Loading...
Gnosis Pay suffered a security vulnerability attack on June 1st, where attackers exploited signature verification flaws in Zodiac's Delay Module and Roles Module to forge withdrawal authorizations, stealing approximately $1.5 million from some users' wallets and temporarily inaccessible approximately $300000 in funds. The vulnerability stems from the ERC-1271 signature verification logic not verifying whether static call was executed successfully, resulting in malicious contracts returning valid signature identifiers even if rolled back. Gnosis has taken full responsibility for all losses and completed user compensation. Currently, over 99% of services have been restored, and the scope of security audits and dependency monitoring is being expanded.