Gnosis Pay has revealed that a software flaw dating back to October 2023 enabled the $1.5 million exploit of its card safe infrastructure, while confirming that all affected users have been fully reimbursed.

Summary

  • Gnosis Pay traced its $1.5 million hack to a Zodiac software flaw that had existed since October 2023.
  • The company reimbursed all affected users, restored services within days, and continues recovering about $300,000.
  • The incident adds to growing scrutiny of crypto security as firms and governments respond to rising cyber threats.

According to a postmortem published by Gnosis Pay on Friday, the vulnerability was traced to version 3.4.0 of the Zodiac smart contract framework and had remained undiscovered since Oct. 30, 2023.

The company said the weakness was exploited on June 1, allowing attackers to gain control of about $1.5 million in digital assets held across its decentralized self-custodial payment network.

The report states that Gnosis Pay’s monitoring systems, operated by treasury manager NOCA, detected the first unauthorized transfer at 06:17 UTC on June 1. Engineers identified the root cause within two hours of the initial alert, after which the company suspended card services, temporarily halted its bridge to Gnosis Chain, and shared attacker wallet addresses with stablecoin issuers to help trace the stolen funds. Gnosis Pay also notified external projects that could have been exposed to the same vulnerability.

Funds restored after staged recovery

Following the incident, Gnosis Pay restored customer access in several phases. The company said the first affected accounts regained access to their balances and payment cards by the night of June 3 after new card-safe modules had been deployed. Installation continued over the following days, restoring service for 99% of users by June 6, while the remaining accounts were recovered shortly afterward.

Gnosis Pay said it absorbed the financial losses itself, leaving customers with no losses from the exploit. According to the postmortem, the attackers stole mostly GNO, EURe, USDC.e, and several other digital assets. The company added that roughly $300,000 worth of assets had not yet been recovered and recovery efforts remain ongoing.

The report also disclosed that 5,281 wallets holding at least $1 were affected by the exploit. Gnosis Pay published the attacker’s wallet address used during the incident, identifying it as 0x5a7…7a35, while explaining that the exploit targeted two components within its card safe infrastructure, the Delay Module and the Roles Module.

Smart contract exploits continue to pressure crypto platforms

The disclosure comes as security incidents continue to affect crypto infrastructure providers. As crypto.news reported earlier, Humanity Protocol recently confirmed it is repositioning toward enterprise artificial intelligence products after a $36 million exploit accelerated an internal restructuring that had already been under consideration for several months.

During an interview, Humanity Protocol founder Terence Kwok said the company had been reviewing its long-term direction for six to nine months before the breach. He explained that the exploit sped up those plans, while adding that digital identity will remain central because enterprise AI systems will require reliable ways to verify people and credentials.

Meanwhile, concerns over crypto-related cybercrime have also reached government leaders. Earlier, G7 leaders issued a joint statement after their summit in Evian-les-Bains, France, calling for coordinated action against North Korea’s cryptocurrency thefts and cybercrimes.

The statement linked the issue to long-standing concerns that stolen digital assets have helped finance Pyongyang’s nuclear and ballistic missile programs under international sanctions, a claim repeatedly supported by Western governments and blockchain analytics firms.



Source link


author

Leave a Reply

Your email address will not be published. Required fields are marked *