Written by Christina Comben , Staff Writer.Reviewed by Bryan O'Shea , Staff Editor.Written by Christina Comben , Staff Writer.Reviewed by Bryan O'Shea , Staff Editor.Gnosis Pay exploit hits delay module as team pledges refunds
Latest NewsPublishedJun 1, 2026Gnosis Pay faces an active exploit in its delay module as co‑founder Martin Köppelmann walks back a warning urging users to withdraw funds and vows to repay those affected.
Gnosis is working to contain an exploit Monday affecting its Gnosis Pay product after co-founder Martin Köppelmann acknowledged an active hack involving the system’s delay module and said the project would cover user losses.
Köppelmann initially urged users to withdraw funds, a warning quickly amplified by blockchain security firm PeckShield, which said users were strongly advised to withdraw all funds (EURe and GNO) and check exposure.
The Gnosis co-founder later withdrew that advice, however, and deleted the initial tweet, saying that most users would not be able to withdraw their funds. He reiterated that the Gnosis team is “actively working to contain the damage” and will make users whole.
Gnosis is a long-running Ethereum project best known for its smart contract wallet infrastructure and Gnosis Chain, an Ethereum Virtual Machine (EVM)-compatible network used for payments and decentralized finance.
The shifting guidance leaves key questions unanswered, including how much has been stolen, which contracts or users are affected, and whether the issue stems from the Zodiac delay module itself, its configuration within Gnosis Pay, or a broader architectural flaw.
Gnosis co-founder pledges to make users whole. Source: Koeppelmann
Cointelegraph reached out to Gnosis and Gnosis Pay for comment, but had not received a response by publication.
Former Near protocol core developer Vadim Zacodil said Gnosis Pay’s design routes user self-custody through a shared “delay” layer that queues outgoing transactions from many Safes at once, so a bug or exploit there can push malicious withdrawals into thousands of users’ queues simultaneously, even though individual keys never move.
In practice, he argued, what is protecting users in this incident is less the self-custodial Safe accounts and more Gnosis’s ability to pause infrastructure and commit treasury funds to cover losses.
Related: Cosmos-based Gravity Bridge halts bridge after reported $5.4M exploit
Incident follows third-party Safe module exploit
The incident comes just days after a separate exploit involving a third-party module connected to Safe, the smart contract wallet infrastructure originally incubated within the Gnosis ecosystem and now developed by Safe Labs.
In that case, a SquidRouterModule contract interacting with Safe wallets was abused to drain about $3.2 million from roughly 86 Safes across Ethereum and Base, prompting both Safe Labs and Squid to say the vulnerability lay outside their core protocols.
It also comes after a month of reduced crypto exploit losses on the whole. Data from CertiK posted Sunday showed total losses fell to about $68.3 million in May, a roughly 90% decline from April, marking the third month this year with losses below $100 million.
Magazine: Will the CLARITY Act be good — or bad — for DeFi?
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.More on the subject
Why older users are losing so much money to crypto ATM scams56 minutes agoDilip Kumar Patairya
Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds1 hour agoZoltan Vardai
Crypto exploit losses in May fall 90% over month to $68M: CertiK9 hours agoMartin YoungWhy older users are losing so much money to crypto ATM scams56 minutes agoDilip Kumar PatairyaRecovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds1 hour agoZoltan VardaiCrypto exploit losses in May fall 90% over month to $68M: CertiK9 hours agoMartin Young
