Security Breach at Gnosis Pay
Gnosis Pay is currently facing a serious security breach, prompting warnings from both its co-founder Martin Köppelmann and blockchain security company PeckShield. Users of the platform have been strongly advised to withdraw all their assets, including both EURe and GNO tokens, due to an ongoing exploit related to the Zodiac delay module.
Warnings from Leadership
“If you are a Gnosis Pay user – unfortunately I have to recommend: withdraw all funds (EURe and GNO),”
– Martin Köppelmann
Köppelmann detailed the vulnerabilities associated with the delay module, alerting users that they may fall victim to an exploit that allows attackers to initiate transactions from Safes utilizing this module.
Details of the Exploit
PeckShield echoed this concern in their own alert, advising users to evaluate their exposure, as they could potentially be impacted by this exploit. According to Köppelmann’s updates, the issue stems from a bug tied to the Zodiac delay module, which was designed to introduce a waiting period before processing transactions. This setup was intended to provide users with an opportunity to halt unauthorized transfers, yet a flaw in this mechanism has enabled attackers to initiate transactions without user consent.
Mitigation Efforts
To mitigate the damage, Gnosis is collaborating with external service providers and has requested bridge validators to pause operations, which could help restrict further movement of compromised funds across blockchain networks. The exact nature of the exploit and the number of affected accounts have yet to be clarified, as no final loss figures or comprehensive examinations of the incident have been published so far.
Reassurance to Users
“Rest assured, Gnosis will cover all user losses.”
– Martin Köppelmann
This reassurance comes amidst both the platform’s ongoing efforts to address the exploit and the larger context of Gnosis Pay’s recent launch of a self-custody crypto payment card designed for transactions at Visa-affiliated merchants, further integrating cryptocurrency into everyday financial practices.
Current Status
As of now, while Gnosis Pay remains operational, users are strongly encouraged to take immediate safeguarding measures by withdrawing their funds while the technical team works to resolve the ongoing issues.
