Aevo, formerly known as Ribbon Finance, faced a significant security breach on December 12, 2025, when approximately $2.7 million was stolen from its DeFi Options Vaults (DOV). The exploit stemmed from a December 6 upgrade to their oracle system, which mistakenly allowed users to manipulate asset prices. The vaults previously held over $300 million at their peak, highlighting the scale of the loss. Blockchain security researchers traced the attack to flaws in the price-feed proxies used by the Opyn and Ribbon oracles. An analyst named Specter identified suspicious activities and tracked the attacker's wallet addresses. The stolen funds were primarily in ETH and USDC, distributed across 15 different wallets, each containing about 100 ETH. Notably, the main trading platform of Aevo remained unaffected. Security expert Liyi Zhou elaborated on the exploit's mechanics, emphasizing that the vulnerability was linked specifically to Ribbon's oracle setup, not the underlying Opyn protocol. The incident underscores ongoing vulnerabilities in DeFi, as similar attacks have occurred, such as the $717,000 loss at Venus Protocol earlier in the year. In response, Aevo plans to decommission all Ribbon vaults to prevent further risks.