00:00
Money for You
Money for You
USD/RUB
EUR/RUB
Cryptocurrency

Gnosis Pay traces $1.5M hack to long-standing Zodiac software flaw

A hidden vulnerability in the Zodiac smart contract framework, dormant since October 2023, facilitated a $1.5 million exploit of Gnosis Pay’s card infrastructure on June 1. While the breach compromised thousands of self-custodial wallets, the firm confirmed that all impacted users were fully reimbursed for their losses.

The security failure originated in version 3.4.0 of the Zodiac framework, which remained undetected for seven months until attackers successfully targeted the company’s Delay and Roles modules. Treasury manager NOCA flagged the first unauthorized transaction at 06:17 UTC, prompting an immediate suspension of card services and the bridge to Gnosis Chain. Engineers identified the root cause within two hours, allowing the team to notify stablecoin issuers and external projects potentially exposed to the same flaw.

Recovery efforts proceeded in phases, with 99% of the 5,281 affected wallets restored by June 6. Gnosis Pay absorbed the financial impact of the theft, which consisted primarily of GNO, EURe, and USDC.e tokens. Although the company published the attacker’s address—0x5a7…7a35—to assist in tracking the stolen funds, approximately $300,000 remains unrecovered. The incident highlights the persistent risks facing decentralized payment networks as security scrutiny intensifies across the crypto industry.

Share

Comments (0)

Leave a comment

No comments yet. Be the first!