Back

Gnosis Pay Exploit: Urgent Withdrawal Advisory for Users

Severity: High (Score: 69.9)

Sources: Pluang

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: gnosis, exploit, active, module, pluang, crypto, stocks

Severity indicators: critical, critical security, security flaw, flaw

Summary

Gnosis Pay is currently experiencing an active exploit linked to its Zodiac delay module, which allows attackers to execute unauthorized transactions from Safe wallets. Users are urged to withdraw their EURe and GNO tokens immediately to prevent potential losses. The exploit does not affect the core Safe contracts, but it poses a significant risk to those using the Zodiac module. Gnosis co-founder Martin Köpp has confirmed the ongoing exploit and the need for immediate action from users. The situation remains critical as the exploit is actively being utilized by attackers. Gnosis Pay is working to mitigate the issue and secure the platform. Key Points: • Gnosis Pay's Zodiac delay module is under active exploitation. • Users are advised to withdraw EURe and GNO tokens immediately. • The exploit does not impact core Safe contracts but poses a significant risk.

Detailed Analysis

**Impact** Users of Gnosis Pay, specifically those holding EURe and GNO tokens, are affected by an active exploit targeting the Zodiac delay module. The exploit enables unauthorized execution of queued transactions from Safe wallets that use this module. The impact is limited to Gnosis Pay’s system and does not affect the core Safe contracts. No specific geographic or sectoral data beyond token holders was provided. **Technical Details** The attack exploits a vulnerability in the Zodiac delay module, allowing attackers to bypass transaction delays and execute unauthorized transactions from Safe-based accounts. No CVEs or malware names were mentioned. The exploit occurs during the execution phase of the kill chain by manipulating queued transactions. No infrastructure details or IOCs were provided. **Recommended Response** Users are urged to immediately withdraw their EURe and GNO tokens from Gnosis Pay to prevent loss. Defenders should monitor transaction queues within the Zodiac delay module for unauthorized activity. No patch or configuration guidance was provided in the articles. Further updates should be monitored for mitigation steps or official patches.

Source articles (2)

  • Gnosis faces active exploit; users urged to wit... | Pluang – Crypto, Stocks, Gold & Funds — Pluang · 2026-06-01
    Gnosis Pay users were warned to withdraw their EURe and GNO tokens following an active exploit in the platform's Zodiac delay module, which allows attackers to initiate unauthorized transactions from…
  • Critical security flaw in Gnosis Pay exploited;... | Pluang – Crypto, Stocks, Gold & Funds — Pluang · 2026-06-01
    Gnosis Pay is currently facing an active exploit linked to its Zodiac delay module, which allows queued transactions to be executed from Safe wallets using this module. The exploit affects Gnosis Pay'…

Timeline

  • 2026-06-01 — Active exploit confirmed in Gnosis Pay: Gnosis Pay's Zodiac delay module is being exploited, allowing unauthorized transactions from Safe wallets.
  • 2026-06-01 — Users warned to withdraw funds: Gnosis Pay users are urged to withdraw their EURe and GNO tokens due to the active exploit.

Related entities

  • Data Breach (Attack Type)
  • Zero-day Exploit (Attack Type)
  • Gnosis (Company)
  • Gnosis Safe (Company)
  • Gnosis Pay (Platform)
  • Zodiac Delay Module (Platform)
  • Zodiac (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed