Gnosis Pay exploit: delays blamed as co-founder vows refunds
The Gnosis Pay exploit is under active investigation after co-founder Martin Köppelmann acknowledged an ongoing hack tied to the system’s delay module. He initially urged users to withdraw EURe and GNO, but later walked back that advice and deleted the warning, saying most users may not be able to withdraw in practice. He reiterated that the team is containing the damage and will make users whole.
The article highlights that key details remain unclear: how much was stolen, which contracts or users are affected, and whether the root cause is the Zodiac delay module configuration inside Gnosis Pay or a broader architectural flaw. A former Near protocol core developer, Vadim Zacodil, said the design funnels self-custody Safe transactions through a shared “delay” layer. If that layer is compromised, malicious withdrawals could be queued across many Safes at once, even if individual keys are not moved.
This incident follows another Safe ecosystem module exploit days earlier, where a SquidRouterModule contract abuse reportedly drained about $3.2M from ~86 Safes across Ethereum and Base. In the wider market, CertiK data showed total crypto exploit losses dropped to about $68.3M in May (roughly 90% lower than April), but the Gnosis Pay exploit adds near-term protocol-specific risk.
For traders, the Gnosis Pay exploit may increase short-term concern around Safe-related infrastructure and transaction-queueing components, while the refund pledge could limit broader panic if verified.
Bearish
The Gnosis Pay exploit is a protocol-specific security incident tied to the delay module, and that kind of “transaction queue/forwarding” compromise can create wide blast radius across many users even without key theft. That typically triggers near-term risk-off positioning in affected ecosystems (Safe-integrations, queued-transaction designs, related DeFi liquidity), hence bearish.
However, Köppelmann’s refund pledge and the broader context of improving month-over-month exploit losses (CertiK citing ~90% decline in May vs April) can dampen the downside and reduce panic if verifiable. Still, uncertainty remains around stolen amounts and affected contracts/users, which usually keeps volatility elevated.
Historically, major wallet/module exploits (e.g., past Safe ecosystem module abuses and queue-routing failures) tend to cause short-term price pressure on ecosystem tokens and higher spreads/liquidity discounts, even when eventual remediation follows. Long-term impact depends on whether Gnosis can clearly identify root cause, pause/patch infrastructure quickly, and confirm refunds without further incidents.