Gnosis Pay Fully Refunds Users After $1.5M Card Safe Exploit
Gnosis Pay says it absorbed losses from a June 1 breach tied to a Zodiac module flaw, refunding all 5,281 affected wallets in full.

Gnosis Pay has published a detailed postmortem confirming that all users affected by a June 1, 2026 security breach have been fully reimbursed, with the company absorbing every dollar of the loss. The self-custodial crypto payment network said attackers exploited a vulnerability in its card safe infrastructure tied to the Zodiac module, draining roughly $1.5 million in digital assets from user accounts.
According to the report released Friday, 5,281 wallets were affected by the incident, and Gnosis Pay says every one of them has now been made whole. The company confirmed the refund and linked to its full technical writeup in a post on its official X account, stating: “On 1 June, Gnosis Pay experienced a security incident affecting card accounts. All affected balances were restored. Post-mortem here.”
Root Cause Traced Within Hours
Gnosis Pay’s postmortem lays out a detailed timeline of the attack. The first unauthorized transfer was flagged at 06:17 UTC on June 1 by monitoring systems operated by treasury manager NOCA, according to the report.
The company said its engineering team pinpointed the root cause of the breach within roughly two hours of that initial alert — a fast turnaround for an active exploit involving live user funds. That speed allowed Gnosis Pay to move into containment mode before the incident could widen further, per the disclosure.
Card Services Suspended, Bridge Halted
Once the vulnerability was identified, Gnosis Pay immediately suspended all card services and temporarily paused its bridge to Gnosis Chain to prevent additional funds from being moved out, the postmortem states. The team also shared the attackers’ wallet addresses with stablecoin issuers in an effort to help trace and potentially freeze stolen assets.
Gnosis Pay said it further notified other external projects that could have been exposed to the same underlying flaw in the Zodiac module, a component used within its card safe infrastructure. The company has not detailed publicly what technical fix has since been deployed beyond confirming the vulnerability has been addressed as part of restoring service.
Full Reimbursement Without Passing Losses to Users
Rather than socializing losses across its user base or relying on external insurance, Gnosis Pay opted to cover the roughly $1.5 million shortfall itself, restoring balances for all 5,281 affected wallets. The approach mirrors a growing trend among crypto-native payment and custody providers to prioritize user trust after security incidents by absorbing costs directly rather than leaving customers exposed.
The incident adds to a string of exploits this year targeting infrastructure connecting self-custodial wallets to card payment rails, an area that has expanded rapidly as crypto-linked debit and credit products gain adoption. Gnosis Pay’s rapid detection and full-refund response may serve as a reference point for how other providers handle similar breaches going forward.
Read more: Report: Alleged Iran-Linked Spy Network Paid Recruits as Little as $1,379 in Crypto
Leave a Reply