After $50 Million Flash Loan Disaster: Aave Launches Protection Mechanism: Automatically Blocks Swaps Exceeding 25% Price Impact

After experiencing an extreme slippage loss of up to $50 million, Aave announced the launch of a new feature called Aave Shield, which will automatically block any swaps with a price impact exceeding 25% in the future.
(Background: Aave’s largest slippage event! Whale evaporates $50 million, a DeFi disaster that even three layers of protection couldn’t prevent)
(Additional context: Detailed explanation of DeFi lending “liquidation mechanisms”: Risks of Compound, Maker, AAVE)

Table of Contents

Toggle

• Background of Aave.com swap feature
• Technical analysis
  • On-chain execution process
• Root cause analysis
• Our response and next steps

Earlier this week, a whale used Aave to swap $50.43 million USDT for AAVE tokens. Due to extremely low market liquidity, they only received 324 AAVE (about $36,000), nearly losing everything.

Today, AAVE officially provided a full explanation of this incident and plans to launch a new feature called Aave Shield: by default, Aave Shield will automatically block any swaps with a price impact over 25%.

https://t.co/UmXulxU7NS

— Aave (@aave) March 14, 2026

Below is the full official report:

Incident Analysis Report: March 12, 2026 Aave Interface Swap Event

On March 12, 2026, a user executed a token swap via the CoW Swap routing component integrated with the Aave frontend. The user attempted to swap 50,432,688 aEthUSDT (worth $50,432,688) for aEthAAVE. Because the user placed an abnormally large order in a low-liquidity market, the CoW Swap solver provided a very poor price quote, which the user then accepted.

The Aave protocol itself was never at risk, as this swap was conducted through a third-party swap protocol outside of the core Aave smart contracts. Our immediate response was to investigate and prepare to deploy a new feature called Aave Shield to protect users performing swaps on aave.com. This document provides a detailed analysis of the incident.

As of now, the affected user has not contacted us.

Background of Aave.com Swap Feature

The swap feature on aave.com is a frontend component integrated with the decentralized exchange aggregator CoW Swap. It allows users to perform token swaps via the Aave interface using CoW Swap.

This swap function is an auxiliary feature separate from the core Aave protocol smart contracts, which only handle lending and other core activities. Notably, when users connect their wallets to aave.com for any reason, their wallets are first screened by blockchain intelligence firms TRM Labs and Chainalysis to detect suspicious activity and potential financial crimes, complying with industry AML/CFT standards.

Technical Analysis

Liquidity Shortage (Not Slippage)

It is crucial to distinguish between “price impact caused by low liquidity” and “price impact caused by slippage.”
Low liquidity markets are those where, at a given price, the available supply is insufficient to fill large orders without significantly worsening the price.

In such markets, large orders cause extremely high price impact. Slippage, on the other hand, is the deviation from the market price that a user accepts to ensure quick order execution, often involving (as defined by CoW Swap) unspent value “surplus.”

In this incident, the problem was due to market illiquidity, not slippage. Because the order size was huge relative to available liquidity, the quote received was already 99.9% below the expected market liquidation value of the underlying assets (aEthUSDT and aEthAAVE). This unfavorable outcome was an inevitable result after confirming the quote, not a price change during execution.

On-chain Execution Process

After the user requested a quote from the CoW Swap solver (which executes user-defined swap intents, such as algorithmic agents, market makers, or human participants), the solver displayed a quote in the Aave interface: “USDT worth $50.43 million for $36,230 AAVE.” The Aave swap component issued a strong warning to the user, indicating: “High price impact (99.9%).”

Due to low liquidity or small order size, this route might return fewer assets. The user had to check the box next to “I confirm this swap and accept potential 100% loss of value.” The user actively clicked this checkbox, acknowledging the warning and choosing to proceed with the best available quote. Each order included underlying quote info visible in the CoW Swap browser.

The user then placed the order to swap 50,432,688 aEthUSDT for 322 aEthAAVE. The CoW Swap solver contract at 0x699…d35c8 filled the order, sourcing aEthAAVE via two DEX pools.

1. The 50,432,688 aEthUSDT was sent to CoW Protocol’s GPv2Settlement contract.
2. The solver received these tokens and redeemed them on Aave V3 for the original USDT, burning aEthUSDT and withdrawing 50,432,688 original USDT.
3. To acquire AAVE tokens, the solver sent this USDT into UniswapV3’s USDT/WETH pool, obtaining 17,957.81 WETH (worth $37,316,623).
4. WETH was routed to SushiSwap’s AAVE/WETH pool to buy 331.3053 AAVE (worth $36,930).
5. The solver deposited these AAVE tokens into Aave V3, minting 331.3053 aEthAAVE (worth $36,877).
6. CoW Swap finally sent 327.2413 aEthAAVE (worth $36,425) to the user’s wallet to settle the order.
7. The remaining 4.064 aEthAAVE (worth $452) was kept as surplus, representing the difference between the route’s generated aEthAAVE and the minimum needed to complete the order.
8. The solver ultimately returned the original USDT amount to the CoW Protocol’s GPv2Settlement contract, offsetting the user’s initial deposit, closing the debt with no residual balance.

Root Cause Analysis

The main root cause was routing a huge transaction through a market with extremely poor liquidity, resulting in extreme price impact. CoW Swap has published its post-mortem, explaining the routing issues and the presented quotes in detail.

The above is a screenshot of the initial warning the user saw. Before confirming acceptance of terms including potential 100% value loss, the swap button was grayed out and disabled. Internal audit confirmed that the user was on a mobile device and had accepted cookies, manually confirming the warning by checking the box.

Our Response and Next Steps

Our core design philosophy is based on Permissionless Finance. Aave Labs’ products aim to balance “permissionless operation” with “user protection against errors.” During market stress, permissionless operation is critical; for example, users sometimes need to execute swaps regardless of slippage or impact, where user autonomy is key.

However, this does not mean user experience should lack protections or safeguards against such behaviors. Based on this incident, we are implementing a new feature called Aave Shield in the swap component:

• By default, Aave Shield will automatically block any swaps with a price impact exceeding 25%.
• This sets a high barrier of protection, requiring users to manually go into settings and deliberately disable Aave Shield to proceed with high-risk trades.
• Aave Shield provides an additional layer of protection to prevent accidental confirmation, while still allowing advanced users to operate permissionlessly.

Additionally, this particular swap incurred $110,368 in swap fees (based on a 25 basis point rate, verifiable in CoW Swap metadata), collected via the aave.com interface. This fee was much lower than the initial early estimate published on March 12. Regardless, if the user contacts us and passes verification, this fee will be retained and refunded to the user.

We will continue monitoring the situation and collaborating with internal teams and CoW Swap to improve the swap experience on aave.com, ensuring the best service for users.