The Aave CAPO Oracle Incident: How a 2.85% Price Error Triggered $26M in Wrongful Liquidations

On March 10, 2026, 34 Aave users woke up to find their wstETH positions liquidated — not because the market crashed, not because they were overleveraged, but because Aave's own oracle underpriced their collateral by 2.85%. The total damage: ~$26 million in wrongful liquidations, 10,938 wstETH seized, and 499 ETH extracted by third-party liquidation bots. This wasn't an exploit. No attacker was involved. The protocol's oracle misconfigured itself — and that might be scarier than any hack. What Is CAPO and Why Does It Exist? Aave's Correlated Asset Price Oracle (CAPO) is a guardrail system for assets that should trade at a predictable ratio to each other. For wstETH (wrapped staked ETH), the exchange rate against ETH increases slowly and predictably as staking rewards accrue — roughly 3-4% per year. CAPO caps how fast this exchange rate can move, protecting against oracle manipulation attacks. The logic is simple: maxExchangeRate = snapshotRatio × (1 + maxYearlyGrowthPercent)^(timeSinceS