> TL;DR
> - A bug in Aave's risk oracle triggered automatic wstETH liquidations worth an estimated $26 million on March 10, 2026
> - The error was due to an inconsistency between the snapshot ratio and snapshot timestamp in the oracle system
> - The incident highlights the systemic risk of automated oracles in DeFi protocols
> - Aave has previously invested heavily in oracle security, but this is still not the first time such errors have occurred
Timing Error Led to Unjust Trigger Points
On Monday, March 10, 2026, users of the DeFi protocol Aave were affected by what appears to have been a technical error in the protocol's risk oracle. According to The Block, the error arose from an inconsistency between the snapshot ratio and snapshot timestamp in the oracle system – two values that should normally be synchronized to calculate correct liquidation thresholds.
As a result, the positions of numerous users with wstETH (wrapped staked ETH) as collateral were flagged as below the threshold and subsequently automatically liquidated. In total, the liquidations amounted to approximately $26 million, according to The Block.
What is wstETH and Why is it Sensitive?
wstETH is a variant of Lido's liquid staking token stETH, where rewards are “wrapped” into the token's value rather than being distributed continuously. The token is widely used as collateral on lending platforms like Aave, precisely because it combines the stability of staking with the flexibility of an ERC-20 token.
Because wstETH is priced against an internal “exchange rate” between stETH and ETH – and this rate is updated periodically – correct timestamping of snapshots is crucial. A shift here can lead the protocol to calculate an incorrect collateral value and trigger liquidations that would otherwise not have occurred.
Not the First Time Oracle Errors Hit Aave
The incident is not without precedent. In April 2022, a vulnerability was discovered in Aave V3's fallback oracle that could have allowed a malicious actor to manipulate prices and potentially drain the protocol of over $2.9 billion across Layer 2 deployments. The error was resolved at the time by deactivating the fallback oracle.
Aave has since invested in more robust solutions. In November 2024, the Aave DAO approved the integration of Chaos Labs' Edge Risk Oracles, which promise real-time updates of risk parameters within minutes rather than days. Emilio Frangella, VP of Engineering at Aave Labs, described the integration as “a significant technical advancement” when it was announced.
That an oracle-related error still occurs in March 2026 – despite these investments – underscores that automated risk frameworks are not infallible.
Risk-Off Market Leaves Little Room for Error
The incident occurred in a market characterized by risk aversion. The Fear & Greed Index stood at 15 out of 100 when the error occurred, and Bitcoin was trading around $69,700. In such a climate, users are already under pressure – unexpected liquidations could have further exacerbated the situation for those affected.
It has not yet been confirmed whether Aave will compensate affected users, but the matter will likely be discussed in the Aave DAO in the coming days. 24Krypto is following the case.
Structural Vulnerability in DeFi Infrastructure
The oracle issue is not unique to Aave. Liquid staking derivatives like wstETH have an inherent complexity related to price calculation – they are not directly priced against the spot market, but against an internal conversion rate that updates over time. This makes them more susceptible to timing errors in oracle implementations than ordinary ERC-20 tokens.
Lido Finance, which issues stETH and wstETH, dominates the liquid staking derivatives market with a historical market share of approximately 31–32 percent of total staked ETH. This concentration means that errors related to wstETH pricing could potentially have significant ripple effects throughout the entire DeFi ecosystem.
Source: The Block, Aave documentation, and other research.
