Headline: Active exploit hits Gnosis Pay’s Zodiac delay module — users urged to withdraw EURe and GNO Gnosis Pay users were told to pull funds immediately after an active exploit was linked to the platform’s Zodiac delay module, according to posts from Gnosis co-founder Martin Köppelmann and blockchain security firm PeckShield. “If you are a Gnosis Pay user – unfortunately I have to recommend: withdraw all funds (EURe and GNO),” Köppelmann wrote on X, warning that the delay module contains a bug and users “might be affected.” PeckShield echoed the alert, urging users to “check your exposure, as you may be affected” and to withdraw EURe and GNO. What’s happening Gnosis Pay is built on Safe-based accounts that rely on smart contract modules. Köppelmann later explained that the vulnerability is in the Zodiac delay module: the attacker is reportedly able to initiate transactions from Safes that use that delay module. In normal operation the Delay Module imposes a short waiting period on outgoing transactions so users can react before transfers complete; the bug appears to let an attacker bypass that protection. Containment and response Gnosis said it is taking multiple steps to contain the damage, including asking bridge validators to pause activity — a move intended to slow or prevent cross-chain movement of affected funds. Köppelmann also pledged that “Gnosis will cover all user losses.” At the time of the warnings there was no published total for losses, and the team has not yet released a full post-mortem or a tally of affected accounts. Background and implications Gnosis Pay launched a self-custody card for spending crypto at Visa merchants, connecting blockchain wallets to real-world payments via smart-contract-controlled accounts. That design depends on modules like the Delay and Roles modules to govern permissions and timing, so vulnerabilities in those modules can have direct, material consequences for users’ funds. Status and user guidance Gnosis Pay has not been described as shut down — but both Köppelmann and PeckShield strongly recommend that users withdraw their EURe and GNO while the team works to contain the exploit. Users should monitor official Gnosis channels for updates and check any connected Safes for suspicious transactions. Read more AI-generated news on: undefined/news