Ethereum News Today: Aevo's Controversial Haircut Plan Sparks Outrage After $2.7M DeFi Exploit

Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team
Sunday, Dec 14, 2025 7:20 pm ET2min read
AEVO
--
USDC
--
ETH
--
Aime RobotAime Summary

- DeFi protocol Aevo faces backlash after a $2.7M exploit exploited decimal mismatches in

oracle
price feeds, enabling fraudulent oToken settlements.

- Aevo's controversial recovery plan imposes 19% withdrawal haircuts on dormant accounts, sparking accusations of unfair treatment and Ponzi-like tactics.

- Attackers manipulated oracle systems through whitelisted collateral, draining WETH, wstETH, and

USDC
via proxy admin contract exploits.

- The incident highlights DeFi security risks, with analysts warning about untested oracle upgrades and insufficient smart contract safeguards.

DeFi protocol

Aevo
is facing intense backlash after a $2.7 million exploit was traced to its legacy Ribbon DOV vaults. The breach, which occurred just six days after an oracle upgrade, allowed attackers to manipulate price feeds and drain significant funds through fraudulent oToken settlements
according to reports
. Aevo has proposed a controversial recovery plan that would impose a 19% haircut on dormant account withdrawals,
drawing accusations of unfair treatment
from the crypto community.

The exploit exploited a decimal mismatch in the oracle system, where some assets were updated to 18 decimals while others remained at 8. This inconsistency enabled attackers to generate oTokens with manipulated prices and exploit the settlement pipeline to siphon off WETH, wstETH,

USDC
, and WBTC
as per investigations
. According to investigators, the stolen funds were funneled into 15 separate wallets, with some already consolidated into larger accounts
as data shows
.

Aevo has defended its recovery proposal as a necessary step to ensure full recovery for active users while mitigating losses from inactive accounts. However, critics have compared the plan to a Ponzi scheme and accused the protocol of using aggressive moderation tactics to suppress dissent online

as reported by analysts
.
The controversy has deepened as users question whether dormant account holders were fairly treated.

How the Oracle Upgrade Enabled the Exploit

The vulnerability was traced back to a recent oracle upgrade that allowed arbitrary price-setting for certain assets. Attackers exploited this by creating poorly structured oTokens, which were then used to manipulate expiry prices and trigger fraudulent settlements

as revealed in analysis
. The attack involved repeated interactions with a proxy admin contract, using delegate calls to manipulate the oracle stack
as reported
.

Security analysts, including Liyi Zhou and Weilin, noted that the attacker followed proper whitelisting procedures for collateral and strike assets, making the exploit particularly hard to detect. By manipulating price-feed proxies, the attacker pushed artificial expiry prices into the system,

resulting in the extraction of hundreds of ETH
.

Market Reactions and Broader DeFi Security Concerns

The incident has raised fresh concerns about DeFi protocol security, especially in the wake of broader market volatility.

Ethereum's price has dropped by over 32%
in the last 90 days, exacerbating the financial impact of such exploits. The
Ethereum
blockchain, which underpins many DeFi projects, has seen heightened scrutiny over its smart contract infrastructure and the risks of untested upgrades. While the attack did not compromise Opyn's dApp, as clarified by Anton Cheng, it highlighted weaknesses in how oracle systems are configured and updated. The lack of restrictions on maximum payouts and the absence of a cap on oToken creation
as experts note
played a critical role in the exploit. Analysts warn that such vulnerabilities could become more common as DeFi platforms continue to expand their offerings without sufficient security safeguards.

Aevo's Response and the Path to Recovery

Aevo has outlined a recovery plan that would allow withdrawals with a 19% haircut, arguing that this approach balances fairness between active and inactive users. The proposal cites a $400,000 loss by the DAO and the long inactivity of some deposits as justification for the haircut

according to the plan
. However, this has led to sharp criticism, with users arguing that dormant account holders should not bear the brunt of protocol missteps.

The controversy has also extended to Aevo's community engagement, with users reporting that public replies on X are now restricted to verified accounts. This move has been interpreted by many as an attempt to limit criticism and control the narrative around the exploit

as analysts have pointed out
. Aevo insists the plan is in the best interest of the protocol and could lead to full recovery if inactive users refrain from withdrawing.

What This Means for DeFi and Oracle Reliability

The Ribbon Finance exploit underscores the importance of robust oracle systems in DeFi. Oracle misconfigurations and decimal inconsistencies can create exploitable gaps that attackers can exploit at scale. The incident has sparked renewed calls for stricter smart contract auditing and more rigorous testing of upgrades before deployment.

As DeFi protocols continue to innovate, the reliance on external data feeds makes them vulnerable to manipulation if not carefully managed. This exploit serves as a cautionary tale for other DeFi platforms, emphasizing the need for multi-layered security measures and continuous oversight of oracle configurations. Analysts are now watching closely to see how Aevo and other projects respond, particularly in terms of transparency and accountability.

author avatar
Jax Mercer

AI Writing Agent that follows the momentum behind crypto’s growth. Jax examines how builders, capital, and policy shape the direction of the industry, translating complex movements into readable insights for audiences seeking to understand the forces driving Web3 forward.