en flag
en flag

Aave and CoW Swap release report after $50.4 million swap incident where only $36,000 received

A massive $50.4 million transaction on Aave has shaken the DeFi community, as the resulting swap only yielded approximately $36,000 worth of Aave tokens, prompting CoW Swap and the Aave team to release a detailed investigative report.

3/16/20263 min read

The main cause, according to reports from Aave and CoW Protocol

This transaction was not a hack or a protocol error , but rather a result of a massive slippage and a MEV sandwich attack under low liquidity conditions. Specifically:

1 - Liquidity is too low in the target pool.


The user swapped aEthUSDT (interest-bearing USDT on Aave V3) for AAVE. This order was routed through CoW Swap (using batch auction to protect against MEV), but ultimately landed in the SushiSwap pool with a liquidity depth of only about $73,000 (only ~331 AAVE and ~17.65 WETH).
→ Swapping $50.4 million into such a small pool caused a price impact of nearly 99.9% (the price of AAVE was pushed up extremely high before the transaction was completed).

2 - MEV bot performs sandwich attack

A MEV bot detected a large order in the mempool → executed a sandwich attack using a flash-loan of approximately $29 million worth of ETH:

  • Buy AAVE before the victim's order → drive the price up.

  • The victim's order was executed at an extremely unfavorable price.

  • The bot sold AAVE immediately afterwards, making a profit of approximately $9.9–$10 million (mostly used to bribe the block builder, with MEV taking about $27.5 million of the transaction value, of which the bot kept a profit of approximately $10 million).

→ Total actual losses for users: approximately $49.96 million (only receiving $36,000 in AAVE).

3 - The user ignored the warning multiple times.

Aave founder Stani Kulechov confirmed:

  • The Aave interface displays numerous extremely large slippage warnings (extraordinary slippage).

  • Require a confirmation checkbox (especially on mobile).

  • The user still presses confirm → the command is executed according to the design of DeFi (on-chain, irreversible after signing).

Additionally, CoW Swap's algorithms often optimize trades through solver networks – bots that find the best route. In this case, the system may not find sufficient liquidity before the order is executed.

Not a hack or exploit

Both projects emphasize that this event was not an attack on smart contracts . The following elements have been confirmed:

  • Aave's smart contracts are not being exploited.

  • CoW Swap has no security flaws.

  • The transaction was executed correctly according to the system's logic.

In other words, the blockchain and its protocols worked as designed, but incorrect transaction parameters led to extremely unfavorable results .

Lessons learned

Huge lippages on low-liquidity pools can wipe out almost all the value when swapping large amounts (especially on mobile – warnings are easily overlooked). MEV sandwiches still exist even on CoW Swaps (although CoW significantly reduces MEV risk compared to regular swaps). Never ignore slippage warnings when swapping large amounts – especially on mobile interfaces.

Even with large protocols like Aave, if transactions go through small liquidity pools, a large swap order can cause:

  • huge price impact

  • loss of transaction value

  • MEV bots exploit arbitrage opportunities.

Our review

The $50.4 million swap incident, where only $36,000 AAVE was received, was not a hack but a consequence of a massive slippage and insufficient liquidity in the transaction route . This event highlights that in DeFi, even when smart contracts function correctly, incorrect order configurations can still cause huge losses. This was a user error (ignoring warnings + swapping into an excessively thin pool), combined with MEV bots exploiting the situation for profit, not a system error in Aave or CoW Swap. The transaction was executed correctly according to the on-chain design; the main amount ($50 million) cannot be refunded, only the fee ($600,000) can be refunded.

Disclaimer: The information presented in this article is the author's personal opinion in the field of cryptocurrency. This is not financial or investment advice. All investment decisions should be based on careful consideration of your personal portfolio and risk tolerance. The views expressed in this article do not represent the official stance of the platform. We recommend that readers conduct their own research and consult with experts before making any investment decisions.

Compiled and analyzed by HCCVenture

Follow HCCVenture here: https://link3.to/holdcoincventure

Explore HCCVenture group

HCCVenture © 2023. All rights reserved.

About us

Clause

Privacy Policy

Connect with us

Strategic partner

Media Relations

Investors

Popular content

News

Market Analysis

On-chain Data

→ Market Report

→ ETFs Cash Flow

Strategic Insights

→ Project perspective

→ Trading floor

Share knowledge

Contact to us

E-mail : sp_contact@hccventure.com

Register : https://linktr.ee/holdcoincventure

Disclaimer: The information on this website is for informational purposes only and should not be considered investment advice. We are not responsible for any risks or losses arising from investment decisions based on the content here.

TERMS AND CONDITIONS • CUSTOMER PROTECTION POLICY

ANALYTICAL AND NEWS CONTENT IS COMPILED AND PROVIDED BY EXPERTS IN THE FIELD OF DIGITAL FINANCE AND BLOCKCHAIN ​​BELONGING TO HCCVENTURE ORGANIZATION, INCLUDING OWNERSHIP OF THE CONTENT.

RESPONSIBLE FOR MANAGING ALL CONTENT AND ANALYSIS: HCCVENTURE FOUNDER - TRUONG MINH HUY

Read warnings about scams and phishing emails — REPORT A PROBLEM WITH OUR SITE.