On March 11, it was reported that the decentralized lending protocol Aave recently experienced a large-scale liquidation event caused by a misconfiguration in the price oracle. Due to a temporary misjudgment of the Wrapped stETH (wstETH) price by the system, about 34 accounts’ collateral positions were automatically liquidated, involving approximately $26 million worth of assets, sparking widespread discussion in the DeFi community about oracle security and liquidation mechanisms.
According to subsequent disclosures, this incident was not due to a real market price decline but resulted from a technical discrepancy in Aave’s internal pricing system. Aave relies on on-chain price oracles to assess the value of collateral assets. When the collateral value falls below the safety threshold for lending, the system automatically executes liquidation to protect lenders’ funds.
The issue stemmed from Aave’s use of a security mechanism called CAPO (Capped Asset Price Oracle). This mechanism aims to limit abnormal asset price surges to prevent malicious market manipulation. However, due to unsynchronized updates of two key configuration parameters, the system temporarily calculated the wstETH price to be about 2.85% below its actual market value.
This seemingly minor price discrepancy had limited impact on ordinary users but was enough to trigger automatic liquidation for accounts with high leverage and collateral ratios close to the liquidation threshold. Ultimately, the system sold 10,938 wstETH to cover the loans, even though these positions should have remained safe under normal price conditions.
Risk analysis firm Chaos Labs released a report indicating that during the liquidation process, third-party bots monitoring liquidation opportunities earned approximately 499 ETH in profit. Although some user positions were forcibly closed, the Aave protocol itself did not suffer financial losses; all loans were repaid, and protocol reserves were not depleted.
Aave founder Stani Kulechov stated that the protocol’s security was not compromised, but affected users did incur losses. Therefore, the community will initiate a compensation mechanism. Currently, Aave has recovered about 141.5 ETH and 13 ETH in fees through the BuilderNet refund process, which will be directly returned to affected users.
Regarding the remaining funds, Aave confirmed that up to 345 ETH will be covered by the DAO treasury. This treasury is funded by protocol income and is used to handle emergency risks and protect user interests.
Meanwhile, community member Frida raised questions on the forum, suggesting that Chaos Labs, responsible for oracle configuration risk management, should bear some responsibility. In response, Chaos Labs founder Omer Goldberg stated that all affected users will receive full compensation, but the incident is categorized as a configuration issue rather than a system design flaw.
After the incident report was released, market reactions remained relatively stable, with AAVE’s price rising approximately 1.53% to $110.52, indicating that investors believe the issue has been effectively contained.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Android Malware Families Target 800+ Banking, Crypto Apps With Near-Zero Detection Rates: Zimperium
Gate News message, April 25 — Cybersecurity firm Zimperium has identified four active malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 applications across banking, cryptocurrency and social media sectors. The campaigns employ advanced anti-analysis techniques and
GateNews1h ago
TRADOOR Token Crashes 90% in 30 Minutes Amid Suspected Price Manipulation and Wash Trading
Gate News message, April 25 — TRADOOR token experienced a sharp 90% price crash over 30 minutes at 2:00 AM today, according to on-chain analyst Specter. The token had surged as much as 900% since March 2026 before the sudden collapse, raising suspicions of price manipulation and coordinated
GateNews3h ago
Lending Protocol Purrlend Suffers Attack, Loses $1.52 Million Across MegaETH and HyperEVM
Gate News message, April 25 — Lending protocol Purrlend fell victim to attacks on both the MegaETH and HyperEVM networks today, resulting in losses of approximately $1.52 million.
Attackers extracted roughly $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125
GateNews4h ago
Ben Pasternak Arrested for Assault at NYC Hotel Amid $54M Crypto Fraud Lawsuit Over Believe Token
Gate News message, April 25 — Ben Pasternak, the 26-year-old Australian entrepreneur behind the Solana-based SocialFi platform Believe, was arrested on April 22 and charged with second-degree strangulation and two counts of third-degree assault following an alleged physical altercation with his ex-g
GateNews5h ago
Independent Researcher Cracks 15-Bit ECC Key, Wins Bitcoin Reward from Project Eleven
Gate News message, April 25 — Independent researcher Giancarlo Lelli successfully cracked a 15-bit ECC encryption key protecting Bitcoin and received the Q-Day Award plus 1 BTC from quantum security startup Project Eleven.
Lelli used publicly available quantum hardware and a variant of Shor's
GateNews6h ago
22-Year-Old California Crypto Launderer Sentenced to 70 Months for $263M Fraud Scheme
Gate News message, April 25 — Evan Tangeman, 22, from Newport Beach, California, was sentenced to 70 months in prison on April 24 for his role in laundering $263 million obtained through a massive cryptocurrency fraud scheme. The U.S. District Court in Washington, D.C., imposed the sentence
GateNews7h ago
