CoinVoice has recently learned that the GoPlus Chinese community published an analysis on social media regarding the principles behind the decentralized options protocol Ribbon Finance being attacked.
The attacker upgraded the price proxy contract to a malicious implementation via address 0x657CDE, then set the expiration times for the four tokens stETH, Aave, PAXG, and LINK to December 12, 2025, 16:00:00 (UTC+8) and manipulated the expiration prices, exploiting incorrect prices to profit from the attack.
It is worth noting that when the project party's contract was created, the _transferOwnership state value of the attack address was already set to true, allowing it to pass contract security checks. Analysis shows that this attack address was likely one of the project party's management addresses, which was then controlled by hackers through social engineering attacks and used to carry out this attack. [Original link]
