Gnosis Pay Exploit

Key Takeaways

Gnosis Pay is currently addressing an active security exploit targeting its transaction delay module, which facilitates queued payments.

Co-founder Martin Köppelmann has publicly committed to covering all losses for affected users, reversing an initial warning that suggested immediate fund withdrawals.

The incident arrives shortly after a separate third-party module breach within the Safe ecosystem, highlighting ongoing risks in smart contract wallet infrastructure.

Responding to the Delay Module Vulnerability

The Gnosis team is actively working to mitigate damage following a breach in the Gnosis Pay infrastructure. The exploit specifically affects the delay module, a component designed to manage outgoing transactions from user wallets.

While initial advice from project leadership suggested users attempt to move their assets, this recommendation was retracted due to technical limitations preventing mass withdrawals.

Developers are now focused on patching the vulnerability while verifying the scope of the theft. Although specific financial data remains subject to ongoing assessment, the team has provided a firm guarantee that all users impacted by the unauthorized withdrawals will be fully compensated from the project treasury.

Security Trends in Wallet Infrastructure

This event highlights a complex challenge regarding how self-custodial accounts are configured. Expert analysis suggests that the vulnerability may stem from how outgoing transactions are queued across multiple wallets simultaneously. Even though users maintain individual control over their primary keys, a flaw in the shared delay layer allows malicious commands to propagate.

Unfortunately, there is a hack related to @gnosispay and the “delay module”.
Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.

— koeppelmann (@koeppelmann) June 1, 2026

This breach follows a pattern of recent security challenges in the decentralized finance sector, where third-party modules interacting with smart contract wallets have become targets for bad actors.

Deleted an earlier tweet that asked users to withdraw funds. Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole.

— koeppelmann (@koeppelmann) June 1, 2026

As the community waits for a full forensic report, the focus remains on ensuring that the architecture governing these payment flows is secured against future configuration errors or logic flaws.

Final Thoughts

The situation at Gnosis Pay serves as a reminder that complex modular designs, while efficient, introduce additional layers of risk. The commitment to full reimbursement is a positive step for community trust, yet the incident shows the necessity of more rigorous stress testing for decentralized payment infrastructure.

Frequently Asked Questions

What component was exploited in Gnosis Pay?
The breach occurred within the system’s delay module, which handles queued transactions.

Will users get their money back?
Yes, Gnosis has officially committed to reimbursing all affected users in full.

Is this related to other recent hacks?
It follows a separate exploit involving a third-party module connected to Safe wallets, though investigations are ongoing.

Source link