Aave Suffers Rare $27M DeFi Liquidations After Price Glitch

Aave, the decentralized lending protocol, absorbed roughly $27 million in forced liquidations over a 24-hour stretch on March 10 — an unusually sharp event that risk managers and on-chain observers traced back not to a market crash but to a quiet configuration error buried inside the protocol's own price machinery.

What Caused Aave's $27 Million Liquidation Event?

A stale parameter mismatch, not a market collapse

The short answer: a misconfigured oracle told Aave that wstETH was worth less than it actually was — and the protocol did exactly what it was designed to do. It started liquidating.

The token at the center of all this is wstETH, Lido's wrapped staked ether. Because it accrues staking rewards continuously, one wstETH always trades slightly above one ETH. On March 10, the market had it pegged near 1.23 ETH. Aave's oracle, however, was reading it at around 1.19 ETH — a gap of roughly 2.85% that doesn't sound catastrophic until you realize how many positions sit right at the edge of their collateralization ratios.

That gap was enough. Borrowers who thought they had adequate cushion suddenly didn't, according to blockchain data flagged by risk-management firm Chaos Labs, which tracked the liquidation spike in real time.

The CAPO Oracle: What Broke and Why

Aave runs a specialized risk mechanism called the CAPO oracle — short for Capped Adaptive Price Oracle — designed specifically for yield-bearing tokens like wstETH. The idea is sensible: cap how fast a token's reported value can rise, preventing manipulated price spikes from letting borrowers extract more than they should.

The problem was timing. A reference exchange rate stored in the smart contract and its associated timestamp fell out of sync. When the CAPO system tried to calculate the maximum allowable exchange rate for wstETH, it worked off those stale parameters — and spat out a ceiling that sat below the actual market price. The protocol read that ceiling as the real value. Liquidations followed.

Chaos Labs, after an initial report from LlamaRisk (which was published then deleted from the Aave forum), confirmed the finding: the underlying oracle data was accurate, the configuration wrapping it was not. The protocol itself was functioning as coded — the code was just working with the wrong inputs.

We are aware of the liquidations due to an incorrect wstETH to USD price reported by this oracle mechanism. The cause has nothing to do with wstETH itself, how it works or the Lido protocol which continue to operate normally.

Did Aave Lose Money?

No bad debt. That's the headline Chaos Labs wanted out, and it's the one that actually matters for protocol health. Liquidators — the bots and traders that swoop in to repay underwater loans in exchange for discounted collateral — walked away with roughly 499 ETH in profits and bonuses from the temporary price gap. Borrowers on the wrong side of those positions weren't as lucky.

For context, this is a better outcome than what happened to Moonwell not long ago, where a misconfigured oracle briefly valued Coinbase Wrapped ETH (cbETH) at around $1 instead of approximately $2,200, leaving that protocol with nearly $1.8 million in bad debt it couldn't recover.

Trading volumes for wstETH remained thin throughout the incident — just $10 million across the past 24 hours — which meant the pricing window was too narrow for savvy arbitrageurs to exploit before the oracle corrected itself. Small mercies.

What This Means for DeFi Lending Risk

Here's the uncomfortable read on this: Aave is one of the most audited, most scrutinized lending protocols in DeFi, and it still took a parameter sync failure to trigger $27 million in liquidations. The oracle wasn't hacked. The market didn't crash. A timestamp went stale.

That's the kind of risk that doesn't show up on price charts or TVL dashboards. It lives in configuration files and smart contract storage slots — invisible until it isn't. If you're a DeFi borrower with positions near your liquidation threshold, this is a reminder that market movements aren't the only thing that can blow you out. The plumbing can too.

Aave's team did not respond to requests for comment. The Aave governance forum and Chaos Labs' post-mortem remain the primary sources of detail on the incident as of March 10.