In the crypto world, losses of tens of millions of dollars typically indicate a hacked contract, manipulated oracle, or compromised protocol, but this amount is rarely seen in individual and ordinary DEX trading. On March 13, a user lost $50.43 million in just 12 seconds with a single on-chain transaction without suffering any attack.
The sequence of events is straightforward. The user attempted to exchange $50.43 million worth of USDT for AAVE tokens through the Aave front-end interface. The Aave interface displayed a warning of a 99% price shock and required the user to check a confirmation box to continue. The user checked the confirmation box on their phone, and the transaction was executed. Ultimately, they received only 324 AAVE tokens, worth approximately $36,100.
Each AAVE cost the equivalent of $154,000. Its market value is only $111.
Aave founder Stani Kulechov subsequently tweeted his sympathy, promising to refund the approximately $600,000 in upfront fees collected in the transaction and stating that he would "look into how to improve these safeguards." However, the $50 million loss is already a done deal and irreversible on the blockchain.
This article won't repeat the title you've already seen. We'll be tracking where the $50 million went, who ate it in 12 seconds, and why anyone would use $50 million for something like this.
Three routes, evaporation at each level
This transaction was initiated through the "collateral swap" feature on the Aave frontend and routed and executed by the CoW Protocol's solver. On-chain data shows that the entire transaction was broken down into three steps.
In the first step, the user's aEthUSDT (interest-bearing USDT certificates) held on Aave V3 were redeemed for 50.43 million USDT. This step was an internal redemption operation within the protocol, and the funds were fully credited to the user's account without any loss.
The second step involved 50.43 million USDT being pushed into the Uniswap V3 USDT/WETH trading pool. Based on the market price at the time, this amount should have been exchanged for approximately 24,600 WETH. However, because the single order size far exceeded the pool's liquidity depth, only 17,958 WETH, worth approximately $37.07 million, were actually exchanged. This single step alone resulted in a loss of approximately $13.36 million. These losses were not due to "deducted" transaction fees, but rather a direct result of price impact. By dumping too much USDT into the pool, the WETH in the pool became increasingly "expensive," leading to losses as you bought more during the price decline. This price difference was passively absorbed by the liquidity providers (LPs) in the pool.
The third step, and the heart of the disaster, involved CoW Protocol's solver pushing all 17,958 WETH (worth $37.07 million) into an AAVE/WETH trading pool on SushiSwap. How shallow was this pool? Total liquidity was only about $73,000.
Throwing $37 million into a pool of $73,000 is like trying to pour the entire Pacific Ocean into a swimming pool. The pricing curve of AMMs (Automated Market Makers) rises almost vertically under such extreme proportions, with AAVE tokens in the pool being "bought" at a sky-high price of $154,000 each, while the market price is only $111.
Ultimately, 17,958 WETH were exchanged for 331 AAVE, worth approximately $36,700. This step resulted in a loss of approximately $37.03 million, representing a 99.9% price shock. These 331 AAVE were deposited back into Aave V3 and minted as aEthAAVE, which was then delivered to users.
The entire transaction can be summarized as a three-stage evaporation. The first hop involved redemption through Aave V3, where 50.43 million aEthUSDT became 50.43 million USDT, resulting in no loss. The second hop involved Uniswap V3, where the 50.43 million USDT became 17,958 WETH (worth approximately $37.07 million), a loss of approximately $13.36 million. The third hop involved SushiSwap, where the 17,958 WETH became 331 AAVE (worth approximately $36,700), a loss of approximately $37.03 million. The total loss was $50.39 million. The user ultimately retained $36,100, representing 0.07% of the initial capital.
Aave engineer Martin Grabina later clarified a widely misunderstood concept on Twitter. He stated that the core issue wasn't "slippage," but rather "price impact." The quote field on CoW Explorer showed that, even before deducting fees and slippage, the original quote for this transaction was "50 million USDT for less than 140 AAVE." This was an extremely poor trade from the start. The user-set 1.21% slippage tolerance was completely meaningless in the face of such a price impact.
Who split 50 million in 12 seconds?
