Gnosis Pay Vulnerability Disclosure
In a recent disclosure, Gnosis Pay announced that a vulnerability in its card safe system, identified in October 2023, facilitated an exploit that resulted in the theft of $1.5 million. The company clarified that all users affected by the incident have received full compensation for their losses. The flaw originated from version 3.4.0 of the Zodiac smart contract framework and had gone unnoticed since its emergence on October 30, 2023.
Details of the Exploit
The exploit took place on June 1, when attackers gained unauthorized access to a significant amount of digital currencies through Gnosis Pay’s decentralized self-custodial payment platform. The incident was initially flagged at 06:17 UTC that morning by NOCA, the treasury manager overseeing Gnosis Pay’s monitoring systems. Within a mere two hours of detecting the breach, engineers traced the issue back to its source and took immediate action by suspending card services and pausing the bridge to Gnosis Chain.
Furthermore, they collaborated with stablecoin providers to share information regarding the attackers’ wallet addresses to aid in the recovery of lost funds.
Response and Recovery
Following the security breach, Gnosis Pay’s response unfolded in stages to restore service to affected users. By the night of June 3, the initial batch of compromised accounts had regained access to their balances and payment capabilities thanks to the implementation of new card-safe modules. This gradual restoration continued, ultimately bringing service back to 99% of users by June 6, with the remainder of accounts being fully recovered shortly thereafter.
Gnosis Pay confirmed that it absorbed the financial damage from the exploit, ensuring that users did not incur any losses. Primarily, the stolen assets consisted of GNO, EURe, USDC.e, among others. The report noted that recovery efforts for approximately $300,000 of the stolen assets are still underway. It also revealed that the breach affected 5,281 wallets, each containing at least $1.
The implicated wallet address of the attacker, identified as 0x5a7…7a35, was disclosed, with the company explaining that the vulnerability exploited two specific elements of its card safe infrastructure: the Delay Module and the Roles Module.
Broader Implications
This incident at Gnosis Pay adds to the growing concerns over the security of crypto infrastructure providers, particularly following Humanity Protocol’s recent restructuring due to a massive $36 million exploit, which hastened its shift towards enterprise artificial intelligence solutions. As the founder of Humanity Protocol, Terence Kwok, indicated, the breach accelerated their ongoing reassessment of the company’s strategy, emphasizing the importance of digital identity verification for enterprise-level AI systems.
Amidst these developments, global leaders, including those from the G7, have expressed heightened alarm regarding cybercrime associated with cryptocurrencies. After a summit in Evian-les-Bains, France, they called for unified efforts to combat North Korea’s cyber-theft operations, which, according to longstanding reports, have allegedly financed the country’s missile and nuclear programs under international sanctions. This sentiment has been echoed by Western governments and blockchain analytics firms alike.