Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Market Capitalization:2 975 925 892 054 USD
Vol. in 24 hours:109 075 830 129,43 USD
Dominance:BTC 58,84%
ETH:11,94%
Yes
>>Ribbon Finance, previously called Aevo, suffers a $2.7 million loss due to a DeFi hack.

Ribbon Finance, previously called Aevo, suffers a $2.7 million loss due to a DeFi hack.

crypthub
Ribbon Finance, previously called Aevo, suffers a $2.7 million loss due to a DeFi hack.

Attack Overview

The Ribbon Finance contract was drained of about $2.7 million. The attacker moved the funds to fifteen wallets, some already consolidated. The exploit surfaced six days after an oracle upgrade. Smart‑contract calls extracted ETH, WETH, USDC, WBTC and other tokens.

Oracle Vulnerability

The upgrade added 18‑decimal pricing for stETH, PAXG, LINK and AAVE, while USDC stayed at eight decimals. This mismatch let a malicious contract feed false expiry prices through the Opyn/Ribbon oracle stack. The falsified prices were accepted by Ribbon’s MarginPool during settlement, enabling large short oToken positions to be liquidated.

Manipulated oTokens

The attacker created poorly structured oTokens using whitelisted collateral and strike assets, e.g., a stETH call option with a 3,800 USDC strike. By setting identical expiry timestamps, the contract triggered fraudulent ExpiryPriceUpdated events and burned oTokens for WETH rewards. Around 900 ETH was extracted through repeated proxy admin calls and delegate‑call price manipulation.

Aftermath and Related Protocols

Spectre traced the initial transfer to address 0x354ad… and subsequent distribution across 14 accounts, some feeding treasury consolidation pools. Opyn’s platform was confirmed not to be compromised; the breach stemmed from the oracle code change. Analysts warn that improper decimal handling and open price setters can expose DeFi protocols to similar attacks.