Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / coincentral /
Aevo Forced to Shutter Ribbon Vaults Following $2.7 Million Oracle Manipulation Attack

Aevo Forced to Shutter Ribbon Vaults Following $2.7 Million Oracle Manipulation Attack

Author:
coincentral
Published:
2025-12-15 17:51:47
8
1

Aevo Shuts Ribbon Vaults After $2.7 Million Oracle Manipulation Exploit

A major DeFi protocol just got a $2.7 million reminder that on-chain oracles aren't bulletproof.

Aevo, a prominent decentralized derivatives exchange, has abruptly terminated its Ribbon Finance vaults. The move comes directly on the heels of a sophisticated exploit where an attacker manipulated price feeds to drain funds. It's a classic case of 'garbage in, garbage out'—even the smartest smart contracts fail with faulty data.

The Anatomy of a Digital Heist

The exploit wasn't a brute-force hack. Instead, it targeted the oracle—the external data source that tells the protocol what an asset is worth. By artificially inflating the price of a collateral asset on a smaller, less liquid exchange, the attacker was able to borrow far more than the collateral's true value against it. They then vanished with the proceeds, leaving the vaults insolvent. It's the crypto equivalent of appraising a cubic zirconia as a diamond to secure a massive loan.

Fallout and the Path Forward

Aevo's response was swift: immediate suspension of all deposits into the affected vaults and a full shutdown. The protocol is now conducting a post-mortem and exploring recovery options, though user funds directly impacted by the manipulation appear to be a total loss. This event throws a harsh spotlight back on the perennial 'oracle problem'—the single biggest point of failure in decentralized finance. While teams build fortresses around their contract logic, the drawbridge is often a handful of price data points from a potentially manipulable source.

For an industry constantly pitching itself as the future of finance, these multi-million-dollar 'learning experiences' are getting awfully expensive. Trustless systems, it seems, still require a leap of faith in the data that powers them.

TLDR

  • Legacy Ribbon DOV vaults were drained of about $2.7 million on December 12.

  • A December 6 oracle upgrade allowed users to set prices for new assets.

  • The exploit affected Ethereum vaults but not Aevo’s Layer 2 exchange.

  • Aevo plans to decommission all Ribbon vaults and open a six month claim window.

Aevo confirmed that its legacy Ribbon Finance vaults lost about $2.7 million after a smart contract flaw. The issue followed an oracle upgrade that enabled price manipulation and targeted inactive DeFi options products.

The news is presented from the angle of an oracle upgrade vulnerability affecting dormant legacy DeFi infrastructure rather than active exchange operations.

Aevo Exploit linked to oracle upgrade

Security researchers reported that the exploit occurred on December 12, several days after an oracle upgrade. The upgrade was deployed on December 6 and affected price feeds for newly added assets.

Analysts said the change allowed any user to submit prices through proxy contracts. This allowed false expiry prices to be pushed into the shared oracle system. Assets involved included wstETH, AAVE, LINK, and WBTC.

Blockchain analyst Specter identified unusual outflows from Ribbon vault contracts. The funds were moved quickly after extraction. Most of the stolen value was held in ETH and USDC.

Another researcher, Liyi Zhou, explained the attack path in a public thread. Zhou wrote that a shared expiry timestamp was abused across multiple assets. This enabled coordinated price manipulation within the vault logic.

Scope of losses and fund movement

The total loss was estimated at about $2.7 million based on onchain data. Hundreds of ETH were removed alongside stablecoin balances. The attacker then spread funds across fifteen wallet addresses.

Several of those addresses received close to 100 ETH each. Researchers said this pattern suggested an attempt to reduce tracking risks. Centralized exchanges were alerted to monitor related wallets.

Anton Cheng of Monarch DeFi said the flaw was limited to Ribbon’s oracle setup. He stated that Opyn’s Core protocol was not compromised. The weakness came from how Ribbon configured the upgrade.

Aevo also confirmed that its LAYER 2 derivatives exchange was unaffected. Trading, deposits, and withdrawals on the exchange continued without interruption.

Response from Aevo and vault shutdown

Aevo announced that all Ribbon vaults were stopped following the incident. The team said the vaults WOULD be fully decommissioned. No new activity will be allowed.

In a public statement, AEVO said,

“The legacy Ribbon DOV vaults were exploited following a vulnerability in a smart contract update.” The team added that tracking efforts were underway.

The company proposed a plan for remaining vault users. Withdrawals would face a 19% reduction instead of the full 32% loss. Aevo said this approach favors active participants.

The DAO also said it would forfeit about $400,000 of its own vault positions. This step reduces the net loss to about $2.3 million. Aevo noted that no insurance was promised.

Claim process and next steps

Aevo set a six month claim window running from December 12 to June 12. Users can withdraw during this period under the proposed terms.

After the deadline, remaining assets will be liquidated by the DAO. Proceeds will be distributed to prior claimants. Payments may cover part or all of the remaining shortfall.

Aevo said many large accounts have been inactive for years. The team expects some deposits will remain unclaimed. These funds may help offset losses for active users.

A full post mortem is expected to be released. Aevo said it remains open to a whitehat resolution through its bounty program.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.