- Trending
- Comments
- Latest
Gnosis co-founder Martin Köppelmann warned all Gnosis Pay users on Monday to immediately withdraw EURe and GNO holdings after an attacker exploited a bug in the platform’s Zodiac delay module, enabling unauthorised transactions from affected smart contract accounts.
The warning came directly from Gnosis co-founder Martin Köppelmann and was later reinforced by blockchain security firm PeckShield, as the team worked to contain the issue and protect user balances.
The Gnosis Pay exploit affects accounts using smart contract modules designed to manage transaction timing and permissions.
While the full scope of losses had not been publicly disclosed at the time of writing, users were instructed to withdraw both EURe and GNO from Gnosis Pay as a precaution while mitigation efforts continued.
The incident places fresh attention on smart contract security in crypto payment infrastructure as blockchain-linked payment products continue expanding into everyday financial use.
The immediate concern in the Gnosis Pay exploit centers on a software bug tied to the Zodiac delay module used inside Gnosis Pay’s Safe-based account structure.
“If you are a Gnosis Pay user – unfortunately I have to recommend: withdraw all funds (EURe and GNO),” — Martin Köppelmann, in a public X post.
Köppelmann later clarified the issue, writing: “The bug is related to the Zodiac delay module.”
According to his update, the attacker can initiate transactions from Safes that use the delay module.
Gnosis Pay documentation explains that its payment accounts rely on smart contract modules including a Delay Module and Roles Module.
Under normal conditions, the Delay Module creates a waiting period before certain outgoing transactions are executed, giving users a short window to review activity and react if necessary.
The Gnosis Pay exploit appears to compromise that intended safeguard, creating risk for wallets configured with the affected module.
Because Gnosis Pay is built around self-custody, the warning quickly prompted users to review balances and move assets while the platform investigated.
The response to the Gnosis Pay exploit expanded quickly as the team coordinated with infrastructure providers.
“We are doing various measures to contain the damage like asking bridge validators to pause,” — Martin Köppelmann.
That response suggests the platform is working across external infrastructure to limit the movement of potentially compromised funds.
Bridge validators often play a role in cross-chain asset transfers, and temporary pauses can reduce opportunities for rapid movement while teams investigate active attacks.
PeckShield also issued a separate alert tied to the Gnosis Pay exploit, stating: “Users are strongly urged to withdraw all funds (EURe and GNO).”
The independent security warning added urgency and reinforced the platform’s guidance.
Köppelmann also gave one of the clearest reassurances so far regarding user exposure.
“Rest assured, Gnosis will cover all user losses,” — Martin Köppelmann.
As of publication, Gnosis had not released a final incident report or confirmed how many users were directly affected.
The Gnosis Pay exploit arrives as blockchain-based payment tools continue expanding beyond traditional crypto transfers.
Gnosis Pay launched its self-custody crypto payment card to connect blockchain wallets with real-world spending at Visa merchants, positioning itself among a growing group of payment platforms combining smart contracts with consumer transactions.
That model offers more direct wallet control but also increases reliance on permission systems, transaction modules, and automated smart contract infrastructure.
The latest Gnosis Pay exploit highlights how vulnerabilities in those systems can affect user funds quickly when a core module is compromised.
Security around wallet permissions and transaction timing has become increasingly important as crypto payment products move closer to mainstream consumer use.
For now, the platform has not indicated a complete shutdown.
Instead, the official guidance tied to the Gnosis Pay exploit remains focused on immediate withdrawals while mitigation continues.
The next critical step will likely be a technical post-mortem explaining how the Zodiac delay module bug was exploited, how much exposure occurred, and what safeguards will be introduced to prevent a repeat.
Until then, the Gnosis Pay exploit stands as one of the more closely watched crypto payment security incidents this week, with users, developers, and security researchers monitoring the platform’s response as Gnosis works to contain damage and restore confidence.
Copyright © 2025 - The Bit Gazette.
