Gnosis Pay Identifies Flaw in ERC1271 Signature Validation

AI Market Summary
Gnosis Pay's post-incident review details an ERC1271 signature-validation flaw in the Zodiac module that enabled forged authorizations and unauthorized withdrawals. Attackers extracted roughly $1.5m across 5,281 wallets, including ~$641k in GNO, with another ~$300k stuck in inaccessible accounts. Although patched and followed by a v2 rebuild plus expanded audits, the disclosure may weigh on near-term confidence in Gnosis-linked smart-contract security.
Impact level
● Medium
AI InsightAI Insight
▼ Bearish
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Gnosis Pay has published a post-incident review of a June 1 security breach, attributing the issue to a bug in ERC1271 signature verification logic within the Zodiac module, according to ME News. The system checked only a contract's return value and did not confirm whether the call executed successfully. Attackers allegedly leveraged this by deploying a contract that deliberately failed while still returning a "valid" indicator, enabling them to forge authorizations and withdraw funds from accounts they did not control. The vulnerability was introduced in Zodiac code version 3.4.0 in October 2023 and was patched on June 5. The report estimates about $1.5 million was withdrawn across 5,281 wallets, including roughly $641,000 in GNO, $453,000 in EURe, and $399,000 in USDC.e. Around $300,000 remains locked in inaccessible accounts, and the team said it is exploring recovery options. Gnosis Pay said it will expand its security team, bring in external audits, and widen the scope of smart contract reviews. It also noted it has completed a full product rebuild (v2) aimed at strengthening its security response capabilities. (Source: Foresight News)