What happened to Gnosis Pay?

Gnosis Pay disclosed an active exploit affecting its delay module, a component used in its payment infrastructure. Gnosis co-founder Martin Köppelmann said the team is working to contain the incident and has pledged to reimburse affected users.

Did Gnosis Pay users lose funds in the exploit?

At the time of reporting, Gnosis had not disclosed the total amount stolen or the number of affected users. However, the team stated it intends to make affected users whole, suggesting compensation plans are being prepared.

Why did Martin Köppelmann tell users to withdraw funds and then reverse course?

Köppelmann initially advised users to withdraw funds as a precaution, but later deleted the message and said most users would not be able to withdraw. He subsequently shifted the focus to damage containment and user reimbursement efforts.

What is the Gnosis Pay delay module?

The delay module is a security layer that queues outgoing transactions before they are executed. According to blockchain developer Vadim Zacodil, the shared architecture means a vulnerability could potentially affect multiple user accounts simultaneously.

Is the exploit related to Gnosis Pay's self-custody model?

The incident highlights a limitation of shared infrastructure within self-custodial systems. While users retain control of their individual Safe wallets, a compromised shared transaction layer can still expose many accounts to risk.

How serious is the Gnosis Pay exploit?

The full scale remains unclear because Gnosis has not yet disclosed the financial impact. Key details still missing include the amount stolen, which contracts were affected and whether the issue is isolated to the delay module or reflects a broader design flaw.

What is Gnosis known for in the crypto industry?

Gnosis is a long-established Ethereum ecosystem project known for its smart-contract wallet infrastructure, Gnosis Chain and decentralised finance tools. Its Safe wallet technology is widely used across the crypto industry.

Is this connected to the recent Safe wallet exploit?

The incident follows a separate exploit involving a third-party SquidRouterModule connected to Safe wallets. That attack reportedly drained about $3.2 million from roughly 86 wallets, though Safe Labs said the vulnerability was outside its core protocol.

Image for illustrative purposes only. Not a real photo.

Gnosis vows refunds after Gnosis Pay exploit

Written by Mahathir BayenaPublished Jun 1, 2026, 2:54 PM

Gnosis co-founder Martin Köppelmann confirmed the attack involves the platform’s delay module and said the team is actively working to contain the damage while investigating the scope of the exploit.

“The Gnosis team is actively working to contain the damage,”

Said Gnosis co-founder, Martin Köppelmann, adding that affected users would be made whole.

Köppelmann initially advised users to withdraw funds from Gnosis Pay, a warning later amplified by blockchain security firm PeckShield, before deleting the message and clarifying that most users would be unable to withdraw their assets.

The exploit has raised questions about whether the issue originates from the Zodiac delay module itself, its implementation within Gnosis Pay or a broader architectural vulnerability, although the project has not yet disclosed the amount stolen or the number of users affected.

Former Near Protocol developer Vadim Zacodil said the incident highlights how Gnosis Pay’s shared delay layer can expose multiple users simultaneously, arguing that protection currently relies more on Gnosis’s ability to pause infrastructure and cover losses than on individual self-custody safeguards.

The attack follows a separate exploit involving a third-party module connected to Safe wallet infrastructure that resulted in approximately $3.2 million being drained from around 86 wallets, despite overall crypto-related losses falling to about $68.3 million in May, according to data from CertiK.