Gnosis Exploit: Active Attack Forces Users to Withdraw Funds Immediately

A critical security alert has just hit the Gnosis ecosystem. Signals of an active attack are circulating across the crypto community, and users are being urged to act fast.

The protocol, widely regarded for its robustness within the DeFi space, now finds itself at the center of an emergency situation that echoes some of the worst exploits seen in recent years.

Here is what we know, what users need to do, and why this type of incident should put the entire sector on high alert.

Gnosis Under Attack: What the Security Alert Reveals

Alerts began spreading across social media and crypto community channels, flagging an active exploit currently underway on the Gnosis protocol. Users holding funds on the platform are being urgently advised to withdraw immediately, without waiting for a full official confirmation.

This type of alert — often first surfaced by on-chain security researchers or white hats — follows a well-established pattern in the DeFi space: a vulnerability is identified or actively exploited, and the reaction window is extremely narrow. Every minute matters when it comes to limiting losses. At this stage, the precise attack vector has not yet been publicly confirmed by the Gnosis team, but caution is non-negotiable.

Gnosis is a blockchain infrastructure known for its multi-signature wallet Safe (formerly Gnosis Safe), used by thousands of DAOs, DeFi protocols, and institutional players to secure billions of dollars in assets. A compromise at this level would have repercussions far beyond the Gnosis Chain protocol alone.

DeFi Exploits: A Systemic Risk the Sector Can No Longer Ignore

Exploits targeting established DeFi protocols are far from rare. In 2024, several hundred million dollars were stolen through smart contract vulnerabilities, flash loan attacks, and private key compromises. Gnosis, given its central position within Web3 infrastructure, represents a prime target for sophisticated malicious actors.

This type of incident highlights a structural reality: even audited, battle-tested protocols are not immune. Attack vectors are constantly evolving — reentrancy, oracle manipulation, bridge exploits — and security teams must operate in a state of permanent reactive readiness. For users, the golden rule remains unchanged: never leave funds sitting idle on a protocol without monitoring security alerts.

While awaiting an official post-mortem from the Gnosis team, the following steps are strongly recommended:

• Immediately withdraw all funds deposited in the affected Gnosis contracts
• Revoke all smart contract approvals using tools such as Revoke.cash
• Monitor official Gnosis channels (Twitter/X, Discord) for real-time updates
• Do not interact with the protocol until a patch has been confirmed and audited

What This Exploit Reveals About Security in the Web3 Ecosystem

Beyond the Gnosis case itself, this incident is part of a broader trend: attackers are now targeting infrastructure layers — multi-sig wallets, bridges, governance protocols — rather than focusing solely on lending protocols or AMMs. The attack surface has expanded considerably as the DeFi ecosystem has grown in complexity.

For institutional investors and DAOs relying on Gnosis Safe as a custody solution, the alert is particularly serious. An exploit targeting a multi-sig contract can result in total loss of funds if signature thresholds are bypassed or if a third-party dependency is compromised. Security due diligence is no longer optional in this environment — it is a survival requirement for any serious player in the space.

The coming hours will be decisive in assessing the true scale of the exploit and the Gnosis team’s response. InvestX will continue to monitor the situation and will publish an update as soon as verifiable on-chain data becomes available.