In the dark forest of the DeFi world, every transaction on the chain is exposed to everyone, and well-equipped "hunters" are always ready to extract value from any exploitable price imbalances. This transaction perfectly demonstrates the complete food chain of the Ethereum MEV (Maximum Extractable Value) ecosystem.
The biggest beneficiary was Ethereum block builder Titan Builder, who received approximately $34 million. On-chain analyst @emmettgallic discovered that Titan extracted this massive amount of ETH from the block containing the transaction and immediately transferred all proceeds to Coinbase after the block was confirmed.
To understand the source of this money, it's necessary to first understand Ethereum's current block building mechanism. Since Ethereum switched to Proof-of-Stake (PoS) and introduced the MEV-Boost system, block production has been divided into two roles. Block builders are responsible for assembling the transactions within a block and determining their order, while block proposers (i.e., validators) are responsible for signing the block and adding it to the chain. Builders compete through bidding, and the block that generates the highest profit is more likely to be selected by validators.
Titan Builder is one of the largest block builders on Ethereum, having together with Beaverbuild built approximately 90% of Ethereum blocks. In this transaction, Titan's "God's-eye view" allowed it to perfectly arrange the order of all transactions within the block, maximizing the value extracted from price distortions. To obtain the optimal transaction position, the MEV bot was forced to offer the vast majority of its arbitrage profits as a "bribe" to Titan.
The second biggest winners were MEV Searchers, or arbitrage bots, totaling approximately $12 million to $12.5 million. These are automated arbitrage programs that lurk 24/7 on the Ethereum blockchain, monitoring every pending transaction and striking instantly when they spot exploitable price distortions.
On-chain analyst @CryptoKaleo tracked down the most classic MEV arbitrage operation in this event. A single MEV bot completed a risk-free arbitrage of $9.9 million within the same block (12 seconds), with zero capital.
The logic behind this operation is as follows: The bot first initiates a flash loan from the lending protocol Morpho, instantly borrowing approximately $29 million worth of WETH without any collateral, as long as it's repaid within the same transaction. Then, it uses the borrowed WETH to buy AAVE tokens on the Bancor exchange at the normal market price (approximately $111 per token). Next, because the user's massive transactions have already pushed the price of AAVE in the SushiSwap pool to approximately $154,000 per token, the bot sells the AAVE it bought at the market price back into this distorted pool at an extremely high price, obtaining WETH far exceeding its cost. Finally, it repays the flash loan principal to Morpho, netting a profit of $9.9 million. The entire operation is completed within a single transaction, with zero capital investment and zero risk.
This is the most brutal aspect of the DeFi "dark forest." A user's disastrous trade creates a massive price distortion, and bots complete a full arbitrage cycle of buying low and selling high within the same 12-second block. Besides this largest arbitrage instance, other MEV Searchers also performed similar arbitrage operations during the Uniswap V3 hop.
The third layer of beneficiaries were DEX liquidity providers, amounting to approximately $2 million to $3.5 million. Limited partners (LPs) in Uniswap V3 and SushiSwap pools, acting as passive participants, sold tokens to users at extreme prices through the AMM mechanism. They didn't need to perform any active operations; the algorithm automatically priced according to a curve where "the more you buy, the higher the price." The massive orders from users allowed LPs to sell their WETH and AAVE at prices far exceeding market value.
The fourth layer consists of Ethereum validators, costing approximately $1.2 million (about 568 ETH). This amount is a fixed bid paid by Titan Builder to ensure that its carefully crafted "high-profit block" is selected by the validators in the current round. For validators, this is just normal block proposal revenue, but much more lucrative than that of a regular block.
The final layer is the Aave frontend itself, costing approximately $600,000. Regardless of how disastrous the deal, Aave frontend routing integrations will automatically incur a pro rata fee for the frontend. Stani Kulechov has publicly pledged to attempt to refund this amount.
Adding these figures together, the approximately $50.39 million lost by users was systematically divided among the five tiers of the MEV ecosystem within a single Ethereum block (12 seconds). The biggest winner was not the bots that discovered arbitrage opportunities, but the block builder Titan Builder, which controlled the transaction ordering. By accepting "bribes" from the bots and directly extracting value from the transaction ordering, Titan Builder monopolized approximately $34 million, accounting for 67% of the total user losses.
