Skip to content
- Gnosis confirms active exploit and promises reimbursement for affected users.
- Attackers exploited delay module while containment efforts remain ongoing.
- Safe infrastructure unaffected as investigators assess exploit’s full impact.
Gnosis co-founder and CTO Martin Köppelmann revealed the company is running an exploit on Gnosis Pay and it will cover all losses incurred by users should an event occur. The attack itself uses the coding part Zodiac delay module, which is part of the Gnosis Pay system, Köppelmann said. When the vulnerability has been detected, the company began to implement containment measures and is working to prevent any additional unauthorized transactions.
Blockchain security firm PeckShield raised the alarm as well and asked users to check their exposure. The warning rapidly grew from there throughout the crypto neighborhood as fears reared concerning the likely affect on impacted wallets. Attackers might be able to initiate transactions from Safe wallets containing the compromised delay module.If the attackers could open transactions from the vulnerable delay module in Safe wallets, then they can open the transactions. Gnosis started to work with bridge validators and others to attempt to limit the amount of funds tied up in the protocol’s exploit. Gnosis will cover the losses no matter how significant they are, Köppelmann said, so all the affected customers will be made whole.
Also Read: Zero Network Collapse Raises New Fears Across Ethereum Layer 2 Projects
Gnosis Races to Limit Damage
Köppelmann had earlier told EURe and GNO holders to withdraw their assets from their wallets to avail of the Gnosis Pay service. Eventually, however, he deleted out that message and read a new and up-to-date statement. Many users would not be able to wire money in real-time during the containment procedure, he said. Instead, Gnosis turned its attention to securing vulnerable systems and minimize further exposure.
The vulnerability is related to the Zodiac delay module, which is a permission layer that waits for transactions to be executed. The attackers took advantage of that module to gain some other ability to transact without authorization. In addition, Köppelmann had no doubt that the company would take care of most of the damage.
Safe Core Infrastructure Not Affected
The core smart contracts of Safe aren’t inherently flawed, said Gnosis. The affected module is not an integral part of the Safe wallet app but part of the Gnosis Pay environment, which is used by the latter. It’s important as Safe has been operating independently from Gnosis since 2022. However, the two projects are still very much linked as Gnosis Pay cards use self-custodial wallet technology.
This is a fresh incident, coming on the heels of another attack days ago. If this had been the case, hackers could have drained approximately $3.2 million from 86 Gnosis Safe wallets through the third-party module, SquidRouterModule. Gnosis hasn’t stated the exact amount of funds impacted by the latest exploit. The company hasn’t also disclosed the extent of the loss on the fund. The containment measures are in place and investigators continue to probe into the incident.
Gnosis is continuing to investigate the vulnerability and is trying to recover the affected systems. The company, however, has publicly committed to bearing all losses by users, prioritising client protection in the list of its response measures.
Also Read: Bessent Reaffirms CBDC Ban While Clarity Act Gains Congressional Support
