Gnosis Pay Fixes ERC1271 Signature-Validation Flaw After June 1 Incident

AI Market Summary
Gnosis Pay disclosed a June 1 exploit tied to flawed ERC1271 signature validation in a Zodiac module, enabling unauthorized withdrawals by contracts that reverted but still returned a "valid" indicator. Roughly $1.5M was drained across 5,281 wallets (including ~$641k GNO), with an additional ~$300k stranded. Although patched June 5, the incident heightens smart-contract risk perceptions and could pressure Gnosis-linked assets and DeFi security sentiment.
Impact level
● Medium
AI InsightAI Insight
▼ Bearish
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Gnosis Pay published a post-incident review of a June 1 security event, attributing the issue to a flaw in ERC1271 signature validation logic in the Zodiac module. The system relied on a contract's returned value without confirming the underlying call executed successfully. Attackers reportedly exploited this by deploying a contract designed to revert while still returning a "valid" indicator, enabling unauthorized withdrawals from accounts they did not control. The vulnerability was introduced in October 2023 with Zodiac version 3.4.0 and was patched on June 5. Gnosis Pay said attackers withdrew roughly $1.5 million across 5,281 wallets, including about $641,000 in GNO, $453,000 in EURe, and $399,000 in USDC.e. A further $300,000 remains locked in inaccessible accounts, and the team is assessing recovery paths. Gnosis Pay added it plans to expand its security team, engage external auditors, and widen the scope of its smart-contract audit program.