Gnosis Pay has revealed that a hidden vulnerability in the Zodiac smart contract framework, present since October 2023, enabled the theft of $1.5 million from its card safe infrastructure on June 1, 2026. The flaw, traced to version 3.4.0 of the framework, was exploited to gain control of digital assets across the decentralized self-custodial payment network, affecting 5,281 wallets holding at least $1 each.
The company’s treasury manager NOCA detected the first unauthorized transfer at 06:17 UTC, and engineers identified the root cause within two hours. Services were suspended, the bridge to Gnosis Chain was temporarily halted, and attacker wallet addresses were shared with stablecoin issuers. By the night of June 3, the first accounts were restored after deploying new card-safe modules, with 99% of users back online by June 6. Gnosis Pay absorbed the losses, fully reimbursing customers, though roughly $300,000 remains unrecovered. The attackers stole mostly GNO, EURe, USDC.e, and other assets.
Meanwhile, French police in Gassin–Saint-Tropez arrested a mother and son on June 25 for a “rip deal” that defrauded a wealthy couple of €1.5 million ($1.8 million) in crypto. The suspects posed as intermediaries for a fake villa sale in Ramatuelle, inviting the sellers to Milan. During a second meeting, they allegedly used hidden camera glasses to capture wallet credentials, then drained the victims’ crypto holdings. The pair, with prior similar offenses, face organized fraud charges and appear in court on September 1. French authorities also noted a rise in crypto-related kidnappings and extortion, with 77 cases in 2026, up from 45 in 2025.