GoPlus: Ribbon Finance attack likely caused by "project team management address being compromised by hackers"
Jinse Finance reported that the GoPlus Chinese community posted an analysis on social media explaining the mechanism behind the attack on the decentralized options protocol Ribbon Finance. The attacker, using address 0x657CDE, upgraded the price proxy contract to a malicious implementation contract, then set the expiration date of four tokens—stETH, Aave, PAXG, and LINK—to December 12, 2025, 16:00:00 (UTC+8) and tampered with the expiration prices, exploiting the incorrect prices to profit from the attack. Notably, when the project contract was created, the _transferOwnership status value of the attack address had already been set to true, allowing it to pass the contract's security checks. Analysis shows that this attack address may have originally been one of the project's management addresses, which was later taken over by a hacker through social engineering or other means and used to carry out this attack.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Juventus shares surge nearly 14% after rejecting Tether's acquisition offer
JPMorgan launches its first tokenized money market fund
JPMorgan to launch its first tokenized money market fund on Ethereum, with a seed fund size of 100 millions
Artemis CEO: Solana leads the market in key on-chain metrics, with transaction volume 18 times that of BNB
Trending news
MoreCrypto prices
More
