Close Menu
Chain Tech Daily

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Fears of $27M Venus Protocol hack turn out to be phishing attack on power user

    July 4, 2026

    Announcing The Devconnect Istanbul Scholars Program

    July 4, 2026

    Dave Portnoy vows to hold Bitcoin even if it crashes to zero

    July 4, 2026
    Facebook X (Twitter) Instagram
    Chain Tech Daily
    • Altcoins
      • Litecoin
      • Coinbase
      • Crypto
      • Blockchain
    • Bitcoin
    • Ethereum
    • Lithosphere News Releases
    Facebook X (Twitter) Instagram YouTube
    Chain Tech Daily
    Home » Gnosis Pay reveals hidden flaw behind $1.5 million crypto hack
    Crypto

    Gnosis Pay reveals hidden flaw behind $1.5 million crypto hack

    James WilsonBy James WilsonJuly 4, 20264 Mins Read
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Gnosis Pay has revealed that a software flaw dating back to October 2023 enabled the $1.5 million exploit of its card safe infrastructure, while confirming that all affected users have been fully reimbursed.

    Summary

    • Gnosis Pay traced its $1.5 million hack to a Zodiac software flaw that had existed since October 2023.
    • The company reimbursed all affected users, restored services within days, and continues recovering about $300,000.
    • The incident adds to growing scrutiny of crypto security as firms and governments respond to rising cyber threats.

    According to a postmortem published by Gnosis Pay on Friday, the vulnerability was traced to version 3.4.0 of the Zodiac smart contract framework and had remained undiscovered since Oct. 30, 2023.

    The company said the weakness was exploited on June 1, allowing attackers to gain control of about $1.5 million in digital assets held across its decentralized self-custodial payment network.

    The report states that Gnosis Pay’s monitoring systems, operated by treasury manager NOCA, detected the first unauthorized transfer at 06:17 UTC on June 1. Engineers identified the root cause within two hours of the initial alert, after which the company suspended card services, temporarily halted its bridge to Gnosis Chain, and shared attacker wallet addresses with stablecoin issuers to help trace the stolen funds. Gnosis Pay also notified external projects that could have been exposed to the same vulnerability.

    On 1 June, Gnosis Pay experienced a security incident affecting card accounts. All affected balances were restored.

    Post-mortem here: https://t.co/2QZhQG4ndr

    — Gnosis Pay 💳 (@gnosispay) July 3, 2026

    Funds restored after staged recovery

    Following the incident, Gnosis Pay restored customer access in several phases. The company said the first affected accounts regained access to their balances and payment cards by the night of June 3 after new card-safe modules had been deployed. Installation continued over the following days, restoring service for 99% of users by June 6, while the remaining accounts were recovered shortly afterward.

    Gnosis Pay said it absorbed the financial losses itself, leaving customers with no losses from the exploit. According to the postmortem, the attackers stole mostly GNO, EURe, USDC.e, and several other digital assets. The company added that roughly $300,000 worth of assets had not yet been recovered and recovery efforts remain ongoing.

    The report also disclosed that 5,281 wallets holding at least $1 were affected by the exploit. Gnosis Pay published the attacker’s wallet address used during the incident, identifying it as 0x5a7…7a35, while explaining that the exploit targeted two components within its card safe infrastructure, the Delay Module and the Roles Module.

    Smart contract exploits continue to pressure crypto platforms

    The disclosure comes as security incidents continue to affect crypto infrastructure providers. As crypto.news reported earlier, Humanity Protocol recently confirmed it is repositioning toward enterprise artificial intelligence products after a $36 million exploit accelerated an internal restructuring that had already been under consideration for several months.

    During an interview, Humanity Protocol founder Terence Kwok said the company had been reviewing its long-term direction for six to nine months before the breach. He explained that the exploit sped up those plans, while adding that digital identity will remain central because enterprise AI systems will require reliable ways to verify people and credentials.

    Meanwhile, concerns over crypto-related cybercrime have also reached government leaders. Earlier, G7 leaders issued a joint statement after their summit in Evian-les-Bains, France, calling for coordinated action against North Korea’s cryptocurrency thefts and cybercrimes.

    The statement linked the issue to long-standing concerns that stolen digital assets have helped finance Pyongyang’s nuclear and ballistic missile programs under international sanctions, a claim repeatedly supported by Western governments and blockchain analytics firms.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    James Wilson

    Related Posts

    Crypto July 4, 2026

    Dave Portnoy vows to hold Bitcoin even if it crashes to zero

    Crypto July 4, 2026

    Gillibrand pushes crypto ethics ban after Trump’s $1.4b memecoin disclosure 

    Crypto July 4, 2026

    Upbit rejects Open USD role after stablecoin partner claims

    Crypto July 4, 2026

    Trump taps Robinhood for new child investment account rollout

    Crypto July 3, 2026

    Shielded Labs warns Ironwood delay could disrupt Zcash upgrade

    Crypto July 3, 2026

    Standard Chartered wins MiCA passport as EU approves 57 firms

    Leave A Reply Cancel Reply

    Don't Miss
    Coinbase July 4, 2026

    Fears of $27M Venus Protocol hack turn out to be phishing attack on power user

    The Venus Protocol user signed a malicious delegation transaction, granting the attacker’s contract control over…

    Announcing The Devconnect Istanbul Scholars Program

    July 4, 2026

    Dave Portnoy vows to hold Bitcoin even if it crashes to zero

    July 4, 2026

    Starknet stutters, turns off and on again twice in one day

    July 4, 2026
    Stay In Touch
    • Facebook
    • Twitter
    • YouTube
    • LinkedIn
    Our Picks

    Fears of $27M Venus Protocol hack turn out to be phishing attack on power user

    July 4, 2026

    Announcing The Devconnect Istanbul Scholars Program

    July 4, 2026

    Dave Portnoy vows to hold Bitcoin even if it crashes to zero

    July 4, 2026

    Starknet stutters, turns off and on again twice in one day

    July 4, 2026

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Don't Miss
    Coinbase July 4, 2026

    Fears of $27M Venus Protocol hack turn out to be phishing attack on power user

    The Venus Protocol user signed a malicious delegation transaction, granting the attacker’s contract control over…

    Announcing The Devconnect Istanbul Scholars Program

    July 4, 2026

    Dave Portnoy vows to hold Bitcoin even if it crashes to zero

    July 4, 2026

    Starknet stutters, turns off and on again twice in one day

    July 4, 2026

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    About Us
    About Us

    ChainTechDaily.xyz delivers the latest updates and trends in the world of cryptocurrency. Stay informed with daily news, insights, and analysis tailored for crypto enthusiasts.

    Our Picks
    Lithosphere News Releases
    X (Twitter) Instagram YouTube LinkedIn
    © 2026 Copyright

    Type above and press Enter to search. Press Esc to cancel.