Key facts
- Gnosis Pay experienced a security breach on its card safe infrastructure on June 1, 2026.
- Approximately $1.5 million in digital assets was stolen by hackers.
- Gnosis Pay has compensated all affected users and absorbed the financial losses.
- The vulnerability was identified as being in Zodiac version 3.4.0, present since October 2023.
- Full service restoration for 99% of users was achieved by June 6, 2026.
Gnosis Pay has detailed a security breach that occurred on June 1, 2026, impacting its card safe infrastructure and resulting in the theft of approximately $1.5 million in digital assets. The company confirmed that all affected users have been fully compensated, with Gnosis Pay absorbing the financial losses.
The post-mortem report revealed that unauthorized transfers were first detected by Gnosis Pay's monitoring systems at 06:17 UTC. The engineering team identified the technical flaw, which was present in Zodiac version 3.4.0 since October 30, 2023, within two hours. In response, Gnosis Pay immediately suspended card services and halted the bridge to Gnosis Chain, while also providing attacker wallet addresses to stablecoin issuers.
Restoration efforts were conducted in stages. By the night of June 3, the first impacted accounts were reactivated. Full access for 99% of users was restored by June 6, with the remaining accounts addressed shortly thereafter. The company leveraged its Delay Module and Roles Module within the card safe infrastructure to manage the recovery process. A total of 5,281 wallets were affected, with the stolen assets primarily comprising GNO, EURe, and USDC.e. An additional $300,000 remains unrecovered as efforts continue.
This incident adds to a series of smart contract exploits in the DeFi space, prompting broader security discussions and the proposal of front-running fixes for other blockchain networks like the XRP Ledger.