Gnosis Pay Reveals Post-Mortem Report on Security Incidents


  • On Friday, Gnosis Pay released a detailed post-mortem report on the security incident on June 1, when $1.5 million was stolen from the platform.
  • In the report, Gnosis Pay has identified a vulnerability in the Zodiac Delay and Role modules.
  • The report comes after the CEO of Gnosis Pay promised to pay all the losses.

On July 3, Gnosis Pay, a self-sustaining crypto debit card service built on the Gnosis Chain using Safe smart wallets, shared a detailed death report related to the crash that occurred on June 1.

Gnosis Pay Events: Event Details

At the beginning of June, Gnosis Pay received a major security boost. Co-founder and CEO Martin Koppelmann also confirmed the vulnerability in the Zodiac Delay Module. A major flaw existed in the concept of ERC-1271 signature verification within a session. It is a system that simply reads the return value of the contract without verifying whether the call was executed successfully.

The post-mortem report stated that “the risk was quickly identified by the asset manager, NOCA, through their monitoring tools.

“These results were based on the security components of the software (especially the Delay and Roles Modules provided by Zodiac). To ensure that we have no test time, we have systematically stopped the development of the card system, the authentication process, and the use of new users,” he said in report.

The attackers used this to send a contract, which is designed to fail but return a “valid” signal. By doing this, attackers will create authorization and withdraw funds from accounts they do not have.

The attack was launched with Zodiac code version 3.4.0 in October 2023 and was updated on June 5. Criminals stole approximately $1.5 million from 5,281 wallets, including $641,000 in GNO, $453,000 in EURe, and $339,000 in USDC.0.

After the hack, Koppelmann said, “Please be patient while we try to contain the damage. Be aware that Gnosis will destroy all lost user data.” A few days after the cyber attack, many services were restored. The company said it recovered more than 99% of services and completed full refunds to users.

The Crypto Sector Faces a Troubled Time with a Series of Security Incidents

Over the past few months, the crypto sector has faced security challenges. From April to June 2026, hackers have stolen hundreds of millions of dollars through smart DeFi platforms, bridges, and wallets. List of cyber hacks in 2026 has caused panic in the entire crypto community, which is currently going through a bullish trend.

In April, the crypto sector was hit by a major cyber crisis, including Kelp DAO. About 28 security incidents, cumulative losses have reached about $635 million. In April, two major cyber attacks occurred, including Drift Protocol and Kelp DAO. On April 1, Drift Protocol, a Solana-based trading platform, suffered a cyber attack and lost approximately $285 million. A few days later, Kelp DAO acquired a massive $292 million through a bug in its LayerZero bridge.

In the months of May and June, the crypto sector also reported a small number of cyber attacks, with losses falling to around $80 million in May and $76 million in June through monthly security data. One of the biggest security breaches occurred at Humanity Protocol, where hackers stole nearly $36 million by cracking private keys on infected production systems.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *