The most interesting story in DeFi this week was the return of the “highly profitable trader” Avi Eisenberg. You might remember that Eisenberg attacked Solana-based Mango Markets last month, making off with more than $100 million. This week, he took on a much bigger project: The $3.64 billion crypto lending platform Aave. And like with his Mango attack, Eisenberg simply worked within the parameters of the project’s code. There was no fraud, hacks, backdoors, or tax loopholes. Although he ultimately failed Over the course of ten days beginning on November 14, Eisenberg amassed a loan on Aave for 92 million in CRV, Curve’s governance token (roughly $39 million at the time), using $50 million in the stablecoin USDC as collateral. He then began sending those CRV tokens in hefty chunks over to the centralized exchange OKEx, likely to sell. After that, he took the new USDC he swapped for those CRV tokens to borrow more CRV and repeat the cycle. He was basically building a giant short position on the CRV token. But why short CRV? Amid the chaos, two theses emerged. The first revolved around Eisenberg’s ambitions to liquidate Curve founder Michael Egorov’s massive CRV loan. According to data from DeFi Llama, Egorov had a massive $48 million loan on Aave that would have been liquidated if the price of CRV dropped below $0.29. He did ultimately come close to being liquidated, but he then added another hefty dose of collateral to evade destruction. The second thesis that emerged was that Eisenberg was testing the limits of Aave. With such a large position taken out, even if Eisenberg was eventually liquidated, the lending platform was still left with roughly $1.6 million in bad debt (or debt that the system cannot pay off). Egorov didn’t get liquidated, and Aave hasn’t collapsed. But does that mean Eisenberg lost? Maybe, maybe not. He lost roughly $10 million based purely on what can be seen on chain via liquidations. But with so much activity also occurring on centralized exchanges, we’ll never really gather a full picture of the larger scheme he was attempting to execute. What’s more, he was actively tweeting throughout the entire process, adding to the noise and mystery surrounding the event. What about Aave's bad debt? Shortfalls like Aave’s have been considered before, and mechanisms are in place to shore up the lending platform. Aave's Safety Module, for example, would use a portion of staked CRV to fill the gap (this possibility is why stakers earn money in the first place—they’re being paid a premium to risk their funds getting used as a backstop). The protocol could also turn to its DAO treasury to make the platform whole. Another proposal in the works right now is to use funds from Gauntlet, a DeFi-centric risk management provider, and the Aave treasury. After that, additional proposals have been introduced by the Aave community to prevent events like this week. One proposal seeks to “temporarily freeze” over a dozen tokens on Aave’s V2 and “promote eventual migration to V3.” Another proposal adds another six token freezes and adjusts the cap on how much users can borrow. It’ll be up to the Aave community to determine how best to make the lending giant whole again. By Liam J. Kelly, Nov 26, 2022, https://decrypt.co/115596/aave-feeling-the-squeeze-even-after-failed-attempt-by-mango-hacker