On June 1, 2026, a security event involving Gnosis Pay revealed a serious flaw in the Zodiac Delay Module, enabling attackers to carry out nefarious activities from connected Safe smart wallets. Customers expressed alarm about the exploit once reports of depleted balances appeared. Gnosis worked swiftly to control the situation, halt the impacted systems, and promise to reimburse all affected customers from its treasury.

In addition to the vulnerability itself, the incident has garnered a lot of attention in the cryptocurrency community due to the way the exploit interacted with a security mechanism that was initially intended to safeguard users.

• How the Zodiac Delay Module Exploit Worked?
• Users Report Drained Balances From Linked Safe Wallets
• Gnosis Pauses Bridge & Moves to Contain the Damage
• Gnosis Treasury to Cover All User Losses

How the Zodiac Delay Module Exploit Worked?

The Zodiac Delay Module utilised in the Gnosis Pay ecosystem was the specific target of the exploit. The purpose of this module was to mandate a three-minute wait before some transactions from linked Safe smart wallets could be completed.

In most cases, the delay acted as a security buffer, allowing users to recognise and stop questionable transactions before money left their wallets. Attackers, however, were able to exploit the module in a way that made this security feature vulnerable.

The delay method essentially trapped cash in pending statuses rather than assisting customers in stopping illicit conduct. Affected users were unable to move their assets out of risk during the cooling period after fraudulent transactions were started. Users were unable to move fast enough to protect their money since the intended escape window turned into a barrier.

In light of this, while users were stuck in the delay process, attackers were able to exploit associated Safe smart wallets and carry out illicit transactions.

Users Report Drained Balances From Linked Safe Wallets

Many users reported fraudulent money transfers and depleted balances from wallets linked to Gnosis Pay after the exploit. Despite the delay mechanism, impacted consumers suffered losses because the attack took advantage of the connection between Gnosis Pay and associated Safe smart wallets.

The incident highlighted a serious issue with the module's security design. When used maliciously, a tool that was meant to give users more control over suspicious activities ended up contributing to the issue.

Reports from affected consumers swiftly went viral on social media and in cryptocurrency circles, highlighting the vulnerability and putting more pressure on the Gnosis team to act soon. The immediate losses and the potential for more wallets to be targeted if mitigating actions were delayed were the main causes for concern.

As more information surfaced about how the cooldown period hindered users from fleeing the attack once rogue transactions had already entered the system, the situation worsened.

A bug related to the @gnosispay delay module has been discovered. We are investigating & will share updates as soon as possible.

If you are able to withdraw funds from the Gnosis Pay card to your wallet, we strongly recommend that you do that.

Affected users will be reimbursed.— Gnosis Pay 🦉💳 (@gnosispay) June 1, 2026

Gnosis Pauses Bridge & Moves to Contain the Damage

Gnosis responded swiftly to the exploit in order to prevent additional exposure. Pausing its bridge infrastructure was one of the first significant actions taken, which helped stop further money transfers while the security team looked into the problem.

In order to limit the harm and stop hackers from extending the exploit's reach, the corporation also put emergency precautions in place. Gnosis concentrated on stabilising the platform and safeguarding the remaining user funds by isolating impacted systems and fixing the vulnerability.

Users were reassured that the problem was being actively handled by the prompt response. Even though the exploit revealed a flaw in the Zodiac Delay Module, the quick containment actions showed a well-coordinated incident response approach and decreased the possibility of further exploitation.

The magnitude of the attack and the team's haste in handling the issue were reflected in the decision to halt vital infrastructure.

Gnosis Treasury to Cover All User Losses

Gnosis's pledge to completely compensate impacted users was arguably the most important development that followed the attack. The business declared that the Gnosis treasury will pay for any losses brought on by the occurrence.

Because users had already started reporting drained balances and fraudulent transactions, this pledge received a lot of acclaim from the cryptocurrency community. Instead of letting users bear the financial burden of the exploit, Gnosis decided to assume liability and compensate impacted clients.

The company's crisis management strategy took precedence over the financial ramifications of the attack due to the reimbursement guarantee. The promptness of the response, the openness surrounding the issue, and the readiness to spend Treasury funds to compensate users were all praised by several commentators.

In an era where security incidents sometimes result in protracted legal battles over compensation and accountability, Gnosis's ruling gave impacted users instant relief. Even while investigations and remediation efforts were ongoing, the pledge guaranteed that victims of the Zodiac Delay Module exploit would not have to pay for the attack.

In addition to highlighting the significance of quick containment procedures and explicit reimbursement guidelines when user funds are impacted, the incident offers a noteworthy illustration of how a security mechanism can act unexpectedly under attack situations.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

1. AI Driven Restructuring Hits Crypto Companies
2. Covenant AI Exits Bittensor Amid Centralisation Row
3. Surf Liquid Launched AI-Powered Stablecoin Savings on Polygon
4. Vitalik Buterin Predicts AI-Secured Blockchain Future
5. From Crypto.com to AI.com: The $70M AI Bet

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.