A bug in Gnosis Pay’s delay module allowed attackers to drain user funds. Gnosis co-founder confirms full reimbursements are coming.
A security flaw hit Gnosis Pay, and users felt it fast.
The bug targeted the platform’s Zodiac delay module, a feature built to protect transactions with a three-minute cooldown. Instead of blocking attacks, the module became the entry point.
Gnosis Pay serves as a self-custodial debit card service, supporting stablecoins like EURe. The team moved quickly to contain the damage after the exploit surfaced.
Read also:
Gnosis Pay Delay Module Bug Opens Door to Attackers
The delay module was supposed to add a layer of safety. That did not happen.
Attackers exploited the flaw and drained funds from affected Safes on the network. The extent of total losses remained unclear as the team worked to assess the damage.
Gnosis co-founder Stefan Koeppelmann took to X with an apology. He confirmed on X that the hack was tied directly to the delay module.
Deleted an earlier tweet that asked users to withdraw funds. Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole.
— koeppelmann (@koeppelmann) June 1, 2026
He deleted an earlier post that urged users to withdraw their funds, later acknowledging that most users could not act on that advice. He committed to covering all losses from the incident.
Gnosis Pay also posted on X, advising users who could still withdraw funds to do so immediately.
The team said it was investigating the issue and would share updates as soon as possible. The platform assured affected users that reimbursements were on the way.
The incident stirred panic across the community.
One user reportedly could not access funds while at the beach. Koeppelmann responded directly to concerned users, reinforcing the reimbursement commitment throughout the chaos.
A bug related to the @gnosispay delay module has been discovered. We are investigating & will share updates as soon as possible.
If you are able to withdraw funds from the Gnosis Pay card to your wallet, we strongly recommend that you do that.
Affected users will be reimbursed.
— Gnosis Pay 🦉💳 (@gnosispay) June 1, 2026
Cross-Chain Transfers Paused as Team Works to Limit Damage
Gnosis Pay moved on several fronts to stabilize the situation.
The team paused cross-chain transfers as part of its response. They also addressed UI bugs that were preventing users from making withdrawals during the incident. Users began checking their balances in both EURe and GNO as the news spread.
Koeppelmann stated the team believed it could contain the majority of the damage.
He did not share specific loss figures at the time of the announcement. The priority was stopping further exposure while reassuring the community that no user would be left out of pocket.
The incident raises questions about smart contract security in real-world payment tools.
Delay modules are precisely to prevent this kind of exposure. A flaw within that specific layer is an outcome that developers and users of such systems did not anticipate.
