Aave: Oracle Bug Triggers $27 Million in Unjust Liquidations

By

📋 En bref (TL;DR)

  • $27 million in unjust liquidations on Aave on March 10, 2026 due to a bug in the CAPO price oracle
  • 34 users affected: their wstETH positions were liquidated even though they were perfectly healthy
  • The CAPO exchange rate displayed ~1.1939, which was 2.85% below the actual market rate (~1.228)
  • 499 ETH captured by liquidation bots (~$1.2 million) in bonuses on invalid positions
  • Chaos Labs recovered 141.5 ETH and the Aave DAO treasury will be tapped to compensate up to 345 ETH in losses
  • Stani Kulechov confirms: no bad debt was created, all affected users will be fully reimbursed

On March 10, 2026, the decentralized lending protocol Aave suffered one of the most significant technical incidents in its history. A configuration error in its price oracle caused the unjustified liquidation of $27 million worth of wstETH positions. Within hours, 34 users saw their positions forcibly closed, even though their collateral levels were perfectly adequate.

The incident highlights the structural risks of decentralized finance, even on the most established protocols. Aave, which manages over $20 billion in total value locked, is considered one of the pillars of DeFi. When a protocol of this stature experiences a technical failure, the entire ecosystem draws lessons from it.

What happened on Aave on March 10, 2026

The incident originated in a mechanism called CAPO (Capped Price Oracle). This system acts as a safeguard for price oracles on Aave. Its role: to prevent price manipulation by limiting exchange rate variations within a defined range. Under normal circumstances, this mechanism protects the protocol against oracle manipulation attacks.

The problem arose with wstETH (wrapped staked ETH), a token representing ETH staked through Lido. The exchange ratio between wstETH and ETH naturally trends upward over time, as staking rewards accumulate. This ratio had reached approximately 1.228 ETH per wstETH on the market.

However, the reference snapshot used by CAPO and its associated timestamp became desynchronized. Specifically, the reference ratio stored in the system no longer reflected market reality, and the timestamp associated with it no longer corresponded to when that measurement was taken. The capped rate calculated by the oracle displayed ~1.1939, which was 2.85% below the actual rate of ~1.228.

The direct consequence: the protocol considered that wstETH positions were undercollateralized, when they were not. For the affected users, it was as if their bank had suddenly undervalued their property by 3% and immediately seized it, without giving them time to react.

The CAPO mechanism and the 3% rule

To understand why the error could not be quickly corrected, we need to look at Aave’s on-chain governance. The protocol has an off-chain procedure that allows adjusting the snapshot ratio used by CAPO. This procedure did detect the discrepancy and attempted to correct the ratio to ~1.2282, a value close to the actual rate.

However, Aave’s on-chain governance enforces a strict rule: the ratio cannot vary by more than 3% within a three-day window. This restriction, designed to prevent malicious updates, backfired on the protocol. Since the necessary adjustment was too large to pass in a single update, the correction was blocked.

Meanwhile, liquidations continued. Aave’s automated system processed wstETH positions in E-Mode (efficiency mode, a mode allowing higher leverage on correlated assets) as if they were in danger. Liquidations cascaded without any possible human intervention.

E-Mode is particularly sensitive to this type of error. This mode allows users to borrow more when the collateral and borrowed asset are highly correlated (such as wstETH and ETH). In return, liquidation thresholds are tighter. A 2.85% discrepancy in the reference price is therefore enough to trigger cascading liquidations, whereas standard mode would have allowed more margin.

What is Liquidity Providing? Understanding the Fundamentals

Learn how liquidity providing works in DeFi: earn passive income by supplying funds to decentralized exchanges. Understand pools, risks, and how to…

Read more

34 users affected, $27 million liquidated

The impact was considerable. Within hours, 34 users saw their wstETH positions forcibly liquidated. The total amount of liquidations reached approximately $27 million. These users had done nothing wrong: their collateralization ratios complied with the protocol’s rules. It was the protocol itself that mispriced their assets.

Liquidation bots — automated programs that constantly monitor DeFi protocols to execute available liquidations — took advantage of the situation. They captured 499 ETH in liquidation bonuses, approximately $1.2 million. These bots act opportunistically: as soon as a position is flagged as liquidatable by the protocol, they execute it to pocket the associated premium. From the smart contract‘s perspective, these liquidations were perfectly valid. The bots simply did what they were programmed to do.

The net loss for affected users is estimated at 345 ETH. This figure represents the difference between the actual value of their positions and what they effectively recovered after liquidation. This is the amount that the Aave DAO has committed to reimbursing.

Aave’s response: full reimbursement

The Aave team’s response was swift. Stani Kulechov, CEO and founder of the protocol, publicly confirmed that no bad debt had been generated by the incident. The protocol itself suffered no losses: only the users whose positions were liquidated were harmed.

Chaos Labs, the risk management provider for Aave, immediately launched an investigation. The team managed to recover 141.5 ETH in the hours following the incident. To cover the full extent of losses (345 ETH), the Aave DAO will be called upon to mobilize additional funds from its treasury.

The distinction is important. Unlike incidents where a DeFi protocol suffers a loss of funds (exploit, liquidity drain), in this case the protocol remained solvent at all times. The funds did not disappear: they were erroneously redistributed from legitimate users to liquidation bots. Reimbursement is therefore financially feasible without endangering the protocol’s treasury.

This crisis management stands in contrast to other major DeFi incidents. During the Mango Markets exploit in 2022 ($114 million) or the Euler Finance hack in 2023 ($197 million), funds were directly stolen from the protocol. Here, Aave’s architecture held firm: the problem was a faulty price signal, not a security vulnerability exploited by an attacker.

A rare but revealing incident

Aave is the largest DeFi lending protocol in the world, with a TVL (Total Value Locked) exceeding $20 billion. An incident of this nature on a protocol of this scale is exceptionally rare. Since its launch in 2020, Aave had never experienced an oracle malfunction leading to unjustified liquidations at this scale.

The event raises fundamental questions about oracle design in DeFi. The CAPO mechanism, designed to protect the protocol against price manipulation, paradoxically became the vector of the incident. The 3% over three days rule, meant to prevent attacks, prevented the correction of a legitimate error.

This type of dilemma is inherent to decentralized protocols. Rigid security mechanisms protect against malicious attacks but reduce the ability to respond quickly in case of a technical issue. Finding the right balance between security and flexibility remains one of the major challenges of DeFi engineering. The Aave incident concretely illustrates this trade-off: a protocol that is too flexible would be vulnerable to manipulation, while a protocol that is too rigid cannot correct its own errors in time.

TVL in Crypto: Understanding Total Value Locked

TVL in Crypto: Understanding Total Value Locked

TVL (Total Value Locked) measures the total value of cryptocurrencies locked in DeFi protocols. Learn how it is calculated, why it matters…

Read more

Lessons for the DeFi ecosystem

Several takeaways emerge from this incident. First, price oracles remain a critical point of vulnerability for lending protocols. Even a system as battle-tested as Aave’s can produce errors when configuration parameters become outdated relative to the natural evolution of assets. wstETH, whose ratio continuously increases with staking rewards, requires regular reference snapshot updates. Even a minor discrepancy can have disproportionate consequences on leveraged positions.

Second, on-chain governance mechanisms, with their timelocks and variation limits, can create situations where an urgent correction is technically impossible. Protocols will need to rethink their emergency update systems to prevent safeguards from becoming risks themselves.

Third, the Aave team’s transparency and responsiveness deserve recognition. Swift communication, Chaos Labs’ immediate investigation, and the commitment to full reimbursement demonstrate that a mature DeFi protocol can handle a crisis professionally. User trust, though shaken, can be restored through concrete actions.

For DeFi protocol users, the incident serves as a reminder that even the safest positions on the most reliable protocols carry technical risks. Diversification across protocols, active monitoring of positions, and understanding the underlying mechanisms remain essential practices.

Finally, the Aave DAO‘s commitment to full reimbursement raises the question of liability in a decentralized system. Who pays when a protocol makes an error? Here, AAVE token holders, through the shared treasury, bear the cost. This risk mutualization model, while reassuring for users in the short term, will need to be formalized if DeFi is to achieve broader adoption. Each user should assess their risk tolerance before taking on leverage, even in E-Mode.

Glossary

  • Oracle: a service that transmits external data (prices, rates) to smart contracts on the blockchain. Oracles are essential for DeFi protocols because blockchains cannot directly access real-world data.
  • DeFi (Decentralized Finance): an ecosystem of financial services (lending, trading, savings) operating on public blockchains, without traditional intermediaries such as banks. Aave is one of the leading DeFi protocols.
  • Liquidation: an automated process by which a lending protocol forcibly closes a position whose collateral is deemed insufficient. Liquidation normally protects the protocol against defaults.
  • Liquid Staking / wstETH: a mechanism that allows staking ETH (to secure the Ethereum network) while receiving a representative token (stETH or wstETH) that can be used in other DeFi protocols. wstETH is the “wrapped” version whose price increases with staking rewards.
  • Smart contract: a self-executing computer program deployed on a blockchain that automatically executes when predefined conditions are met. DeFi protocols like Aave rely entirely on smart contracts.
  • DAO (Decentralized Autonomous Organization): a governance structure in which decisions are made collectively by governance token holders (in this case, the AAVE token), without a central authority.
  • Collateral: an asset deposited as a guarantee to obtain a loan on a DeFi protocol. If the collateral’s value falls below a threshold, the position is liquidated to protect lenders.

Frequently Asked Questions

What happened on Aave on March 10, 2026?

A configuration bug in Aave’s CAPO price oracle caused the unjustified liquidation of $27 million worth of wstETH positions. The exchange rate displayed by the oracle was 2.85% lower than the actual market rate, which triggered automatic liquidations on 34 users whose positions were perfectly healthy.

Will the affected users be reimbursed?

Yes. Stani Kulechov, CEO of Aave, confirmed that all affected users will be fully reimbursed. Chaos Labs has already recovered 141.5 ETH, and the Aave DAO will mobilize up to 345 ETH from its treasury to cover all losses.

What is the CAPO mechanism on Aave?

CAPO (Capped Price Oracle) is a security mechanism that caps exchange rate variations for assets on Aave. It prevents updates exceeding 3% within a three-day window to protect against price manipulation. In this incident, this safeguard prevented the rapid correction of a configuration error.

Did the Aave protocol lose any funds?

No. The protocol itself suffered no losses and no bad debt was generated. Funds were erroneously redistributed from legitimate users to liquidation bots. The Aave DAO treasury has the necessary resources to reimburse the victims.

What risks does this incident reveal for DeFi?

The incident shows that price oracles remain a critical vulnerability, even on the most mature protocols. Rigid security mechanisms (like CAPO’s 3% rule) can paradoxically prevent the rapid correction of legitimate errors. Users must understand that even low-risk positions on established protocols carry technical risks.

Sources

This article is based on the following sources:

  • CoinDesk – DeFi Lending Platform Aave Sees a Rare $27 Million Liquidations After a Price Glitch (March 10, 2026)
  • CryptoNews – Aave Oracle Glitch Triggers wstETH Liquidations via CAPO Misconfiguration (March 11, 2026)
  • The Block – Aave Oracle Glitch Causes $27M in wstETH Liquidations (March 10, 2026)
  • Invezz – Aave Price Outlook After Oracle Glitch Triggers $27M Liquidations (March 11, 2026)

How to cite this article: Fibo Crypto. (2026). Aave: Oracle Bug Triggers $27 Million in Unjust Liquidations. Retrieved March 12, 2026 from fibo-crypto.fr

Related Articles