Home > Quick > Body

GoPlus: It is suspected that the "project management address was controlled by hackers" led to the attack on Ribbon Finance

clock
2025-12-15 08:40:55
The GoPlus Chinese community posted on social media to analyze the principle of the attack on Ribbon Finance, a decentralized options protocol.
The attacker upgraded the price proxy contract to a malicious implementation contract through the address 0x657CDE, and then set the expiration time of the four tokens stETH, Aave, PAXG, and LINK to 16:00:00 on December 12, 2025 (UTC + 8) and tampered with the expiration price, using the wrong price to profit from the attack.
It is worth noting that when the project party contract is created, the _transferOwnership status value of the attack address has been set to true, so that it can pass the contract security verification. Analysis shows that the attack address may have been one of the project party management addresses, and was later controlled by hackers through social engineering attacks and other means to carry out this attack.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.