TheBlock
Gnosis co-founder and CEO Martin Koppelmann confirmed Monday that an active exploit targeting Gnosis Pay has been traced to the Zodiac delay module — a permission layer that queues transactions before execution. The attacker is able to initiate transactions directly from Safe wallets carrying the module, prompting Gnosis to request bridge validators pause operations as part of its containment effort.
Koppelmann posted an early alert urging users to withdraw EURe and GNO immediately, then deleted it, acknowledging that most users would be unable to act in time. In an updated statement on X, he pledged that Gnosis will cover all user losses and said the team believes it can contain the majority of the damage. The total amount drained has not yet been confirmed.
The incident is the second major security event to hit the Gnosis ecosystem in days. A separate exploit earlier this week drained $3.2 million from 86 Gnosis Safe wallets via a vulnerable third-party module called SquidRouterModule. Monday's attack sits within Gnosis Pay's own system — not Safe's core contracts — though the two products share Safe's smart contract wallet infrastructure at their foundation.
CoinDesk
CoinTelegraph