PANews
PANews|Jul 03, 2026 13:55
[Gnosis Pay Vulnerability Review: Signature Verification Flaw Leads to $1.5 Million Stolen, User Funds Fully Compensated] According to an update on Gnosis' official blog, Gnosis Pay suffered a security vulnerability attack on June 1. The attacker exploited signature verification flaws in Zodiac's Delay Module and Roles Module to forge withdrawal authorizations, stealing approximately $1.5 million from some users' wallets. Additionally, around $300,000 in funds is temporarily inaccessible. The vulnerability stemmed from the ERC-1271 signature verification logic failing to validate whether the staticcall executed successfully, allowing malicious contracts to return valid signature identifiers even when rolled back. Gnosis has covered all losses and completed user compensation. Currently, over 99% of services have been restored, and efforts are underway to expand the scope of security audits and dependency monitoring.
Share To

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads