Aave‑Linked Capo Oracle Misconfiguration Triggers $27 Million in Liquidations
March 11 2026 – The DeFi protocol Aave experienced a technical fault in its risk‑oracle configuration that resulted in the liquidation of roughly $27 million worth of wrapped staked Ether (wstETH). The incident sparked a swift response from the platform, which is now using treasury funds to compensate affected borrowers.
What happened
Aave’s risk‑oracle system – a component supplied by the external service Chaos Risk Oracles (CAPO) – suffered a configuration error that distorted the exchange rate used to value wstETH against Ether. The oracle applied a rate that was 2.85 % lower than the market price at the time, causing the protocol to deem a large number of positions as under‑collateralised.
- Positions liquidated: 10,938 wstETH
- Value at risk: ≈ $27.1 million (≈ 499 ETH)
- Liquidator profit: About 345 ETH (~ $700 k) captured as excess liquidation bonuses
The misalignment stemmed from an inconsistency between a “snapshot ratio” and its associated “snapshot timestamp” in the CAPO configuration. The faulty data caused the system to compute a maximum permissible exchange rate that fell short of the actual on‑chain rate for both wstETH and Lido’s native stETH.
A post‑mortem report released by Aave’s governance forum details the root cause and confirms that no bad debt was incurred by the protocol.
Aave’s response
Aave’s founder and CEO, Stani Kulechov, addressed the issue on X, stating that the error was identified, remediated, and that the protocol’s liquidation engine had already acted on the incorrect pricing data. In the aftermath:
- Recovered funds: 141 ETH (~ $285 k) reclaimed from BuilderNet refunds and an additional 13 ETH from liquidation fees.
- Compensation plan: The recovered ETH will be redirected to users whose positions were liquidated, with any shortfall covered by the DAO treasury.
Kulechov emphasized that the incident did not jeopardize the protocol’s solvency and that the corrective measures have been fully deployed.
Wider context
The episode arrives amid heightened scrutiny of oracle reliability and collateral valuation across DeFi lending platforms. Earlier in February, a separate price‑manipulation attack on the Blend protocol drained roughly $10 million from a YieldBlox DAO‑managed pool, underscoring the systemic risk posed by inaccurate price feeds.
Moreover, the liquidation event coincides with internal governance tension within Aave. The Aave Chan Initiative (ACI) recently opted out of renewing its engagement with the DAO, citing concerns over voting dynamics and governance standards. Kulechov has called for a reassessment of the weight given to token‑holder votes versus decisions made by protocol leadership, arguing that overly decentralized voting can hinder efficient operation.
Analysis
- Oracle precision remains a critical security vector. Even a modest 2–3 % deviation can trigger cascading liquidations in high‑leverage environments, as demonstrated by the wstETH case.
- Rapid remediation limits systemic fallout. Aave’s ability to recapture a portion of the liquidation bonuses and allocate them for compensation shows that robust internal controls can mitigate user impact.
- Governance debates may influence risk management. The ongoing dispute over voting structures could shape future protocol upgrades, potentially introducing more centralized oversight of oracle configurations to prevent similar errors.
- Market confidence is tested but not shattered. The fact that no bad debt was generated and that compensation is forthcoming suggests resilience, yet repeated oracle incidents could erode user trust in DeFi lending platforms over time.
Key takeaways
- Technical glitch: A misconfigured CAPO risk‑oracle applied a 2.85 % undervalued exchange rate for wstETH, leading to $27 million in liquidations.
- No bad debt: Aave’s balance sheet remained intact; the protocol did not suffer a deficit.
- Compensation fund: Recovered ETH will be used to reimburse affected borrowers, with DAO treasury funds covering any remaining gaps.
- Governance friction: The incident adds pressure to an already strained governance environment within Aave, prompting calls for revised voting and oversight mechanisms.
- Industry lesson: Accurate, timely oracle data and rigorous configuration checks are essential to safeguard DeFi lending ecosystems from inadvertent liquidation cascades.
Aave’s swift corrective actions and transparent post‑mortem set a precedent for handling oracle‑related failures, but the episode reinforces the need for continuous vigilance in the rapidly evolving DeFi landscape.
Source: https://cointelegraph.com/news/aave-capo-oracle-glitch-27m-liquidations?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
