Ribbon Finance Exploit Resolution Draws Fire as Critics Question Treatment of Old Deposits

Aevo, previously known as Ribbon Finance, is facing mounting criticism after outlining its plan to resolve a legacy vault exploit, a response that has triggered accusations of unfair treatment, heated social media backlash, and restricted discussion on X.

Aevo Proposes Partial Recovery After Exploit, Community Isn’t Buying It

Aevo published an update detailing how it plans to wind down affected Ribbon decentralized options vaults following a December exploit that drained roughly $2.7 million from outdated smart contracts. According to the team, all Ribbon vaults have been halted and will be fully decommissioned, with users invited to withdraw funds once a contract upgrade goes live next week.

The protocol’s team said the exploit resulted in losses of about 32% across impacted vaults but proposed allowing withdrawals at a reduced 19% haircut. Aevo said this smaller reduction is possible because the decentralized autonomous organization (DAO) plans to forfeit roughly $400,000 of its own vault assets and because many of the largest deposits appear to have been inactive for two to four years.

That reasoning quickly became a flashpoint. One onlooker responded on X: “People are still withdrawing from Saffron V1 from 2020. You can’t just steal money because it’s been deposited for a while.” Another commenter was blunter, asking, “Isn’t that what Ponzi schemes do?” The remarks spread as Aevo limited replies on its post to verified accounts or those mentioned by the official @ribbonfinance handle.

One reply that got through wrote:

This is super fu**ed up, you can’t just take money from dormant accounts. WTF is wrong with this industry?

Aevo framed its proposal as a way to prioritize active users while keeping the door open for full recovery. The team said there is a “strong chance” that users who withdraw during the six-month claim window could ultimately be made whole once remaining assets are liquidated after June 12, depending on how many dormant accounts stay inactive.

Read more: BOJ Hike Watch: Why Japan’s Next Move Has Traders on Edge Worldwide

The update also emphasized that the DAO never offered insurance on deposits and encouraged dissatisfied users to submit alternative governance proposals by Dec. 19. While the team characterized the plan as the “best possible outcome,” critics argue that assumptions about user inactivity introduce a precedent that could unsettle long-term trust in onchain vault products.

Beyond the numbers, the decision to restrict public replies adds fuel to the controversy, with some interpreting the move as an attempt to manage optics rather than engage critics. For Aevo, the episode points to how exploit recovery plans can quickly become reputational stress tests—especially when legacy users, locked contracts, and partial recoveries collide in public view.

FAQ ❓

• **What happened to Aevo’s Ribbon vaults?**They were exploited through outdated contracts, resulting in roughly $2.7 million in losses.
• **What haircut is Aevo proposing for withdrawals?**The team is offering withdrawals at a fixed 19% reduction during a six-month claim window.
• **Why are some users upset with the plan?**Critics object to the idea that dormant deposits may effectively subsidize active users.
• **Did Aevo limit replies on X?**Yes. Replies were restricted to verified accounts or tagged users.