A minor settings mismatch in Aave’s pricing system briefly made a popular token look cheaper than it actually was, and that was enough to wipe out $26 million in user positions.
The affected token was Wrapped stETH (wstETH), a yield-bearing asset commonly used as collateral on the Aave lending platform.
How a Pricing Glitch Triggered Millions in Forced Sells
Aave, like most lending protocols, relies on price feeds to determine whether a borrower’s collateral is sufficient to cover their loans.
When collateral’s value declines, the protocol automatically liquidates positions to protect lenders. In this case, the collateral didn’t actually drop. Aave’s system just thought it did.
The protocol uses a safety mechanism called CAPO, short for Capped Asset Price Oracle, to guard against sudden, artificial price spikes that could be exploited by bad actors.
CAPO essentially sets a ceiling on how fast an asset’s price can rise, using two internal settings that must stay in sync. Those two settings fell out of alignment.
- One was updated partially due to a built-in speed limit
- The other advanced as if the full update had gone through.
The gap between them caused Aave to calculate a wstETH price roughly 2.85% below its fair value.
For most users, a 2.85% gap would mean nothing. However, for those with highly leveraged positions, where borrowing is stretched close to the collateral limit, it was enough to push their accounts into liquidation territory.
What Happened to the Liquidated Users
Across 34 accounts, roughly 10,938 wstETH was automatically sold off to cover loans that, under normal pricing, would have been perfectly healthy.
Third-party bots that monitor Aave for liquidation opportunities captured around 499 ETH in profits from the episode, according to the post-mortem published by risk firm Chaos Labs.
Aave itself did not lose money. No loans went unrepaid, and the protocol’s reserves were not touched.
“There was no impact to the Aave Protocol,” assured Stani Kulechov, the founder and CEO of Aave.
However, the users who were liquidated did suffer real losses, and Aave is now working to make them whole.
The protocol managed to claw back 141.5 ETH of the extracted funds through a mechanism called BuilderNet refunds, plus another 13 ETH in fees.
Those recovered funds will go directly to affected users. Aave confirmed that any remaining gap, capped at 345 ETH, will be covered by the DAO treasury, which is funded by protocol revenue.
Community member Frida raised a sharper question in the public forum thread, asking whether Chaos Labs, the risk firm that manages Aave’s oracle configurations, should share financial responsibility:
“Does Chaos Labs carry any responsibility for what happened? Will there be a separate proposal on how to make borrowers whole that will show CL playing a role in funding it?” Frida posed.
Aave’s post-mortem stopped short of assigning blame to Chaos Labs, framing the incident as a configuration gap rather than a design flaw.
It remains unknown whether the risk firm will contribute to compensation, as Aave did not immediately respond to BeInCrypto’s request for comment.
However, Chaos Labs’ founder, Omer Goldberg, indicated that every affected user would be reimbursed.
“Every affected user will be fully reimbursed. The Aave DAO SPs are finalizing the reimbursement plan and will publish it shortly,” wrote Omer.
Borrow limits on wstETH, which were temporarily frozen during the incident, are set to be restored to previous levels on both affected Aave markets.
AAVE traded up 1.53% to $110.52 following the post-mortem’s release, suggesting the market viewed the response as adequate damage control.
