- Gnosis confirmed an active exploit involving Gnosis Pay and the Zodiac delay module.
- Co-founder Martin Koppelmann said all affected users will be fully reimbursed for any losses.
- The incident highlights the risks of smart contract modules and the growing importance of user protection in crypto.
Crypto has become painfully familiar with smart contract exploits. One day a protocol is operating normally, and the next day users are refreshing timelines, checking wallets, and hoping the damage is contained. This time, the incident involves Gnosis Pay and a vulnerability connected to the Zodiac delay module.
Gnosis confirmed that attackers are actively exploiting an issue tied to the module, which is used to queue transactions before execution. According to co-founder and CEO Martin Koppelmann, the attacker was able to initiate transactions from certain Safe wallets configured with the affected setup. While the investigation is still ongoing, Gnosis moved quickly to make one point clear: affected users will be fully reimbursed.
Gnosis Moves Quickly to Contain the Attack
The team said it is actively working to contain the exploit and has asked bridge validators to temporarily pause activity where possible. Koppelmann initially urged users to withdraw funds, though he later clarified that many users would not be able to do so while containment efforts were underway.
That kind of confusion is not unusual during an active security incident. Information changes quickly, teams are trying to stop further losses, and users want clear instructions immediately. Still, Gnosis appears to be prioritizing containment first, which is usually the right call when an exploit may still be ongoing.
Safe Core Contracts Are Not Affected
One important clarification from Gnosis is that the issue does not affect Safe’s core wallet contracts. The vulnerability appears to be connected specifically to the Zodiac delay module used within the Gnosis Pay ecosystem.
That distinction matters because optional modules and wallet extensions add flexibility, but they can also introduce new attack surfaces. The core wallet may remain secure while additional components create separate risks. This has become an increasingly important topic as more crypto wallets and payment systems rely on modular infrastructure.
Reimbursement Could Help Preserve Trust
No protocol wants to be known for an exploit, but the response often matters almost as much as the incident itself. Gnosis has already committed to covering user losses, which separates this case from many crypto security failures where users are left waiting, guessing, or simply absorbing the damage themselves.
In traditional finance, customer protection is expected. In crypto, it is still inconsistent. By publicly acknowledging the problem, coordinating containment, and promising reimbursement, Gnosis is trying to protect user trust before panic spreads too far. If the reimbursement process is handled smoothly, it could help restore confidence despite the seriousness of the breach.
User Protection Is Becoming Part of Crypto Infrastructure
The Gnosis Pay exploit is another reminder that smart contract security remains one of the industry’s biggest challenges. Even well-known ecosystems can face risks when complex modules, wallets, bridges, and payment tools interact.
At the same time, the response shows that crypto crisis management may be maturing. Instead of distancing itself from responsibility, Gnosis is committing to make users whole. As the industry grows, that kind of accountability may become just as important as technical innovation itself. Security failures will still happen, unfortunately, but how projects respond will increasingly determine whether users stay.
