4 months ago 2 min read

Even After a Failed Attempt by Mango Hacker, Aave Still Feeling the Squeeze


The return of the "highly profitable trader" Avi Eisenberg was the most intriguing story in DeFi this week.

You may recall that Eisenberg raided Solana-based Mango Markets last month, stealing more than $100 million. He took on a much larger project this week: the $3.64 billion crypto lending platform Aave.

And, as with his Mango attack, Eisenberg simply worked within the project's code. There were no instances of fraud, hacking, backdoors, or tax loopholes.

Although he eventually failed, it provided another entertaining chapter for on-chain crypto sleuths. Here's how it played out.

Eisenberg amassed a loan on Aave for 92 million in CRV, Curve's governance token (roughly $39 million at the time), using $50 million in the stablecoin USDC as collateral over the course of ten days beginning on November 14.

He then began sending large amounts of CRV tokens to the centralized exchange OKEx, most likely to sell. He then used the new USDC he received in exchange for the CRV tokens to borrow more CRV and repeat the process.

He was essentially constructing a massive short position on the CRV token. But why is CRV so short? Two theses emerged from the midst of the chaos.

The first centered on Eisenberg's desire to liquidate Curve founder Michael Egorov's massive CRV loan. According to DeFi Llama data, Egorov had a massive $48 million loan on Aave that would have been liquidated if CRV fell below $0.29. He came dangerously close to being liquidated, but he then added another massive dose of collateral to avoid destruction.

The second hypothesis that emerged was that Eisenberg was pushing Aave to its limits. Even if Eisenberg was eventually liquidated, the lending platform was still left with approximately $1.6 million in bad debt.

Neither Egorov nor Aave have been liquidated. So does that indicate Eisenberg was unsuccessful? Perhaps, perhaps not.

Based just on what can be seen on chain through liquidations, he lost about $10 million. But because centralized exchanges are also seeing a lot of activity, it's impossible for us to fully understand the larger scheme he was trying to carry out.

Additionally, he was tweeting continuously throughout the entire process, which increased the commotion and mystique surrounding the incident.

How About Aave's Troubling Debt?

Aave's shortcomings have been taken into consideration in the past, and safeguards have been put in place to support the lending platform.

For instance, Aave's Safety Module would use a portion of staked CRV to close the gap (this possibility is why stakers are paid a premium to take the chance that their money would be used as a backstop). The protocol also has the option of using its DAO treasury to complete the platform.

The utilization of cash from the Aave treasury and Gauntlet, a company that specializes in risk management for DeFi, is another idea that is now being considered.

The Aave community has since submitted more suggestions to stop incidents like this week's.

Additional adds another six token freezes and changes the maximum amount users can borrow. One suggestion aims to "temporarily freeze" over a dozen tokens on Aave's V2 and "encourage eventual migration to V3."

The best way to restore the lending behemoth will be decided by the Aave community.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Coin Aquarium.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.