Gnosis Pay Refunds 100% of User Funds Following $1.8M Crypto Attack, Here’s All
Highlights
- Gnosis Pay suffered a $1.8M exploit on June 1, 2026 via a Zodiac module vulnerability.
- The team identified the root cause in under two hours and suspended all card services.
- All 5,281 affected wallets were fully refunded, Gnosis Pay absorbed every cent of the loss.
Gnosis Pay has released a comprehensive postmortem detailing a security breach that compromised its card safe infrastructure on June 1, 2026. Though the hackers took about $1.5 million worth of digital assets from the decentralized self-custodial payment network, it has stated that all those affected have been completely compensated, and it will absorb the financial losses.
Gnosis Pay Identified Root Cause Within Two Hours
The report, released Friday, details the events of the attack, the technical flaw that allowed the attack to happen, and the steps taken to restore service and enhance security. The post-mortem stated that the first big unauthorized transfer was spotted by the Gnosis Pay monitoring systems, run by treasury manager NOCA, at 06:17 UTC on June 1. The company claimed that its engineering team was able to determine the cause of the incident in just two hours after the first warning.
On 1 June, Gnosis Pay experienced a security incident affecting card accounts. All affected balances were restored.
Post-mortem here: https://t.co/2QZhQG4ndr
— Gnosis Pay 💳 (@gnosispay) July 3, 2026
After the discovery, GNOSIS Pay immediately suspended the card services and temporarily halted the bridge to GNOSIS Chain and provided wallet addresses of attackers to stablecoin issuers to help identify assets that have been stolen. The company also notified external projects that might be impacted by the vulnerability.
The restoration of the funds was carried out in stages over a period of days by Gnosis Pay. The company has activated the first impacted accounts by the night of June 3 and returned balances and payment cards. Newly designed, card-safe modules were then progressively installed to restore full access for 99% of users by June 6. The remainder was put right up shortly thereafter.
Gnosis Pay Announces Broad Security Improvement Measures
The company said there were no financial losses, as the entire loss was covered by the company’s Gnosis Pay platform. This is done by taking advantage of two components within the card safe infrastructure of Gnosis Pay, the Delay Module and the Roles Module, the report said.
The investigation revealed that the vulnerability was present since October 30, 2023, in the Zodiac version 3.4.0.
They gained control of approximately $1.5 million worth of various assets, mainly GNO, EURe, USDC.e, and other tokens. An extra around $300,000 was not immediately available, but recovery efforts continue. A total of 5,281 wallets with wallets of at least $1 were impacted in the incident. The company also revealed the attacker address used in the exploit, which is 0x5a7…7a35.
The Gnosis Pay hack adds to a growing list of smart contract exploits drawing scrutiny from institutional observers. Amid rising security concerns across DeFi payment infrastructure, Front-Running Fixes Proposed for XRP Ledger are gaining traction, highlighting that even major blockchain networks are tightening their on-chain transaction controls in response to the same class of vulnerabilities that hit Gnosis Pay.











