On March 11, it was reported that the decentralized lending protocol Aave recently experienced a large-scale liquidation event caused by a misconfiguration in the price oracle. Due to a temporary misjudgment of the Wrapped stETH (wstETH) price by the system, about 34 accounts’ collateral positions were automatically liquidated, involving approximately $26 million worth of assets, sparking widespread discussion in the DeFi community about oracle security and liquidation mechanisms.
According to subsequent disclosures, this incident was not due to a real market price decline but resulted from a technical discrepancy in Aave’s internal pricing system. Aave relies on on-chain price oracles to assess the value of collateral assets. When the collateral value falls below the safety threshold for lending, the system automatically executes liquidation to protect lenders’ funds.
The issue stemmed from Aave’s use of a security mechanism called CAPO (Capped Asset Price Oracle). This mechanism aims to limit abnormal asset price surges to prevent malicious market manipulation. However, due to unsynchronized updates of two key configuration parameters, the system temporarily calculated the wstETH price to be about 2.85% below its actual market value.
This seemingly minor price discrepancy had limited impact on ordinary users but was enough to trigger automatic liquidation for accounts with high leverage and collateral ratios close to the liquidation threshold. Ultimately, the system sold 10,938 wstETH to cover the loans, even though these positions should have remained safe under normal price conditions.
Risk analysis firm Chaos Labs released a report indicating that during the liquidation process, third-party bots monitoring liquidation opportunities earned approximately 499 ETH in profit. Although some user positions were forcibly closed, the Aave protocol itself did not suffer financial losses; all loans were repaid, and protocol reserves were not depleted.
Aave founder Stani Kulechov stated that the protocol’s security was not compromised, but affected users did incur losses. Therefore, the community will initiate a compensation mechanism. Currently, Aave has recovered about 141.5 ETH and 13 ETH in fees through the BuilderNet refund process, which will be directly returned to affected users.
Regarding the remaining funds, Aave confirmed that up to 345 ETH will be covered by the DAO treasury. This treasury is funded by protocol income and is used to handle emergency risks and protect user interests.
Meanwhile, community member Frida raised questions on the forum, suggesting that Chaos Labs, responsible for oracle configuration risk management, should bear some responsibility. In response, Chaos Labs founder Omer Goldberg stated that all affected users will receive full compensation, but the incident is categorized as a configuration issue rather than a system design flaw.
After the incident report was released, market reactions remained relatively stable, with AAVE’s price rising approximately 1.53% to $110.52, indicating that investors believe the issue has been effectively contained.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Scammers Impersonating Iranian Officials Demand Bitcoin and USDT from Ships in Strait of Hormuz
Gate News message, April 21 — Scammers posing as Iranian officials are demanding Bitcoin (BTC) and Tether (USDT) as transit fees from ships in the Strait of Hormuz, according to a warning from MARISKS, a Greece-based maritime risk management firm. The scheme falsely promises "safe transit
GateNews8h ago
Crypto Hack Draining $300M May Slow Wall Street's Blockchain Ambitions
Gate News message, April 21 — A weekend hack that drained nearly $300 million from a small crypto project and triggered a $10 billion run on the largest decentralized lending platform may slow Wall Street's growing interest in blockchain technology, according to a report from Jefferies LLC released
GateNews8h ago
Security Researcher Discloses CometBFT 0-day Vulnerability; Direct Asset Theft Not Possible
Gate News message, April 21 — Security researcher Doyeon Park disclosed a critical 0-day vulnerability (CVSS 7.1) in CometBFT, the consensus layer of Cosmos, according to a post on X. The flaw could cause network nodes to stall during block synchronization, disrupting system operations, but cannot d
GateNews11h ago
Fake Police Impersonators Force French Couple to Transfer Nearly $1M in Bitcoin
Criminals posing as police in France coerced a couple to transfer nearly $1M in Bitcoin, using fear and authority in a 'wrench attack' that exploits people, not wallets.
Abstract: Attackers used impersonation and psychological coercion to force a Bitcoin transfer, illustrating a wrench attack that targets human vulnerability rather than technical wallet exploits.
GateNews12h ago
Armed Robbery Attempt on French Crypto Professional Thwarted; Suspect Arrested
Gate News message, April 21 — A 40-year-old crypto industry professional in Saint-Jean-de-Védas, near Montpellier, France, thwarted an armed robbery attempt at his home. The suspect, disguised as a delivery person, entered the residence and demanded the victim hand over cryptocurrency wallet
GateNews13h ago
