Best crypto insights delivered straight to your inbox.
Exploit hits Gnosis Pay, TesseraDAO loses $2.5M as June hacks start to climb
- Two exploits in the first two days of June cost crypto projects at least $2.5 million
- Gnosis Pay’s delay module was compromised, and TesseraDAO’s token was minted and dumped on BNB Chain.
- Monthly attack counts keep rising even as individual losses fluctuate. Now the total from bridge-related exploits alone has reached $340.7 million.
The cryptocurrency market has already suffered from two separate exploits affecting Gnosis Pay and TesseraDAO in the first days of June, leading to the loss of millions.
The cryptocurrency industry has been plagued with a string of exploits that have renewed the debate about whether or not AI-powered tools are helping exploiters discover vulnerabilities faster.
What happened to Gnosis Pay?
Gnosis Pay, a platform offering a self-custody crypto card, was one of the targets of an exploit this week. The platform has a “delay module” feature designed to protect users, and under normal conditions, it imposes a three-minute wait on outgoing transactions to give users time to react.
However, a bug allowed an attacker to bypass this protection. Gnosis Pay posted on X (formerly Twitter) at the beginning of June that it was investigating the vulnerability. The company’s co-founder, Martin Köppelmann, urged users to withdraw their funds immediately.
“If you are a Gnosis Pay user – unfortunately I have to recommend: withdraw all funds (EURe and GNO),” he wrote.
He also confirmed that Gnosis would cover all user losses.
The team also requested bridge validators to pause activity in order to stop the cross-chain movement of potentially affected funds. As of now, Gnosis has not published a full post-mortem report detailing the total amount drained.
Some users on social media compared this incident to an earlier exploit of a third-party Safe module, but no direct connection between the two events has been established.
TesseraDAO loses $2.5 million in mint and dump attack
Approximately 19 hours before it was made public, an attacker minted 99 million TSR tokens on BNB Chain and swapped them for roughly $2.5 million in USDT, causing the price of TSR to crash by 99%.
After the swap, the exploiter moved the stolen funds across chains to Ethereum and began laundering the money. PeckShield reported that the exploiter had already sent 1,285.5 ETH through Tornado Cash, a mixing protocol used to hide transaction trails.
TesseraDAO has not yet issued a public response to the exploit.
The TesseraDAO exploit followed a pattern that has become common in 2026: mint, dump, bridge, launder. PeckShield separately reported that as of June 1, the crypto industry had suffered 14 major cross-chain and bridge-related exploits in 2026, with hackers extracting a cumulative $340.7 million from bridging protocols alone.
In April 2026, Cryptopolitan reported that $625 million was stolen across roughly 28 to 30 separate attacks. The Drift Protocol ($285 million) and KelpDAO ($293 million) hacks accounted for nearly all of that damage.
In May, CertiK’s monthly report revealed 60 confirmed incidents, the highest monthly tally of 2026, resulting in approximately $68.3 million in gross losses. Code vulnerabilities drove 66% of those losses at $45.13 million, while bridge exploits pulled in the largest dollar figure by incident type at $28.62 million. $9.38 million of the stolen funds were recovered in May, representing a recovery rate of about 13.7%.
Manuel Araoz, the founder of blockchain security firm OpenZeppelin, recently warned that he considers “all of DeFi unsafe,” arguing that coding agents are better at finding vulnerabilities than human defenders are at patching them.
Slow Mist’s founder has also called on DeFi teams to deploy AI defensively and run attack simulations at least once per quarter.
If you're reading this, you’re already ahead. Stay there with our newsletter.
FAQs
What happened to Gnosis Pay?
A bug in Gnosis Pay's delay module, a security feature that adds a three-minute wait to outgoing card transactions, was exploited on June 1. Co-founder Martin Köppelmann confirmed Gnosis will cover all affected user losses.
How much did the TesseraDAO attacker steal?
The attacker minted 99 million TSR tokens on BNB Chain, swapped them for approximately $2.5 million in USDT, and laundered the proceeds through 1,285.5 ETH via Tornado Cash.
How much has been lost to crypto bridge exploits in 2026?
PeckShield reported that as of June 1, 2026, 14 major cross-chain and bridge-related exploits had resulted in cumulative losses of $340.7 million.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)