What happened to Gnosis Pay in June 2026?

Gnosis Pay offers a self-custody crypto card with a delay module that imposes a three-minute wait on outgoing transactions to protect users. An attacker found a bug that allowed bypassing this protection.

How much did the TesseraDAO exploit cost?

An attacker minted 99 million TSR tokens on BNB Chain and swapped them for roughly 2.5 million dollars in USDT, crashing the TSR price by about 99 percent.

What is a mint-and-dump exploit?

It is when an attacker creates a large supply of tokens through a contract flaw or permission, then quickly sells that supply into the market. The flood of tokens crashes the price while the attacker keeps the proceeds.

Why did the TesseraDAO attacker use Tornado Cash?

After bridging about 1,285.5 ETH to Ethereum, the attacker sent the funds through Tornado Cash, a mixing protocol used to obscure transaction trails and make stolen funds harder to trace.

How can users reduce their risk of token exploits?

Verify official apps before connecting a wallet, be cautious with new or low-liquidity tokens, and watch for sudden supply changes that can signal a mint exploit. This is not financial advice.

June Crypto Hacks Climb as Gnosis Pay and TesseraDAO Get Exploited

June 5, 2026 — By Tony Rabbit in Markets

Two fresh exploits hit crypto in the first days of June 2026. Gnosis Pay saw a card protection bypassed, while TesseraDAO lost about 2.5 million dollars to a mint-and-dump attack laundered through Tornado Cash.

The first days of June 2026 brought two more entries to a growing list of crypto hacks. Two separate exploits hit different parts of the market: Gnosis Pay, a self-custody crypto card platform, and TesseraDAO, a token project on BNB Chain. Neither incident was small, and both added to a tally of losses that has been climbing through the year.

The attacks landed within days of each other and followed playbooks that have become familiar in 2026. One targeted a safety feature meant to slow down theft. The other used a classic mint-and-dump scheme, then pushed the proceeds through a mixing protocol to hide the trail. Here is what happened, explained in plain terms, along with simple steps users can take to stay safer.

What Happened to Gnosis Pay

Gnosis Pay offers a self-custody crypto card, a product that lets users spend crypto directly while keeping control of their own funds rather than handing them to a central custodian. To protect users, the platform built in a feature it calls a delay module. The idea is straightforward: when an outgoing transaction is requested, the system imposes a three-minute wait before it goes through. That short pause is meant to give a user time to spot and cancel a malicious or mistaken transfer before any money leaves.

An attacker found a bug that allowed bypassing this protection. By getting around the delay module, the exploiter could push transactions through without the built-in waiting period that was supposed to act as a last line of defense. Security features like time delays are common across self-custody products precisely because they add friction for attackers, so a bypass undermines the core promise of the design.

Illustration of a self-custody crypto card with a time-delay safety feature being bypassed

The TesseraDAO Exploit

The TesseraDAO incident was larger in dollar terms and more aggressive in execution. An attacker minted 99 million TSR tokens on BNB Chain and then swapped them for roughly 2.5 million dollars in USDT, a dollar-pegged stablecoin. The flood of newly created tokens hitting the market crashed the TSR price by about 99 percent, wiping out most of the token's value almost instantly.

The exploiter did not stop there. After cashing out, the attacker bridged the funds from BNB Chain to Ethereum and then laundered them, sending about 1,285.5 ETH through Tornado Cash, a mixing protocol used to obscure where funds came from and where they went. The combination of steps is what made the attack effective: mint, dump, bridge, and launder.

How a Mint-and-Dump Exploit Works

At a high level, a mint-and-dump exploit relies on the attacker being able to create new tokens out of thin air. If a smart contract has a flaw or a permission that lets someone mint a large supply, that person can suddenly hold a huge number of tokens that did not exist a moment earlier.

The next step is the dump. The attacker quickly sells those freshly minted tokens into a market, often swapping them for a stablecoin or another asset with real value. Because the market only has so much liquidity, dumping a massive supply pushes the price down sharply, which is why TSR fell by roughly 99 percent. The attacker walks away with valuable assets while ordinary holders are left with tokens worth a fraction of what they paid.

How Laundering Through a Mixer Works

Once an attacker has valuable funds, the goal shifts to hiding the trail. Public blockchains record every transaction, so anyone can follow the money from one address to the next. A mixing protocol like Tornado Cash is designed to break that visible chain. In simple terms, a mixer pools together deposits from many different sources and then lets users withdraw funds in a way that makes it hard to link a specific withdrawal back to a specific deposit.

Bridging adds another layer. By moving funds from BNB Chain to Ethereum first, the attacker shifts the money across networks before mixing it, which complicates tracing even further. None of this is a guide to wrongdoing; it simply explains why investigators often lose sight of stolen funds after they pass through a bridge and a mixer.

A Familiar Pattern in 2026

The TesseraDAO attack followed a pattern that has shown up repeatedly this year: mint, dump, bridge, launder. Each stage handles a different problem for the attacker. Minting creates the assets, dumping converts them to something useful, bridging moves them away from the scene, and laundering hides the destination.

Diagram showing the mint dump bridge and launder stages of a token exploit

The broader context is sobering. Hackers have drained large sums across 2026, including hundreds of millions of dollars from cross-chain bridges, which sit between networks and hold pooled assets that make them attractive targets. The Gnosis Pay and TesseraDAO exploits are two more data points in a year where attackers have repeatedly found and used weaknesses, whether in a safety module or in a token contract's minting permissions.

How to Stay Safe

Users cannot prevent every exploit, but a few habits reduce exposure. Always verify that you are using an official app or website before connecting a wallet or entering credentials, since fake clones are common. Be cautious with new or low-liquidity tokens, where a single large sell can move the price dramatically and where contract risks are harder to assess.

Watch for sudden supply changes. A token whose total supply jumps without a clear, announced reason can be a warning sign of a mint exploit in progress. Tools that show on-chain data can help here. Before trading, checking a token's supply and liquidity on a platform like DEXTools can give you a clearer picture of what you are buying. None of this is financial advice, but a little verification goes a long way.

Bottom Line

The Gnosis Pay and TesseraDAO exploits show two ends of the same problem. One attack defeated a feature built to protect users, and the other turned a contract flaw into roughly 2.5 million dollars before vanishing through a bridge and a mixer. As the 2026 hack tally keeps climbing, the basic lessons stay the same: verify what you use, stay wary of unfamiliar tokens, and pay attention to the on-chain data that can flag trouble early.