Rebrand After $295M Crypto Exploit

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Polygon Shuts Down Its Once-Flagship $250M zkEVM on July 1

Edel Finance Hacked $403K Stolen as Attacker Moves Funds to Tornado Cash

Edel Finance Hacked: $403K Stolen as Attacker Moves Funds to Tornado Cash

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information