A user submitted a $50.4 million fill-or-kill order swapping aEthUSDT for aEthAAVE. It returned 327 AAVE tokens — roughly $36,000. A 99.9% loss in a single transaction.
This wasn't one thing going wrong. It was at least four independent failures compounding in one trade.
What happened
The order went through Aave's interface via CoW Protocol, which runs a batch auction where solvers compete to find the best route. A hardcoded 12 million gas unit ceiling — legacy code — rejected every multi-hop route that could have returned $5-6 million. Only one simple route passed verification: ~329 AAVE through a SushiSwap pool holding $73,000 in total liquidity. That quote set the order's limit price.
It gets worse. The winning solver (Solver E) found better routes and won two consecutive auctions, but failed to submit either transaction on-chain. No reverts, no error logs — completely silent failures. After two missed attempts, it stopped bidding. An inferior solver executed the trade through that $73K SushiSwap pool.
Then the mempool leak. The transaction was submitted via private RPC, but Etherscan tagged it as confirmed within 30 seconds — a marker that only applies to publicly visible transactions. An MEV bot spotted it, took a $29 million flash loan on Morpho, bought AAVE on Bancor to inflate the price, let the victim's trade execute at the inflated rate, then sold for a $9.9 million sandwich profit.
Why each layer matters
The outdated gas ceiling forced the order into an illiquid pool. The silent solver failures eliminated better alternatives. The mempool leak enabled a $9.9 million MEV sandwich on top of an already catastrophic trade. And the Aave UI, despite showing a 99.9% price impact warning that the user confirmed on mobile, didn't block the swap.
If any single layer had worked correctly, the loss would have been dramatically smaller. That's what makes this case unusual — it's not one bug, it's a cascade.
The aftermath
Aave has announced "Aave Shield" to auto-block swaps above 25% price impact. CoW Protocol patched the gas ceiling. The user hasn't contacted either team to claim roughly $110,000 in held swap fees.
For anyone investigating DeFi execution failures: this case shows why you need to look at the full stack — UI behavior, off-chain auction mechanics, solver competition, mempool privacy, and on-chain execution — not just what the final transaction shows.