🔥$AAVE $PAXG $LINK
On December 15, GoPlus's Chinese community posted on social media analyzing the attack mechanism on the decentralized options protocol Ribbon Finance.
The attacker upgraded the price proxy contract to a malicious implementation via the address 0x657CDE, then set the expiration time for stETH, Aave, PAXG, and LINK tokens to December 12, 2025, at 16:00:00 (UTC+8), and tampered with the expiry prices, leveraging the incorrect pricing to execute the attack and profit.
Notably, when the project’s contract was created, the _transferOwnership status value of the attacker’s address had already been set to true, allowing it to pass the contract’s security checks. Analysis shows that this attacking address may have originally been one of the project team’s management addresses, later compromised and taken over by hackers through social engineering or similar methods, and subsequently used to carry out this attack.