Crypto enthusiasts have discovered an erroneous transaction of 28,050 tokens from decentralized finance (DeFi) project AAVE—worth roughly $1.1 million today—that resulted in their irreversible loss due to a wrong receiver’s address.
According to Etherscan, the transfer took place on October 3 but remained largely unnoticed until today. It was discovered by TokenOops, a service that tracks “ERC20 tokens sent to the ERC20 token address itself,” after which it’s impossible to extract them.
For some reason, the sender of 28,050 AAVE didn’t take into account that they were transferring tokens not to their own wallet, but to the address of the AAVE token smart contract. As a result, more than $1 million in digital assets got permanently locked on the blockchain.
“The key here being that the AAVE was transferred to the address of the contract itself, and not another account,” explained Chase Wright, enterprise architect at the Federal Reserve Bank of Chicago. “It would be like mailing a letter to the post office's address instead of the address you wanted to send it to. Only there is no ‘return to sender’ option.”
According to TokenOops, similar erroneous transactions frequently occur; however, they usually amount to no more than a few hundred dollars. Not all such transactions are made in error, though; some people deliberately send small amounts of tokens to inactive or inaccessible addresses (such as the Bitcoin genesis block address), “sacrificing” them as a tribute or statement.
While DeFi is on the rise lately, its potentially high yields are often fraught with even greater risks. For example, while launching its token swap service, Crypto.com has recently stressed the dangers of DeFi assets, naming “Partial or total loss of virtual assets” and “Collapse in liquidity with respect to virtual assets” among the many things that could go wrong.
It looks like user error should also be near the top of DeFi’s risks list.
All may not be lost for the luckless AAVE holder, however. A number of members of the AAVE community have contributed to a thread in the project's governance forum suggesting that a formal proposal be made to restore the funds to the user in question.
Get the best of Decrypt where you want it most.