Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
Over the past several days, almost $27 million worth of wrapped staked Ether (wstETH) holdings have been sold off because one of Aave’s external risk oracles was set up wrong.
The incident, which was described in a post-mortem published on March 11, 2026, has once again brought attention to how fragile oracle dependencies may be in decentralised loan markets, even when everything seems to be going well.
The main reason was surprisingly simple: the Chaos Risk Oracles (Capo) system that Aave employs for certain forms of collateral had pricing parameters and timestamp data that didn’t match up.
The oracle didn’t give the right live exchange rate between wstETH and Lido’s staked Ether (stETH). Instead, it gave a value that was 2.85% lower than the true one. That slight difference was enough to put thousands of already leveraged positions over the liquidation limit.
There were about 10,938 wstETH, which were worth about $27.1 million at the time, that were sold. Liquidators got almost 499 ETH in bonuses and value because of the price mistake. Aave itself didn’t have any bad debt; the protocol stayed in good shape the whole time. Still, the optics were bad: borrowers who were perfectly healthy suddenly had their collateral sold off because of a fault in the oracle.
Quick Fix, Partial Recapture, and Full Compensation Promised
Aave acted quickly once they knew what the situation was. The wrong configuration was fixed in a matter of hours, and the crew quickly started figuring out how much extra money liquidators had made. Aave got back 141 ETH (about $285,000) plus another 13 ETH in fees through BuilderNet reimbursements and liquidation fee recovery. DAO treasury funds will make up the difference so that users who were affected can get their money back.
The day after the event, Aave founder Stani Kulechov talked about it directly on X:
“A technical error caused positions that were already close to their liquidation levels to be liquidated. The problem with the configuration has already been fixed. There was no bad debt in the Aave protocol.
He further stressed that Capo had successfully processed over 1,200 payloads and 3,000 parameters before the malfunction, which showed that the problem was not widespread but rather a one-time event.
The reimbursement scheme has been warmly accepted so far, especially as Aave has a history of stepping in during oracle-related problems instead of letting users take the hit. Still, the event shows that even well-audited methods can be affected by things outside of their control.
Oracle risk is still a big problem for DeFi
This isn’t the first time that oracle mispricing has hurt loan markets in DeFi. In late February 2026, attackers stole almost $10 million from a YieldBlox DAO-managed pool on the Blend protocol by using a price manipulation attack. Earlier problems with Chainlink, Pyth, and other big oracle networks have also shown how much lending systems depend on precise, up-to-date price feeds from outside sources.
Aave has used numerous oracle sources and backup systems for a long time to avoid single-point failures. Capo, an external oracle solution that was designed for particular risk criteria, was supposed to add an extra layer of safety. It was ironic that the avalanche started because of a mistake in Capo’s own settings.
The bigger lesson is scary: decentralisation doesn’t get rid of all points of failure; it only moves them around. When protocols rely on external data suppliers, third-party oracles, or centralised keepers, there is still a lot of room for mistakes or manipulation.
Tensions in governance add to the noise in the background
The oracle malfunction happens at a time when Aave’s governance community is already on edge. The Aave Chan Initiative (ACI), which was one of the most active delegates and proposal sponsors, said earlier in March 2026 that it would not continue working with the DAO. ACI said that the standards for governance were getting worse, that votes were becoming too political, and that there was a lack of attention on the long-term health of the protocol.
Stani Kulechov spoke out in public, saying that DAOs need to reassess how much authority token holders should have over daily choices. He added, “Running blockchain protocols needs a team and leaders, not thousands of votes that could lead to politicised or ineffective governance efforts.”
The governance split hasn’t directly affected the protocol’s technical operations, but it has made it hard to know what will happen with future changes to risk parameters, incentive programs, and major upgrades. Along with the oracle issue, it makes people feel like Aave, which is still one of DeFi’s biggest lending platforms, is going through a very tough time.
How the market reacted and how it affected users
As of this writing, wstETH positions have mostly settled down, and Aave’s total value locked is still well over $10 billion. The protocol’s promise of compensation has kept most people from getting too angry, but the event has brought up old discussions about oracle diversification, circuit breakers for extreme price changes, and whether lending platforms should have automatic pause buttons when external feeds show strange behaviour.
The experience was painful but not too bad for the borrowers who were affected. Their collateral was sold for somewhat less than it should have been, but Aave’s intervention means that most customers will get their money back. Meanwhile, liquidators made a lot of money, which the protocol has been able to get back some of.
Can DeFi Lending Ever Be Completely Strong?
The wstETH bug is a good reminder that even well-established protocols like Aave can still have operational problems. Smart contract problems are less common now that audits and formal verification are improved, but oracles, keepers, and governance processes are still weak links.
Aave has already said that it will look over Capo’s integration and think about adding more security measures. In the future, there will probably be discussions about whether the community wants more aggressive circuit breakers, multi-oracle redundancy, or automated pause functionality.
For users, the essential point is clear: using leverage in DeFi is always perilous, even on platforms that have been tested in battle. Unexpected liquidations can happen because of Oracle misconfigurations, flash crashes, or disagreements about how to run the company. Risk management still requires diversification among processes, low loan-to-value ratios, and keeping an eye on oracle health.
If the catastrophe makes oracle more resilient and DeFi lending better at planning for the unexpected, it could wind up being a good thing. For now, Aave has limited the harm and made it clear that it will always support people when something goes wrong outside of its control. As institutional capital keeps coming into regulated and semi-regulated DeFi products, that reputation for being responsible will be more important than ever.
Read also: Binance had HALF of CEX stablecoin liquidity as outflows slow to $2 billion
