FinTech moves fast. News is everywhere, clarity isn’t.
FinTech Weekly delivers the key stories and events in one place.
Click Here to Subscribe to FinTech Weekly's Newsletter
Read by executives at JP Morgan, Coinbase, BlackRock, Klarna and more.
On March 12, a wallet on the Ethereum network attempted to swap 50,432,688 USDT for AAVE tokens through the Aave interface. The transaction succeeded. The wallet received 327 AAVE tokens worth approximately $36,000 at the time of execution, an effective purchase price of roughly $154,000 per token against a market rate of around $114. The loss was approximately $49.96 million.
No protocol was hacked. No exploit was used. The transaction executed exactly as signed.
Changpeng Zhao, founder of Binance, responded to the transaction on X with seven words: "Sad to see this. Liquidity is the best user protection." On-chain data cited by crypto analyst CryptoKaleo showed the wallet had received the $50.4 million in USDT from Binance approximately 20 days before the swap.
Zhao, who earlier this week also commented on the stalling of crypto's legislative future in Washington, cut to the core of what went wrong: the SushiSwap AAVE-USDT pool simply did not have enough depth to absorb an order of this size at any price close to market rate.
Before the swap was processed, the Aave interface displayed a warning that the order size was unusually large relative to available liquidity and flagged extraordinary slippage. The warning required the user to manually confirm via a checkbox. The user confirmed on a mobile device and the transaction proceeded.
The mechanics behind the AAVE swap
The mechanics of what happened next were as follows.
The swap was routed through CoW Protocol, a decentralised trade-routing system integrated into the Aave interface. CoW Protocol converted the user's aEthUSDT — an interest-bearing Aave deposit token — back into USDT through Aave V3, moved the funds through a Uniswap liquidity pool to acquire wrapped Ether, then routed that Ether into a SushiSwap pool for the AAVE pair. That SushiSwap pool held approximately $73,000 in total liquidity. A $50 million order hitting a $73,000 pool produced a 99% price impact.
Aave engineer Martin Grabina clarified that the problem was not slippage in the conventional sense. The trade quote, visible to the user before confirmation, already showed that $50 million in USDT would return fewer than 140 AAVE tokens before fees. The user confirmed that quote. The 1.21% slippage setting the interface applied was secondary to a price impact that had already rendered the trade economically catastrophic before execution began.
The funds did not disappear. They went to two places. Liquidity providers in the SushiSwap pool received a portion of the USDT as the order bought every available AAVE token at increasingly inflated prices. MEV bots captured the rest. On-chain data analysed by Arkham Intelligence showed that Titan Builder, a block construction entity, extracted approximately $34 million in Ethereum from the transaction using a sandwich attack — buying AAVE ahead of the large order, allowing the user's transaction to execute at the inflated price, then selling into the spike. A second MEV bot extracted close to $10 million in a similar operation.
Aave founder Stani Kulechov said the protocol will attempt to contact the trader and refund approximately $600,000 in fees collected from the transaction. He described the outcome as far from optimal but consistent with how a permissionless system operates: the infrastructure cannot reverse a transaction a user has explicitly confirmed. The protocol said it will investigate improvements to safeguards for orders of this magnitude while preserving permissionless access.
CoW DAO confirmed separately that its interface displayed clear price impact warnings and that the transaction executed according to the parameters of the signed order.
The incident is the largest apparent execution failure of its kind recorded in a DeFi collateral swap. It comes one day after Aave faced a separate issue in which an oracle pricing discrepancy caused approximately $27 million in wrongful liquidations across 34 accounts.
Editor's note: We are committed to accuracy. If you spot an error, a missing detail, or have additional information about the transaction or the protocols involved, please email us at [email protected]. We will review and update promptly.
