Gnosis Pay reveals post-mortem report on security incident


  • Gnosis Pay on Friday released a detailed post-mortem report on the June 1 security incident, in which $1.5 million worth of funds were stolen from the exchange.
  • In the report, Gnosis Pay confirmed the vulnerability found in tower and role delay modules.
  • The report comes after the CEO of Gnosis Pay promised to cover all losses.

On July 3, Gnosis Pay, a self-custodial crypto debit card service developed on the Gnosis Chain using secure smart wallets, shared a detailed post-mortem report related to a security incident that occurred on June 1.

What happened in Gnosis Pay: details of the incident

In early June, Gnosis Pay experienced a major security vulnerability. Co-founder and CEO Martin Kopelman also confirmed a vulnerability in the Zodiac delay module. The main flaw was located in the ERC-1271 signature verification logic within the module. It is a system that only reads the return value of the contract without verifying that the call was actually executed successfully.

“The attack was quickly detected by the treasury manager, NOCA, via their monitoring infrastructure. We immediately triggered our incident response protocol and identified the root cause within two hours,” the post-mortem report stated.

“The impact was isolated to the card’s secure software module components (specifically the delay modules and roles provided by Zodiac). To ensure containment during the active screening phase, we systematically halted card transaction processing and new user authorization and onboarding systems,” it said. a report.

Attackers exploited this by deploying a contract that was designed to fail but still returned a “valid” pointer. In doing so, the attackers forged authorization and removed funds from accounts they did not own.

The vulnerability was introduced with the Zodiac 3.4.0 code release in October 2023 and was patched on June 5. The attackers stole approximately $1.5 million across 5,281 wallets, including approximately $641,000 in GNO, $453,000 in EURe, and $339,000 in USDC.e.

After this hack, Kopelman said: “Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.” A few days after this cyber attack, most operations were restored. The company claimed to have recovered more than 99% of services and completed full refunds for users.

The cryptocurrency sector is facing a difficult time with a series of security incidents

In the past few months, the cryptocurrency sector has had a tough time due to security issues. From April to June 2026, hackers stole hundreds of millions of dollars through clever attacks on DeFi platforms, bridges, and wallets. series Cyber ​​breaches The year 2026 has sparked fear in the entire cryptocurrency community, which is currently experiencing a bullish wave.

In April, the cryptocurrency sector was subjected to major cyberattacks, including… Seaweed dao. In about 28 security incidents, cumulative losses amounted to about $635 million. In April, two major cyberattacks occurred, including Drift Protocol and Kelp DAO. On April 1, Drift Protocol, a Solana-based trading platform, was hacked in a cyberattack and lost about $285 million. A few days later, Kelp DAO suffered a massive $292 million exploit through a flaw in the cross-chain LayerZero bridge.

In May and June, the cryptocurrency sector also reported small-scale cyberattacks, with losses falling to around $80 million in May and $76 million in June across dozens of security incidents each month. One major security incident occurred on the Humanity Protocol, where hackers stole around $36 million by compromising private keys on an infected developer’s machine.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *