TechFlow, December 14 — Aevo (formerly Ribbon Finance) announced that its legacy Ribbon DOV vault was attacked on December 12 due to a vulnerability in a smart contract update, resulting in approximately $2.7 million in losses.
The vault lost about 32% of its total assets from the attack. Users are advised to withdraw their funds following the standard withdrawal process, which will require a contract upgrade scheduled for release next week (further notice to follow). The claims window will remain open for six months until June 12, 2026. After this period, the DAO will liquidate all remaining assets and distribute them to previously withdrawing users, with compensation up to 19% of the missing amount or the remaining available funds, whichever is lower.
