The GoPlus Chinese community posted on social media to analyze the principle of the attack on Ribbon Finance, a decentralized options protocol.
The attacker upgraded the price proxy contract to a malicious implementation contract through the address 0x657CDE, and then set the expiration time of the four tokens stETH, Aave, PAXG, and LINK to 16:00:00 on December 12, 2025 (UTC + 8) and tampered with the expiration price, using the wrong price to profit from the attack.
It is worth noting that when the project party contract is created, the _transferOwnership status value of the attack address has been set to true, so that it can pass the contract security verification. Analysis shows that the attack address may have been one of the project party management addresses, and was later controlled by hackers through social engineering attacks and other means to carry out this attack.
GoPlus: It is suspected that the "project management address was controlled by hackers" led to the attack on Ribbon Finance
2025-12-15 08:40:55
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
GoPlus:疑似系“项目方管理地址被黑客控制”导致 Ribbon Finance 遭攻击Next article:
市场分析:黄金受益于美元偏软和投资者等待关键数据