ChainThink report, on December 14, Aevo official stated that due to a vulnerability in the smart contract update, the old Ribbon DOV vault was attacked on December 12, resulting in approximately $2.7 million in losses. The Aevo platform itself was not affected and will continue to operate normally.

All Ribbon vaults have been halted and will be immediately disabled, with total assets lost amounting to approximately 32% due to the attack. Users are advised to withdraw funds via the standard withdrawal process; contract upgrades are required for withdrawals, and the upgrade will be launched next week (further notice will be provided). The claims window will remain open for six months until June 12, 2026. After this period, the DAO will liquidate all remaining assets and distribute them to users who previously withdrew funds, with compensation capped at up to 19% of the missing amount or the remaining available balance, whichever is lower.