Aave Oracle Glitch Triggers $27 Million Liquidation Cascade - 10,938 wstETH Liquidated
A critical misconfiguration in Aave's Correlated Asset Price Oracle (CAPO) has triggered a massive $27 million liquidation cascade, forcing the emergency liquidation of 10,938 wstETH across 34 user accounts. The technical glitch caused the wstETH/stETH exchange rate cap to fall 2.85% below market rates, sparking rapid E-Mode liquidations resulting in 345 ETH of losses. Despite the severe user impact, Chaos Labs CEO Omer Goldberg confirms Aave itself avoided bad debt from the incident.
Affected users will be fully reimbursed, Chaos Labs founder Omer Goldberg says
Omer Goldberg, Founder of Chaos Labs, wrote on X that the incident had no impact on the Aave protocol and that all affected users will be fully compensated. He also added that the team was working on a permanent solution to prevent the incident from recurring.
1/ stETH CAPO Misconfiguration
Today, a misconfiguration on Aave's CAPO oracle caused wstETH E-Mode liquidations, resulting in a loss of 345 ETH.
No bad debt was incurred, and all affected users will be fully reimbursed.
More below.
— Omer Goldberg (@omeragoldberg) March 10, 2026
During the incident, liquidator bots tapped 499 ETH in liquidation bonuses and in value realized through the exchange rate mispricing event.
According to a publication from Chaos Labs (onchain security and risk management partner of Aave), the protocol recovered 141 ETH from liquidation bonus revenue on Buildernet refunds, as well as 13 ETH in liquidation fees.
The publication highlighted that the protocol will use the recovered funds, along with additional funds from the protocol’s DAO treasury, to reimburse affected users who were liquidated due to the error.
The security platform said the differing update constraints at the smart contract level were the probable cause of the mispricing event, which ultimately led to a misalignment between the onchain snapshot timestamp and snapshot ratio.
Chaos Labs said an off-chain mechanism tried to modify the snapshot ratio to about 1,2282. However, an onchain safety constraint prevented the snapshot ratio from exceeding the 3% threshold per 72-hour period.
The snapshot timestamp was not validated against that constrained update path, which still reflected a 7-day-old reference point. Since the adjustment could not occur automatically, the discrepancy created an inconsistent configuration, causing CAPO to compute a maximum allowed exchange rate approximately 1.1939 below the live rate of roughly 1.228.
Aave erroneously priced wstETH at about 2.85% below its market price, causing multiple borrowing positions to breach their minimum collateralization requirements. According to Chaos Labs, the Aave protocol itself did not accrue bad debt from the mispricing incident.
Following the incident, Chaos Labs temporarily reduced the wstETH borrow cap to 1 on Aave Core and Aave Prime to reduce additional exposure and prevent further liquidations. The security platform said it also aligned “the snapshot ratio parameter with the current snapshot timestamp reference window through manual Risk Steward intervention” to re-synchronize the configured onchain parameters back to normal.
Aave drops 1.6% over the past 24 hours
AAVE is down 1.6% in the last 24 hours, adding to its seven-day loss of 3.84% according to data from CoinMarketCap. The crypto asset is currently trading at $110.11 and has been trading between $130.67 and $95.11 since early February.
The occurrence has raised questions about whether a third party can force the system to relapse again, and whether the flaw was a design problem or a legitimate system issue.
Cryptopolitan recently reported that HypurrFi, a lending market on Hyperliquid’s HyperEVM, discovered a rounding bug in the Aave V3 core code before version 3.5.
The discovery prompted a temporary halt to deposits and borrowing requests across affected markets to prevent exploitation by malicious actors. The discovery surfaced shortly after the protocol announced the success of its V4 upgrade in a comprehensive security report detailing a year-long review process conducted from March 2025 to February 2026.
If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.
