{"id":608081,"date":"2026-06-01T12:40:59","date_gmt":"2026-06-01T12:40:59","guid":{"rendered":"https:\/\/Blockchain.News\/news\/gnosis-pay-exploit-delay-module-refunds"},"modified":"2026-06-01T12:40:59","modified_gmt":"2026-06-01T12:40:59","slug":"gnosis-pay-exploit-hits-delay-module-founder-promises-full-refund","status":"publish","type":"post","link":"https:\/\/e-bitco.in\/index.php\/2026\/06\/01\/gnosis-pay-exploit-hits-delay-module-founder-promises-full-refund\/","title":{"rendered":"Gnosis Pay Exploit Hits Delay Module, Founder Promises Full Refund"},"content":{"rendered":"<figure class=\"figure mt-2\">\n<p> <a href=\"https:\/\/blockchain.news\/Profile\/Peter-Zhang\">Peter Zhang<\/a> <span class=\"publication-date ml-2\"> Jun 01, 2026 12:40<\/span> <\/p>\n<p class=\"lead\">Gnosis Pay faces a delay module exploit; co-founder Martin K\u00f6ppelmann pledges to reimburse affected users as the team works to contain the damage.<\/p>\n<p> <a href=\"https:\/\/image.blockchain.news:443\/features\/9BED484F63152ECD2721498B93AEE806A0F7F6C0430821D708627253D13A3405.jpg\" class=\"hero-image-link\"> <img fetchpriority=\"high\" decoding=\"async\" class=\"rounded hero-image\" src=\"https:\/\/image.blockchain.news:443\/features\/9BED484F63152ECD2721498B93AEE806A0F7F6C0430821D708627253D13A3405.jpg\" alt=\"Gnosis Pay Exploit Hits Delay Module, Founder Promises Full Refund\" loading=\"eager\" width=\"1200\" height=\"630\"> <\/a> <\/figure>\n<p>Gnosis Pay, the payment infrastructure tied to the Ethereum-based Gnosis ecosystem, is grappling with an exploit targeting its Delay Module. Co-founder Martin K\u00f6ppelmann confirmed the hack on June 1, 2026, initially urging users to withdraw affected funds in EURe and GNO tokens. However, he later retracted the withdrawal recommendation, acknowledging that most users would be unable to retrieve funds due to the exploit\u2019s nature. K\u00f6ppelmann assured users that Gnosis would fully cover any financial losses incurred.<\/p>\n<p>The delay module, a key part of Gnosis Pay&#8217;s design, queues outgoing transactions for three minutes to ensure settlement accuracy and prevent immediate unauthorized withdrawals. According to former Near Protocol developer Vadim Zacodil, the module\u2019s shared queuing layer, which processes transactions for multiple users simultaneously, was likely the source of the vulnerability. This setup means a single exploit could compromise thousands of user accounts at once, despite the self-custodial nature of individual Safe wallets.<\/p>\n<p>This incident raises fresh security concerns, coming less than a week after a separate exploit on May 25, 2026, drained $3.2 million from 86 Safe wallets. That attack, involving a rogue third-party module called SquidRouterModule, highlighted the risks of integrating unverified modules into Safe wallets. While the Gnosis Safe core protocol was not compromised, the rapid succession of these events has cast a spotlight on module governance and execution risks within the ecosystem.<\/p>\n<h2>Unanswered Questions and Market Impact<\/h2>\n<p>Key details about the current exploit remain unclear, including the total amount stolen, the specific contracts affected, and whether the vulnerability lies in the Delay Module itself or its configuration within Gnosis Pay. Limited communication from Gnosis as of publication has left users and analysts in the dark regarding the exploit\u2019s full scope.<\/p>\n<p>Security firm PeckShield, which amplified K\u00f6ppelmann\u2019s initial withdrawal warning, has yet to release a detailed post-mortem. Meanwhile, Gnosis\u2019s ability to pause infrastructure and commit treasury funds to reimburse users provides some damage control, but it also underscores the dependency on centralized responses in ostensibly decentralized systems.<\/p>\n<h2>DeFi Security Lessons and Broader Trends<\/h2>\n<p>The timing of the Gnosis Pay exploit coincides with a broader trend of reduced crypto losses from hacks. Data from CertiK indicates that May 2026 saw total crypto exploit losses fall to $68.3 million, a sharp 90% drop from April and one of the lowest monthly totals of the year. However, the recent string of module-related hacks targeting Gnosis-affiliated products highlights a persistent vulnerability in the DeFi space: the security of modular smart contract systems.<\/p>\n<p>Gnosis Pay accounts rely on two primary modules: the Delay Module, which enforces the three-minute transaction queue, and the Roles Module, which sets programmable transaction limits. While these features enhance functionality, they also introduce additional attack vectors. The May 25 and June 1 incidents demonstrate how even modules designed to enhance security can become liabilities if exploited.<\/p>\n<p>For traders and DeFi participants, the Gnosis Pay incident underscores the importance of scrutinizing wallet configurations, especially when third-party modules are involved. The focus on maintaining user trust will likely lead to increased scrutiny of module verification processes across the Gnosis ecosystem and beyond.<\/p>\n<p>As the Gnosis team works to contain the current exploit and compensate users, the incident serves as a reminder of the evolving risks in decentralized finance. Until more robust safeguards are implemented, the balance between innovation and security will remain precarious.<\/p>\n<p><span><i>Image source: Shutterstock<\/i><\/span> <!-- Divider --> <!-- Bookmark button -->  <!-- Bookmark button END --> <!-- Author info END --> <!-- Divider --> <a href=\"https:\/\/blockchain.news\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Peter Zhang Jun 01, 2026 12:40 Gnosis Pay faces a delay module exploit; co-founder Martin K\u00f6ppelmann pledges to reimburse affected users as the team works to contain the damage. Gnosis Pay, the payment infrastructure tied to the Ethereum-based Gnosis ecosystem, is grappling with an exploit targeting its Delay Module. Co-founder Martin K\u00f6ppelmann confirmed the hack [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":608082,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[25440,23,6171,25,183],"class_list":{"0":"post-608081","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blockchain","8":"tag-crypto-exploits","9":"tag-defi","10":"tag-gnosis","11":"tag-news","12":"tag-security"},"_links":{"self":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/608081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/comments?post=608081"}],"version-history":[{"count":0,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/608081\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media\/608082"}],"wp:attachment":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media?parent=608081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/categories?post=608081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/tags?post=608081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}