Trader Lost $50 Million in MEV Sandwich Attack on Aave Swap

One of the largest DeFi incidents occurred on March 12, 2026, on the Ethereum network. An unknown trader attempted to swap $50.4 million in USDT for AAVE tokens through the Aave protocol interface but received only 327 tokens worth approximately $36,000. The remaining funds were extracted by MEV bots through a sandwich attack.

How It Happened

The swap was executed through CoW Protocol — a decentralized trade-routing system integrated into the Aave interface. The transaction route was complex and passed through several protocols: first, interest-bearing aEthUSDT tokens were converted back to USDT via Aave V3, then funds were routed through a Uniswap liquidity pool to acquire wrapped Ether, and finally wETH was swapped for AAVE through a SushiSwap pool.

The critical issue was the catastrophically low liquidity in the final SushiSwap pool — just approximately $73,000. When a $50 million order hit this pool, the price impact reached 99%.

MEV Bots' Role

On-chain data analysis by Arkham Intelligence revealed that Titan Builder — a block construction entity — extracted approximately $34 million from the transaction through a sandwich attack. The mechanism is straightforward: the bot purchased AAVE before the large order, allowed the user's transaction to execute at the inflated price, and then sold at the higher price. A second MEV bot extracted an additional $10 million using a similar method.

Warning Was Ignored

Before executing the swap, the Aave interface displayed a warning that the order size was excessively large relative to available liquidity and flagged extraordinary slippage. The warning required manual confirmation via a checkbox. The trader confirmed the operation from a mobile device, and the transaction proceeded.

Aave's Response

Aave founder Stani Kulechov stated that the protocol would attempt to contact the trader and refund approximately $600,000 in fees collected from the transaction. At the same time, he emphasized that the protocol operated according to its design parameters — the warning was displayed, and the user consciously chose to ignore it.

Lessons for DeFi Users

This incident serves as a stark reminder of decentralized finance risks. Large swaps require thorough verification of target pool liquidity, proper maximum slippage settings, and splitting large amounts into smaller transactions. MEV attacks remain a systemic issue on Ethereum, and no interface can fully protect against them without active user participation.