Gnosis Pay has disclosed that a software vulnerability, which has been in place since October 2023, was responsible for its recent $1.5 million hack. The company has confirmed that all impacted users have been fully compensated.

Details of the Security Breach

The hack was traced back to a flaw in version 3.4.0 of the Zodiac smart contract framework, which had gone unnoticed since October 30, 2023. The vulnerability was exploited on June 1, allowing cybercriminals to seize approximately $1.5 million in digital assets from its decentralized payment network.

According to a postmortem report released by Gnosis Pay, the first unauthorized transaction was flagged by their monitoring systems at 06:17 UTC on June 1. Engineers managed to determine the root cause of the issue within an hour and 45 minutes. They quickly suspended card services and halted operations on their bridge to the Gnosis Chain while notifying stablecoin issuers of the attacker’s wallet addresses, which were essential for tracing the stolen cryptocurrency. Additionally, the company reached out to external projects that might have been at risk due to the same vulnerability.

Steps Taken Post-Incident

Following the incident, Gnosis Pay worked swiftly to restore user access in stages. On the evening of June 3, the first users had their access to payment cards and account balances reinstated after the installation of new security measures. By June 6, service had been restored for 99% of users, with the remaining accounts being recovered shortly thereafter.

Gnosis Pay took on the financial burden of the hack, ensuring that none of the users faced losses. The postmortem revealed the attackers primarily stole digital assets including GNO, EURe, and USDC.e, with ongoing recovery efforts focusing on approximately $300,000 in assets that have yet to be reclaimed.

Impact on Crypto Security

The recent breach has drawn attention to the broader issue of security in the cryptocurrency space, as companies face increasing cyber threats. The report highlighted that 5,281 wallets with balances exceeding $1 were compromised during the exploit. Additionally, the attack impacted two key components of Gnosis Pay’s card safe infrastructure: the Delay Module and the Roles Module. The hacker’s wallet address, identified as 0x5a7…7a35, was made public by Gnosis Pay as part of their transparency efforts.

This incident adds to the ongoing discussion surrounding crypto security as firms and governments strive to address escalating cyber risks. As the industry continues to evolve, the focus on robust security measures remains critical.