On December 12, 2025, the legacy vaults of the DeFi protocol Ribbon Finance (now part of Aevo) suffered an exploit totaling around $2.7 million. The vulnerability arose after an oracle update on December 6, which allowed anyone to set arbitrary prices for certain assets through a proxy contract.
A hacker created fake option contracts (oTokens) on assets like wstETH, AAVE, and LINK, manipulating prices at completion. This allowed the attacker to establish positions in their favor and withdraw hundreds of ETH, thousands of USDC, and other assets from MarginPool. The funds were distributed across 15 wallets.
Aevo has immediately halted all Ribbon vaults and announced their complete closure. Losses amounted to ~32% of the assets in the vaults, but the team is offering compensation at a discount of only 19%. The underlying protocol Opyn was not affected.
This incident underscores the ongoing risks of oracles in DeFi and the need for thorough testing of updates.
Don't miss the latest news from the world of mining and crypto! Subscribe to @Mining Updates
#RibbonFinance #aevo #DeFiHack #OracleExploit #CryptoHack #BlockchainSecurity #DeFi #CryptoNews #Web3
