How to check if you're affected and what to do

A vulnerability has been disclosed in certain third-party Zodiac modules. This guide helps you check whether your account is affected and, if so, how to resolve it.

Important: this is an issue in third-party Zodiac modules, not in Safe. The Safe smart contracts, the Safe{Wallet} app, Safe infrastructure, and the Account Recovery feature are not affected and require no action. You are only potentially affected if you have enabled one of the specific affected Zodiac modules on your account.

Am I affected?

You are only potentially affected if your account uses one of these specific module versions:

• Roles Modifier v2 (versions 2.1.0 and 2.1.1)

• Delay Modifier v1.1.0

You are not affected if you use:

• Roles Modifier v1, or Delay Modifier v1.0.x

• No Zodiac module at all

If you don't use Zodiac modules, you can stop here. No action is needed.

Check your account

Use the Zodiac checker to confirm whether your account is affected: https://app.zodiac.eco/public/fallback-handler

If the checker shows you are affected, follow the steps below. If you're unsure how to interpret the result, contact us (see "Get help" at the end).

What to do if you're affected

There are two paths. Most people should use the first. The second is for teams whose operations depend on the module.

Option 1 (recommended): Remove the affected module

If you control your account's signers and the module is not essential to your day-to-day operations, removing it is the complete fix. It resolves the issue at the source.

1. Open your account in Safe{Wallet}.

2. Go to Settings, then Modules.

3. Find the affected module in the list and select the delete icon next to it.

4. Follow the prompts to create and confirm the transaction with your signers.

5. Once the transaction is confirmed on-chain, the module is removed and your account is no longer exposed through this issue.

For a step-by-step walkthrough of managing modules, see: https://help.safe.global/articles/7039805766-add-a-module?lang=en

Removing the module requires your account's normal signer threshold, the same as any other account change.

Option 2: If you can't remove the module right now

Some teams run treasuries, DAOs, or permissioned setups where a Zodiac module is part of core operations, and removing it immediately isn't practical. If that's you, we recommend you don't make changes on your own. There is a reversible interim step that reduces risk while you plan a proper migration, but it has side effects and is best done with our help.

Please contact us (see "Get help" below) and our team will work through it with you directly. We'll help you reduce immediate risk and plan a full migration without disrupting your operations.

After you've removed the module

• The issue is resolved for your account once the affected module is removed and the transaction is confirmed.

• You can re-run the checker to confirm.

• If you previously used the module for automation, recovery, or permissions, you may want to set up a replacement once a fixed version is available. Contact us if you'd like guidance on this.

Protect yourself from scams

Incidents like this attract scammers and impersonators. Please keep in mind:

• Safe Labs will never message you first, ask for your seed phrase or private keys, or send you a link to "validate," "sync," or "migrate" your wallet.

• Only act on guidance from official Safe channels and the links in this guide.

• Be especially cautious of anyone offering to "recover" lost funds. Treat unsolicited DMs and unfamiliar links as suspicious.

• No legitimate support process will ever ask you to share your recovery phrase or private key.

Get help

If you're unsure whether you're affected, how to interpret the checker, or how to proceed, we're here to help.

• Contact us via in app chat or creating a ticket through https://help.safe.global/

• When you reach out, it helps to include: your account address, the chain it's on, and whether you've already run the checker.

If you believe your account is being actively targeted or you've experienced a loss, contact us right away and we'll prioritize helping you secure your account.

This guide will be updated as more information becomes available. Last updated: [June 3, 2026].