The $27M Oracle Misfire: How Aave's CAPO System Turned a Configuration Error Into Mass Liquidations

When Your Safety System Becomes the Weapon On March 10, 2026, Aave's Correlated Asset Price Oracle (CAPO) — a system specifically designed to prevent oracle manipulation — became the source of an oracle attack. Not from an external attacker, but from a misconfiguration in its own update pipeline. The result: 34 leveraged wstETH positions liquidated. $27 million wiped out. 499 ETH (~$1.2M) handed to liquidation bots. All because a timestamp and a ratio disagreed by a few percentage points. This is the anatomy of a security system eating its own users — and the lessons every DeFi protocol should learn from it. Understanding CAPO: The Guard That Went Rogue CAPO exists to solve a real problem. Yield-bearing tokens like wstETH naturally appreciate against their underlying asset (ETH) as staking rewards accrue. An attacker could theoretically manipulate this exchange rate — through donation attacks or flash-loan-driven inflation — to artificially boost their collateral value and drain lendin

The $27M Oracle Misfire: How Aave's CAPO System Turned a Configuration Error Into Mass Liquidations

Related Articles

How to Use Claude Code for Free — No Subscription, No Tricks

Nobody Warned Me About This Part of Being a Junior Developer

Talent gets the spotlight. Discipline builds the legacy.

Coding in the Age of Co-Pilots: Why Developers Who Think Will Win

Two more EVs for the trash heap: Volvo EX30 and Honda Prologue

Related Articles

How-To
How to Use Claude Code for Free — No Subscription, No Tricks
Medium Programming • 2h ago

How-To
Nobody Warned Me About This Part of Being a Junior Developer
Medium Programming • 4h ago

How-To
Talent gets the spotlight. Discipline builds the legacy.
Medium Programming • 4h ago

How-To
Coding in the Age of Co-Pilots: Why Developers Who Think Will Win
Medium Programming • 6h ago

How-To
Two more EVs for the trash heap: Volvo EX30 and Honda Prologue
The Verge • 7h ago