User Loses $50 Million in Token Swap on Aave

An investor lost $50 million while attempting to swap USDT for AAVE on Aave, receiving only 327 tokens worth $36,000 due to a sandwich attack by a MEV bot.

An unidentified investor attempted to swap 50.43 million USDT for AAVE via the CoW Protocol aggregator and SushiSwap exchange. Ultimately, he received only 327 tokens worth about $36,000.

Source: Etherscan.

The effective purchase price was approximately $154,000 per coin, while the market rate at that time was around $114.

A MEV bot took advantage of the situation by monitoring pending transactions in the mempool. It executed a classic "sandwich attack":

borrowed $29 million in WETH through a flash loan on Morpho;
purchased a large amount of AAVE on Bancor, driving up the asset's price;
allowed the victim's transaction to go through, which bought tokens at the inflated price;
sold its coins on SushiSwap, netting a profit of $9.9 million.

User Responsibility

Aave founder Stani Kulechov stated that the protocol's interface warned the investor about "critical slippage" due to the unusually large order. Despite this, the investor confirmed the transaction on a mobile device and accepted the terms.

Earlier today, a user attempted to buy AAVE using $50M USDT through the Aave interface.

Given the unusually large size of the single order, the Aave interface, like most trading interfaces, warned the user about extraordinary slippage and required confirmation via a checkbox.…
— Stani.eth (@StaniKulechov) March 12, 2026

Kulechov emphasized that Aave will reach out to the user and reimburse him $600,000 in fees generated from the transaction.

CoW DAO also noted that the user saw warnings about nearly losing all funds but consciously approved the deal. According to the team, no DEX or aggregator could have executed such an order at a reasonable price.

Statement from CoW Protocol:

Earlier today, a trader attempted to swap 50M aEthUSDT for aEthAAVE through Aave's swap interface, which is powered by CoW Protocol. Despite clear warnings that showed the user they would lose nearly all of the value of their transaction, and despite… https://t.co/Pav4udXUkX
— CoW DAO (@CoWSwap) March 13, 2026

“Such transactions highlight that the user experience in DeFi is not yet at a level necessary for the safety of all users. We are analyzing how to balance reliable protection mechanisms while maintaining user autonomy. Naturally, we will also refund any fees from this transaction,” the developers added.

Recall that last April, an MEV bot "intercepted" $200,000 from participants in the PROMPT airdrop by Wayfinder.

Ethereum co-founder Vitalik Buterin considers MEV one of the main threats to the network's decentralization.