GoPlus: Suspected that the 'project management address was controlled by hackers' led to the attack on Ribbon Finance. Jinse Finance reported that the GoPlus Chinese community analyzed the principle behind the attack on the decentralized options protocol Ribbon Finance on social media. The attacker upgraded the price proxy contract to a malicious implementation contract through the address 0x657CDE, subsequently setting the expiration time of the four tokens stETH, Aave, PAXG, and LINK to December 12, 2025, 16:00:00 (UTC+8) and tampering with the expiration price, using the erroneous price to carry out the attack for profit. It is worth noting that when the project party contract was created, the _transferOwnership state value of the attack address had already been set to true, allowing it to pass the contract security verification. Analysis shows that this attack address may have originally been one of the project management addresses, which was later controlled by hackers through social engineering attacks and other means to carry out this attack.