Gnosis Pay, a pioneering self-custodial payments platform built on Gnosis Chain, is responding to an active security exploit involving its Zodiac Delay Module. The issue allows unauthorized transaction initiation from certain Gnosis Safe wallets linked to the service.
Martin Koppelmann, Gnosis co-founder, confirmed the incident and stated that the team is actively containing the damage. Bridge validators were requested to pause operations. Importantly, Gnosis has committed to making all affected users whole, covering 100% of losses.
The core Gnosis Safe contracts remain secure. The vulnerability is isolated to the Delay Module implementation specific to Gnosis Pay.
Deleted an earlier tweet that asked users to withdraw funds. Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole.
— koeppelmann (@koeppelmann) June 1, 2026
Incident Details
The Zodiac Delay Module was designed as a protective layer, enforcing a short cooldown of around three minutes on outgoing transactions to give users time to review or cancel suspicious activity. Attackers reportedly bypassed this mechanism to target funds, primarily EURe (euro stablecoin) and GNO.
PeckShieldAlert flagged the issue publicly, and the Gnosis team quickly shifted from urging immediate withdrawals to assuring full reimbursement due to technical constraints during the exploit.
Deeper Look at Gnosis Pay
Launched in mid-2023, Gnosis Pay stands out as one of the earliest and most ambitious attempts to bridge self-custodial crypto with everyday spending. It offers a Visa debit card directly linked to users’ Gnosis Safe smart contract wallets, allowing spending of stablecoins like EURe without surrendering custody or pre-loading funds.
Key highlights that make Gnosis Pay unique in the crypto card space:
- True Self-Custody: Users maintain full control via Safe smart accounts. No funds are held by a centralized custodian.
- Regulated Stablecoins: Primarily uses EURe, issued by Monerium, a licensed European EMI and legally recognized as electronic money, along with GBPe and USDCe in supported regions.
- Infrastructure Focus: Beyond consumer cards, Gnosis Pay provides white-label B2B tools for wallets, neobanks, and exchanges to issue their own stablecoin cards quickly through APIs.
- Impressive Scale: Recent figures show more than $100 million in total volume processed, over 1.6 million transactions, and more than 50,000 accounts deployed. Cards are accepted at more than 80 million Visa merchants globally.
- Cashback & UX: Users can earn up to 5% cashback in GNO tokens on purchases, with features such as instant virtual cards, Apple Pay and Google Pay support, and programmable spending rules.
Gnosis Pay was built with European regulatory compliance in mind, including MiCA-aligned elements, and emphasizes real-world utility by turning on-chain stablecoins into seamless spending power for daily life, from groceries to international travel.
This positions Gnosis Pay not just as a card product, but also as a decentralized payments infrastructure platform that helps other projects offer self-custodial fiat on-ramps and off-ramps without building everything from scratch.
Market Reaction & Outlook
The GNO token saw immediate selling pressure following the news, though broader market sentiment also influenced price movement. The crypto community has largely reacted positively to Gnosis’ transparent communication and strong reimbursement commitment, something still relatively rare in DeFi security incidents.
The exploit also adds to a growing list of major security incidents impacting the digital asset industry this year. Recent crypto hacks report data shows that attackers continue targeting smart contract infrastructure, cross-chain systems, and wallet-related vulnerabilities, highlighting how even advanced security modules can become potential attack surfaces when exploited.
The event highlights both the promise and the risks of advanced smart contract modules in payment products. While the Delay Module was intended to enhance security, its exploitation demonstrates how even well-intentioned features can introduce new attack surfaces.
Advice for Users
- Monitor official Gnosis Pay and Martin Köppelmann channels for updates.
- Avoid interacting with Delay Modules on affected Safes until the all-clear is issued.
- The team expects most of the damage to be contained.
