Cryptonews
Gnosis Pay Suffers $1.5 Million Exploit Due to ERC-1271 Vulnerability
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On June 1, Gnosis Pay experienced a significant security incident due to a flaw in the ERC-1271 signature verification logic within the Zodiac Delay Module. This vulnerability allowed attackers to deploy contracts that falsely authorized fund withdrawals from 5,281 wallets, resulting in the theft of approximately $1.5 million, including $641,000 in GNO, $453,000 in EURe, and $399,000 in USDC.e. The flaw was introduced with Zodiac code version 3.4.0 in October 2023 and was patched on June 5. Gnosis Pay's incident response was swift, with the attack detected within two hours, leading to the isolation of affected systems. The company has committed to covering user losses and is expanding its security measures. The incident reflects a broader trend of cyberattacks in the crypto sector, which has seen hundreds of millions stolen in recent months.
Key Points: • Gnosis Pay lost approximately $1.5 million due to a vulnerability in ERC-1271. • The vulnerability allowed attackers to forge authorizations and withdraw funds from user accounts. • Gnosis Pay has committed to covering user losses and enhancing its security protocols.