Aevo's Legacy Ribbon Finance Vaults Exploited for $2.7M in Oracle Attack

Dec 15, 2025, 2:15 a.m. 5 sources negative
LINK LINK $12.04 -1.46%
WBTC WBTC $88146.10 -1.39%
AEVO AEVO $0.03787 +0.90%
AAVE AAVE $154.76 -1.45%

In a significant security incident for the decentralized finance (DeFi) sector, legacy smart contracts from Ribbon Finance, now part of the Aevo ecosystem, were exploited for approximately $2.7 million on December 12. The attack targeted Ribbon's DeFi Options Vaults (DOV), structured products that once held over $300 million in total value locked (TVL) during DeFi's peak. These vaults remained active on the Ethereum mainnet despite Ribbon Finance's 2023 rebrand and transition into the derivatives exchange Aevo.

The exploit stemmed from a critical vulnerability introduced during an oracle infrastructure upgrade on December 6. According to detailed analysis by security researchers, the upgrade to the Opyn/Ribbon oracle stack "let anyone set prices for new assets," inadvertently enabling price manipulation. The attacker exploited this flaw by pushing arbitrary expiry prices for assets including wstETH, AAVE, LINK, and WBTC into the shared oracle at a common expiry timestamp, draining funds from the vaults.

Aevo's response was swift and transparent. The team confirmed that its primary Layer 2 exchange remained unaffected. All legacy Ribbon vaults have been stopped and will be decommissioned immediately. To mitigate user losses, Aevo proposed a recovery plan: while the vaults suffered roughly 32% in losses, user withdrawals will be subject to only a 19% reduction. This is possible because the Aevo DAO will forfeit its own vault positions (worth about $400,000) to partially offset the theft, reducing net losses to $2.3 million. The team also cited expected dormancy from large, inactive depositors.

A six-month claim window from December 12 to June 12, 2025, has been established. After this period, the DAO will liquidate remaining assets and distribute them to users who previously withdrew, aiming to compensate for the missing 19%.

This incident underscores the persistent threat of oracle manipulation in DeFi, following similar exploits like the $717,000 loss suffered by Venus Protocol on ZKsync earlier in the year. It highlights the critical importance of rigorous testing for upgrades, especially to core infrastructure like price feeds.

LINK LINK Chainlink $12.04 -1.46%
Negative news of oracle exploit involving LINK as manipulated asset creates fundamental headwind, but contained impact and swift response limit severe devaluation risk.
Technical analysis
Short-term overbought on 15m/30m (RSI ~72, Stoch >95) suggests corrective pullback likely, contradicting any immediate bullish fundamental catalyst.
WBTC WBTC Wrapped Bitcoin $88146.10 -1.39%
News is negative but isolated to legacy vaults; Aevo's transparent response and limited contagion risk suggest moderate short-term selling pressure, with long-term impact muted as WBTC's core utility remains intact.
Technical analysis
Short-term overbought (15m RSI 74.35) suggests corrective risk, but higher timeframes (4h RSI 48) show room for consolidation. Strong momentum on lower TFs contradicts bearish news, indicating localized selling.
AEVO AEVO Aevo $0.03787 +0.90%
Major $2.7M exploit in legacy vaults creates strong negative sentiment, but swift DAO compensation plan and unaffected main exchange mitigate long-term damage. Short-term selling pressure likely.
Technical analysis
15m/30m RSI near overbought (70.9/66.2) with high Stochastics suggests corrective pullback likely, contradicting any immediate bullish recovery from news.
AAVE AAVE Aave $154.76 -1.45%
Negative news: AAVE involved in $2.7M oracle exploit via legacy Ribbon vaults. Swift Aevo response and partial DAO compensation mitigate severity, but security concerns may pressure price short-term.
Technical analysis
Short-term overbought (15m RSI 75.35, Stochastics >90) suggests corrective risk, conflicting with 4h neutral RSI 51.74. Volume below MA indicates weak conviction.
Sources
Aevo's legacy Ribbon DOV vaults exploited for $2.7 million following oracle upgrade
theblock.co 14.12.2025 23:53
Critical Aevo Hack: $2.7M Stolen in Oracle Exploit
bitcoinworld.co.in 15.12.2025 02:00
Aevo’s Ribbon Vault Exploit Spurs Backlash Over 19% Payout Plan
coinspeaker.com 15.12.2025 07:53
Top Today
yesterday / 23:25 7 sources
Zero Knowledge Proof (ZKP) Launches Presale for Privacy-Focused Data Verification Network
ZKP ZKP $0.12 +1.22%
yesterday / 20:51 6 sources
White House Social Media Post Sparks 564% Surge in PENGUIN Memecoin
PENGUIN
yesterday / 18:29 5 sources
Dogecoin ETF Approval and Whale Activity Stir Market as DOGE Leads Meme Coin Race
DOGE DOGE $0.12 -1.38%
yesterday / 18:10 7 sources
Quantum Computing Concerns Halt Bitcoin's Momentum, Analysts Cite Institutional Hesitation
BTC BTC $88380.70 -1.38%
yesterday / 17:30 9 sources
XRP Price Analysis: Sideways Trading Continues as Key Support Levels Tested
XRP XRP $1.89 -1.45%
yesterday / 16:29 6 sources
Gemini-Owned Nifty Gateway NFT Marketplace to Shut Down in February 2026
yesterday / 15:59 9 sources
DOGEBALL Launches Four-Month Presale for Gaming-Focused Layer-2 Token
DOGEBALL
Disclaimer

The content on this website is provided for information purposes only and does not constitute investment advice, an offer, or professional consultation. Crypto assets are high-risk and volatile — you may lose all funds. Some materials may include summaries and links to third-party sources; we are not responsible for their content or accuracy. Any decisions you make are at your own risk. Coinalertnews recommends independently verifying information and consulting with a professional before making any financial decisions based on this content.