A trio of hacks focusing on previous DeFi tasks have stolen roughly $5 million up to now week.
The three tasks focused have been all well-known names throughout DeFi’s 2020-2022 cycle, and the affected contracts are all from deserted tasks, immutable, or not maintained.
The similarities have led some to marvel if legacy contracts are being focused in a concentrated, AI-aided hacking marketing campaign.
Ribbon Finance flip-flops on restoration plan
Final Friday, Aevo (previously Ribbon Finance) knowledgeable customers of an oracle-manipulation hack on “legacy Ribbon DOV vaults,” leading to a $2.7 million loss. The publish reassured Aevo customers that they weren’t impacted.
In a since-deleted follow-up publish, the crew introduced a plan to reimburse these affected utilizing $400,000 of its personal funds, in addition to belongings from “dormant” customers.
Nonetheless, the Ribbon crew walked again the controversial plan a couple of days later, clarifying that the affected customers would, actually, endure a 100% loss.
Defunct Rari Capital hijacked
The $2 million Rari Capital hack occurred on December 10, however was not flagged for every week.
In what seems to be a “hijacking of the implementation contract,” the attacker was capable of borrow belongings “without posting any collateral.”
The crew later settled with the SEC in September 2024 over “misleading investors and engaging in unregistered broker activity” in addition to unregistered securities choices.
Yearn Finance: third time’s the allure
On Tuesday, a five-year previous iEarn Finance (precursor to Yearn) contract was attacked for about $250,000.
Pseudonymous Yearn developer Banteg described how a “misconfigured adapter” induced “a cascading failure across multiple DeFi protocols.”
We’re conscious of a problem with iEarn’s immutable TUSD contract, deployed over 2100 days in the past, unrelated to Yearn vaults.
The issue is unique to iEarn and doesn’t affect present Yearn contracts or vaults.
The incident is just like this 2023 iEarn USDT hack. https://t.co/osI43q2udb
— yearn (@yearnfi) December 17, 2025
The hack exploited the identical vulnerability as a 2023 assault, which noticed $11 million misplaced. Yearn had beforehand been hacked in 2021, additionally for $11 million.
Along with the hacks, Yearn suffered an operational mishap in 2023 during which $1.4 million was misplaced to “significant slippage.”
Final month, the crew additionally disclosed a malfunction in one among its vaults, with Yearn protecting the shortfall.
An AI-supported hacking spree?
Given a usually reducing charge of sensible contract hacks on DeFi protocols, the latest focus has raised eyebrows.
A safety researcher (and former Yearn developer) who goes by storm0x suspects that somebody could also be “specifically targeting legacy contracts, maybe even using new tools and LLMs?”
They advise withdrawing from 2021-era contracts which can be “deprecated, sunsetted or abandoned.”
One other observer shares storm0x’s suspicion. They see the growth in AI assist for already subtle attackers posing a menace which might be “extremely painful” for DeFi builders within the coming years.
“The bar to build, sample, test, exploit strategies has never been lower,” they stated.
In addition to AI-supported hackers protecting extra floor, autonomous AI hacks might also pose a menace sooner or later.
A latest research from Anthropic pitted AI brokers in opposition to a library of 405 sensible contracts exploited between 2020 and 2025.
The AI fashions autonomously achieved $4.5 million value of exploits on contracts deployed after their data cutoff. Additionally they “uncovered two novel zero-day vulnerabilities” in 2,849 new contracts with no identified vulnerabilities.
