Gnosis Pay released a post-incident report on a June 1 security event, attributing the breach to a flaw in the ERC-1271 signature verification logic within the Zodiac module. According to Foresight News, the system only read the contract’s return value and did not verify whether the call executed successfully, allowing an attacker to deploy a contract designed to fail while still returning a “valid” indicator.
The report said the attacker used the weakness to forge authorization and withdraw funds from accounts that did not belong to them. The vulnerability was introduced with Zodiac code version 3.4.0 in October 2023 and was fixed on June 5.
Gnosis Pay said the attacker withdrew about $1.5 million affecting 5,281 wallets. The stolen funds included about $641,000 in GNO, about $453,000 in EURe, and about $399,000 in USDC.e.
The report also noted that about $300,000 remains locked in inaccessible accounts, and the team is exploring options to recover those funds.
Gnosis Pay said it plans to expand its security team, bring in external audits, and broaden the scope of smart contract audits. It also said it has completed a full product rebuild (v2) to improve its security response capabilities.
Gnosis Pay Reports $1.5 Million Loss in June 1 Security Incident Linked to Zodiac Module Flaw
2026-07-03 13:43:40
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.