This is Ethereum's "dark forest food chain." Users create price distortions, MEV bots discover and exploit these distortions, and the bots contribute most of the profits to the block builders, who then pay block fees to the validators. Layer upon layer of exploitation, with a clear division of labor, completes the entire transaction within 12 seconds.
The mystery of motives
As of press time, the identity of the owner of this wallet (0x98B9D979...1FBF97Ac8) remains unknown. However, on-chain traces and community analysis have left several clues.
@CryptoKaleo pointed out that this was a brand new wallet address that received the entire $50.43 million USDT from Binance 20 days before the transaction occurred. No further deposits were made after that until this disastrous transaction was executed.
Moreover, this wasn't a typical "buy" transaction. DeFi analyst YAM pointed out on Twitter that the transaction used Aave's Collateral Swap feature. The input and output were aEthUSDT and aEthAAVE, which are deposit certificates on Aave, not ordinary USDT and AAVE. This means the user likely wanted to directly convert their USDT deposit position into an AAVE deposit position within the Aave protocol, rather than simply buying AAVE tokens on the market.
This raises the biggest question in the whole affair. The funds came from Binance, and the trading depth of AAVE on Binance far exceeds that of any on-chain DEX. Buying AAVE in batches on Binance with a scale of $50 million would likely result in slippage of no more than 1% to 2%. Choosing to withdraw funds from Binance and then operate on-chain through the AAVE frontend is almost certainly the least efficient and most costly approach.
The community has offered several speculations. Some believe it could be tax planning. The user might be located in a jurisdiction that taxes centralized exchange transactions but exempts on-chain DeFi operations from taxes or has weaker tax tracking. By withdrawing funds from Binance and then performing on-chain operations, the user might be attempting to avoid generating taxable transaction records on centralized exchanges.
Some community members speculated that this might be due to an error in some automated trading script or bot, automatically confirming abnormal transactions without human review. However, this doesn't explain why the script would check the risk confirmation box. Therefore, it's more likely a "fat finger" incident. Aave did display a 99% price shock warning, but the user confirmed it on their phone. The small screen size on mobile devices, the habitual disregard for pop-up warnings, and a lack of understanding of DeFi mechanisms could all contribute to this disaster.
Looking back, there were ways to avoid disaster at every stage of this deal.
The most fundamental rule is to split orders. $50 million should not be placed as a single trade. Professional traders use a TWAP (Time-Weighted Average Price) strategy to break large orders into dozens or even hundreds of smaller trades, executing them across different times and liquidity sources. Even without TWAP, simply splitting it into 50 trades of $1 million each would reduce losses by an order of magnitude.
Secondly, use limit orders. Aave's integrated CoW Swap supports limit orders. If a user sets a reasonable limit order instead of a market order, the trade will be automatically canceled if the desired price isn't reached, rather than being executed at a disastrous price. Martin Grabina specifically mentioned this point afterward.
Then, carefully read the warning. The interface displayed a 99% price shock warning. This wasn't a typical "Are you sure you want to continue?" pop-up. 99% meant you would lose 99% of your capital. Ignoring this number is fatal in any transaction, regardless of the amount.
Another often overlooked point is understanding the magnitude of on-chain liquidity. AAVE/WETH has only $73,000 in liquidity on SushiSwap, meaning even a transaction of a few thousand dollars can have a significant price impact, let alone $37 million. Checking the liquidity depth of the target pool is a fundamental operation before executing any large DEX transaction.
Finally, if you must execute large transactions on-chain, you should use the smart routing capabilities of aggregators such as 1inch and Paraswap. These aggregators can split orders across multiple liquidity sources, significantly reducing price shocks, rather than relying on a single route to push all funds into a shallow pool.
Decentralization gives everyone complete freedom, including the freedom to make irreversible mistakes. In this world without customer service hotlines or transaction cancellation buttons, every click on the blockchain is a final decision.
The moment you click "Confirm," the hunters in the Dark Forest have already prepared their flash loan in the same block.
