'Gnosis will cover all user losses' amid exploit related to Gnosis Pay, co-founder Koppelmann says

Gnosis co-founder and CEO Martin Koppelmann confirmed Monday an active exploit related to Gnosis Pay involving the Zodiac delay module.

"Unfortunately, there is a hack related to Gnosis Pay and the 'delay module.' Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses," Koppelmann wrote on X. Blockchain security firm PeckShield had also flagged the active exploit, warning users to check their exposure.

The attack exploited the Zodiac delay module, a permission layer that allows transactions to be queued before execution. Koppelmann said the attacker is able to initiate transactions from Safe wallets carrying such a module, and that Gnosis is asking bridge validators to pause as part of its containment response.

Koppelmann had posted an earlier alert urging all Gnosis Pay users to withdraw EURe and GNO immediately, but deleted that post ahead of the updated statement. "Deleted an earlier tweet that asked users to withdraw funds," Koppelmann said. "Most users will not be able to do so, but we are actively working to contain the damage. We believe we can contain the majority of it, and in any case, we will ensure that all users are made whole."