The Gnosis Pay Hack: How a Tiny Missing Check Let an Attacker Fake a Signature

Most crypto hacks that make headlines are about scale — a bridge drained of $290 million, an exchange wallet emptied overnight. The Gnosis Pay incident is the opposite kind of story. The dollar figure is almost modest: about $265,000. What makes it worth your attention is how it happened, because it's one of the cleanest examples you'll ever see of a single missing line of code turning a safety feature into an open door.

What happened

On or around June 1, 2026, an attacker drained roughly $265K in EURe and GNO from dozens of user accounts ("Safes") connected to Gnosis Pay, the crypto debit-card product built on Gnosis Chain. The vulnerable component was the Zodiac Delay Module (v1.1.0) — a contract that queues certain non-card transactions and enforces a short cooldown before they can run.

That design is sound. A withdrawal gets queued, waits out the delay, and only then becomes executable. The point is to give a user time to notice and react if something looks wrong. The failure wasn't the delay. It was how the module decided a transaction was authorized in the first place.

The bug, in plain English

To check whether a smart contract had "signed off" on a transaction, the code used a common standard called ERC-1271. In that standard, a contract is asked "is this signature valid?" and is expected to answer with a specific four-byte magic value (0x1626ba7e) if the answer is yes.

Here's the catch. The Gnosis Pay code only checked whether the first four bytes of the returned data matched that magic value. But in Ethereum, when a call fails and reverts, it also returns data — and that revert data is controlled by whoever wrote the failing contract.

So the attacker deployed a contract designed to be reached through that verification path and to revert with a message whose first four bytes were exactly the "valid" magic value. The check saw the right bytes, shrugged, and accepted a failed call as a legitimate, approved signature. From there, malicious transactions sailed into the queue and, after the short delay, out went the funds.

The part that stings

According to the post-mortem from security researchers, the developers had already found and quietly fixed this exact bug months earlier — in a different code repository — but the deployed Gnosis Pay contracts were never patched. The knowledge existed. The fix existed. It just never reached the code that was actually holding people's money.

That's the most human failure in the whole episode, and the most common. In crypto, a vulnerability you've privately patched in one place is still a live vulnerability everywhere you haven't.

What you should take from it

You're probably not auditing Solidity. But the lessons translate directly to how you keep your own funds safe:

• "Smart contract" doesn't mean "safe contract." Code runs exactly as written, bugs included. Before you let a contract hold real money, lean on the same instincts we walk through in how to spot a crypto scam before it costs you money — assume nothing is bulletproof.
• Newer, fancier products carry newer, fancier risks. A crypto debit card is genuinely useful, but it's a young, complex piece of infrastructure. The convenience comes with surface area for exactly this kind of bug. It's the same trade-off we lay out in self-custody vs. keeping crypto on an exchange.
• Keep your serious money cold. Hot, connected wallets — including the ones behind spending products — are where this kind of attack plays out. The case for a hardware wallet for the funds you can't afford to lose gets a little stronger with every incident like this.

This is also a useful reminder of what DeFi actually is under the hood: not a bank with a help desk, but software that does precisely what its code says — and only what its code says. When the code says "a failed call counts as a signature," that's the rule the money plays by, whether anyone meant it or not.

The good news is that $265K is a cheap tuition for a lesson the whole industry needed reprinted: verify that a call succeeded, not just that it returned the right-looking bytes — and when you fix a bug, fix it everywhere it lives.