Hub
News
Signals
Market
Economy
Learn
Channel
Company
Livestream
Grafa TV
Quote
Assets
Quote
Quote
Settings

United States
Australia
Crypto

Home
news
crypto
aevo legacy ribbon vaults drained after oracle upgrade flaw

Connect with us

Disclaimer

Grafa is not a financial advisor. You should seek independent, legal, financial, taxation or other advice that relate to your unique circumstances.

Grafa is not liable for any loss caused, whether due to negligence or otherwise arising from the use of or reliance on the information provided directly or indirectly, by use of this platform.

Hub
News
Signals
Market

Aevo legacy Ribbon vaults drained after oracle upgrade flaw | Grafa

Aevo legacy Ribbon vaults drained after oracle upgrade flaw

Written by Heidi Cuthbert Published Dec. 15 2025Last Updated Dec. 15 2025

Descubra mais

Crypto News

Legacy DeFi options vaults created by Ribbon Finance and later absorbed by Aevo were exploited for around $2.7 million on December 12.

The affected products were Ribbon’s DeFi Options Vaults, which once held more than $300 million in total value locked during DeFi’s peak.

Although Ribbon rebranded to Aevo in 2023, the legacy vault contracts continued operating on Ethereum (CRYPTO:ETH).

Aevo confirmed that its main Layer 2 derivatives exchange was not affected by the incident.

Security researchers traced the exploit to an oracle infrastructure upgrade deployed on December 6.

The upgrade unintentionally allowed any user to set prices for newly added assets.

An attacker exploited this flaw to manipulate price feeds and extract funds from the vaults.

Blockchain analyst Specter first identified suspicious outflows and linked them to the exploit contract.

The attacker drained hundreds of ETH and significant USDC before dispersing the funds.

Stolen assets were spread across 15 wallet addresses, many holding roughly 100 ETH each.

Security researcher Liyi Zhou said the attacker abused the Opyn and Ribbon oracle stack using price-feed proxies.

The exploit pushed arbitrary expiry prices for several assets at a shared timestamp.

Affected assets included wstETH, AAVE, LINK and WBTC.

Anton Cheng of Monarch DeFi said the exploit was enabled by the December 6 oracle code change.

“The upgrade let anyone set prices for new assets, which made the exploit possible,” Anton Cheng said.

Aevo announced that all Ribbon vaults have been halted and will be permanently decommissioned.

The team estimated vault losses at about 32% of total value.

Aevo proposed limiting user withdrawal losses to 19% by forfeiting around $400,000 of DAO-held assets.

“We’re proposing to prioritise active users by granting them a smaller reduction upfront,” the Aevo team said.

A six-month claim window will run from December 12 to June 12.

At the time of reporting, Ethereum price was $3,075.65.