GoPlus: Ribbon Finance was attacked, suspectedly due to "the project's management address being compromised by hackers".

According to Mars Finance, the GoPlus Chinese community posted an analysis on social media explaining the attack on the decentralized options protocol Ribbon Finance. The attacker upgraded the price proxy contract to a malicious implementation contract via address 0x657CDE, then set the expiration time of four tokens—stETH, Aave, PAXG, and LINK—to December 12, 2025, at 16:00:00 (UTC+8) and tampered with the expiration price, profiting from the erroneous price. Notably, the attacking address's `_transferOwnership` state was already set to true when the project's contract was created, allowing it to pass contract security checks. Analysis suggests that this attacking address may have originally been one of the project's management addresses, later controlled by hackers through social engineering and other techniques to carry out this attack.