CoinFeed
Gnosis Pay Incident Review: Signature Verification Flaw Leads to $1.5 Million Stolen, User Funds Fully Reimbursed - CoinFeed
Time 13:52

Gnosis Pay Incident Review: Signature Verification Flaw Leads to $1.5 Million Stolen, User Funds Fully Reimbursed

July 3, 2026
CoinFeed News

CoinFeed July 3 news, according to a Gnosis official blog update, Gnosis Pay suffered a security vulnerability attack on June 1. The attacker exploited a signature verification flaw in Zodiac's Delay Module and Roles Module to forge withdrawal authorizations, stealing approximately $1.5 million from some user wallets, with an additional approximately $300,000 in funds temporarily inaccessible. The vulnerability arose from the ERC-1271 signature verification logic not verifying whether the staticcall executed successfully, allowing malicious contracts to return valid signature identifiers even when reverted. Gnosis has fully covered the losses and completed user compensation. Currently, over 99% of services have been restored, and they are also expanding the scope of security audits and dependency monitoring.

Back to News Feed