Aevo Ribbon Legacy Vault Under Attack: $2.7 Million Loss Sparks Security Reflection

GasFeeLady · 2025-12-14T01:40:12+00:00

Aevo (formerly Ribbon Finance) recently experienced a security incident. Its Ribbon Legacy DOV vault was attacked due to a smart contract vulnerability, resulting in a loss of approximately $2.7 million. Although some deposit users were affected, the Aevo exchange and staking services are operating normally. The team is investigating the vulnerability and formulating a remediation plan, with an update and incident report expected to be released within 24 hours.

GasFeeLady

2025-12-14 01:40:12

Abstract generation in progress

【Crypto World】Aevo (formerly Ribbon Finance) announced a security incident yesterday — the Ribbon Legacy DOV vault was attacked due to a vulnerability in the smart contract update, resulting in a loss of approximately $2.7 million.

This incident is quite intense. The attacker not only successfully bypassed Immunefi’s bug bounty mechanism, but the team is now conducting an in-depth investigation into the root cause of the vulnerability. The good news is that Aevo has teamed up with centralized exchanges and security partners to track and mark the stolen funds, and the white hat collaboration door remains open.

It’s important to note that this incident only affected the deposit users of the Ribbon Legacy vault. The Aevo exchange itself and the staking services are completely unaffected, and the platform is operating securely as usual. This should reassure users who want to trade on the platform.

For affected depositors, the official team stated that they are working intensively to develop a resolution plan and expect to release an update within 24 hours. A full incident review report will also be published afterward to provide everyone with a thorough understanding.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

15 Likes

Reward
15
8
Repost
Share

Comment

0/400

TaxEvader

· 2025-12-16 13:52

2.7 million dollars just gone like that, Immunefi couldn't even prevent it. This smart contract audit really needs to be more careful. --- It's another smart contract vulnerability. When will DeFi stop being so unreliable? --- Fortunately, it was just a Legacy vault issue; otherwise, the Aevo exchange would have been shut down completely. We can still keep playing now. --- White hat negotiations? It's unlikely they'll recover the funds; most of it is basically a lost cause. --- How did Ribbon raise so much money back then? And they're still in this state now. --- 2.7 million USD, did they really bypass Immunefi's bounty mechanism? That hacker is indeed ruthless. --- As long as the exchange is fine, other users shouldn't worry too much. Managing your own wallet properly is the most important.

View OriginalReply0

DegenWhisperer

· 2025-12-15 00:51

$2.7 million is gone just like that, the smart contract update is really a hidden trap... --- Immunefi was bypassed? That's too outrageous, is this security mechanism just a decoration? --- Alright, at least the exchange itself is fine, otherwise they would really have to run away. --- Just want to know what the white hats' attitude is now, can they really negotiate their way back? --- Another contract vulnerability and stolen funds... these days, DeFi has to be so cautious. --- I can imagine how the Legacy vault users are feeling now; $2.7 million just disappeared. --- Tracking and flagging stolen funds sounds good, but how many can actually be recovered? --- It feels like every week there’s a new security incident, this industry is really tough.

View OriginalReply0

SergioBanani

· 2025-12-14 04:18

An attack on the Aevo Ribbon DOV vault resulted in a loss of $2.7 million On December 12, the old version Ribbon DOV vault on the Aevo platform was attacked due to a vulnerability in the smart contract, resulting in a loss of approximately $2.7 million and 32% of assets. The platform continues to operate; all Ribbon vaults have been halted and will be deactivated.

View OriginalReply0

GateUser-c799715c

· 2025-12-14 02:10

2.7 million dollars lost, this contract vulnerability is really brutal... But the isolation is okay, the exchange itself can still be salvaged if it's not seriously affected.

View OriginalReply0

MEVHunterLucky

· 2025-12-14 02:07

2.7 million is still okay, much lighter compared to Luna's wave, but bypassing the bounty mechanism this time is indeed a bit harsh.

View OriginalReply0

fren.eth

· 2025-12-14 02:04

2.7 million dollars just gone... Smart contracts really require caution; one update vulnerability and it's all lost --- Bypassing the bounty mechanism? This guy is really ruthless, Immunefi also got caught in the crossfire --- Fortunately, the exchange is okay, otherwise they would have had to run --- White hats can still negotiate? This attack method is quite sophisticated --- Another contract vulnerability... When will DeFi truly be secure --- Those affected must be really upset, 2.7 million just washed away --- Tracing stolen funds? The difficulty is extraordinary, hoping they can recover it

View OriginalReply0

SchrodingerWallet