Aevo Vault hacked, $2.7 million lost. Officially pushes compensation plan: 20% discount on refunds, active users prioritized

Aevo (formerly Ribbon Finance)’s legacy DeFi Options Vaults (Ribbon DOV) were hacked on December 12 due to a smart contract update vulnerability, resulting in approximately $2.7 million in funds lost. After the incident was disclosed, Aevo responded that its main trading platform was unaffected, and on the 14th (today), it announced a compensation plan: the vaults suffered an overall loss of 32%, but active users can withdraw funds with only a 19% deduction initially, and may receive further compensation after the six-month claims period ends.
(Background: The veteran DeFi protocol Balancer has experienced 6 security incidents over 5 years, with total losses exceeding hundreds of millions of dollars.)
(Additional context: Aevo’s Degen launched a “thousandfold US stock leverage,” initially available on Coinbase, Robinhood, Circle, and MicroStrategy.)

Focused on cryptocurrency options and perpetual contract trading, the decentralized exchange Aevo (formerly Ribbon Finance) issued an announcement via X platform last night (13th), confirming that its legacy Ribbon DOV (DeFi Options Vault) was exploited on December 12, causing approximately $2.7 million in losses. The official statement read:

We regret to confirm that due to a vulnerability in a smart contract update, the legacy Ribbon DOV vaults were attacked yesterday (12th), resulting in approximately $2.7M USD in losses. We have taken immediate action to identify the root cause and are coordinating with CEX and security partners to track and flag the stolen funds.

To Aevo users and stakers: Aevo itself was not affected and remains fully secure and operational. For depositors of Ribbon Legacy, we are formulating the best solution; please stay tuned. We will release an update within 24 hours. If you have any questions, contact us via the exchange’s private message or support ticket system.

We regret to confirm that the legacy Ribbon DOV vaults were exploited yesterday following a vulnerability in a smart contract update, resulting in a loss of approximately $2.7M USD.

We have immediately taken action to identify the root cause and are coordinating with CEXs and…

— Aevo (fka Ribbon Finance) (@ribbonfinance) December 13, 2025

Aevo proposes a compensation plan

Regarding this hack, Aevo issued another announcement via X platform this morning (14th), updating the latest developments and outlining the subsequent handling plan for affected vault depositors. The announcement stated that all Ribbon vaults have been immediately halted and will be permanently decommissioned. Users can withdraw funds through the standard procedure, but withdrawals will require a contract upgrade, which will be opened next week and announced separately.

Aevo further indicated that the vaults suffered an overall loss of about 32% due to this incident, but the official proposal is that users can withdraw with a 19% deduction based on the value at the time of attack. This plan is based on two main reasons: first, the DAO will forfeit its own holdings in the vaults (valued at about $400,000) to partially offset the loss, reducing the net stolen amount to $2.3 million; second, evidence shows that many large deposit accounts have been dormant for the past 2-4 years and are unlikely to withdraw. Therefore, the official prioritizes active users, allowing them to withdraw first with smaller losses.

Furthermore, Aevo proposed that considering the expected high dormancy rate, users who withdraw within the claims window may have the opportunity to receive full compensation in the final distribution. The claims window will be open for six months, from December 12, 2025, to June 12, 2026. During this period, users can withdraw remaining funds after a fixed 19% deduction (subject to sufficient funds). After the window closes, the DAO will liquidate all remaining assets and prioritize distributing to users who withdrew earlier, compensating for the 19% deduction or as much as possible.

The official emphasized that this is the best solution currently available for depositors. Although the vaults will be decommissioned, the underlying technology remains DAO property and may be redeployed later. If depositors are dissatisfied with this plan, they can submit alternative proposals via governance guidelines by December 19th (Friday).

We have an update on the legacy Ribbon DOVs exploit, specifically the next steps we’re proposing for impacted vault depositors.

If you have an active Ribbon vault position, please read carefully, as action will be required on your side.

All Ribbon vaults have been stopped and…

— Aevo (fka Ribbon Finance) (@ribbonfinance) December 14, 2025

!Official website TG banner-1116 | Dongqu Trends — The Most Influential Blockchain News Media

📍Related reports📍

ZEROBASE Front End Hacked! Hackers Impersonated Official and Installed Malicious Contracts, Hundreds of Users’ USDT Looted

Kimchi Premium vs. State Hackers: The North-South Korean Shadow War Behind Multiple Upbit Hacks

Security Firm: North Korean Hackers Have Penetrated 15~20% of Cryptocurrency Companies

Tags: AevoDAO Governance DeFi Hacker Ribbon Finance Cryptocurrency Security Smart Contract Vulnerability Hacker Attack