Here is why AAVE will fall and we should abandon it. I will make sure of if

As I have reported in I am willing to donate half of the stolen 6.2k aave funds to the community. Or freeze them forever. Just to catch the hacker
Even with my four suggestions including one to donate all funds to UNISEF:
1)Donate half of the stolen tokens, which is about 220,000usd.
2)Freeze them.
3)I provide collateral about twice of the stolen tokens. If I have any wrong doings or cause any harm to AAVE, the collateral will be disposed by aave.
4)Donate part or all of the funds to any organization under AAVE’s discretion and public monitoring (to ensure the fund is actually be donated to the organization). I suggest to donote to UNICEF ( Please help me to fulfil this dream. It can be executed by AAVE so make sure the fund is going to UNICEF.
AAVE decided not to take action.
Here is the email I sent to AAVE:
Apart from all I have said, just check how many votings are there in the governance page (there are only 3 totally included existing ones and executed ones) and the voting system is actually not working and it is no available to creat a voting, I do not believe AAVE is not able to extend the cooldown. And I do not think extending cooldown allows a voting. It only strengthened my belief that this hacking has something to do with AAVE.

Even if it is because my keys are compromised, AAVE could stop this crime but refuses to take necessary action. AAVE’s inaction is the main cause of losing this fund.
Even if it is fact that AAVE is not able to extend the cooldown, then this business model should not be allowed.
my stolen AAVE was staked in, therefore AAVE is responsible for its safty.
Please would you send me AAVE’s legal business name and address as these will be needed to send you the court materials.
It is clear AAVE is at least an accomplice of this hacking, if is not hacker himself. I will use every resource of mine and my team to take down AAVE and let the world know the risk of doing business with AAVE. So please let’s all abandon it first. Anyone who would join me please send email to me: s_mao3 at with a title AAVE WILL FALL
or twitter @sanmao32
We will pay for your work as this is a serious work for the community and society.


I am sorry that your Aave was hacked. But if it is the case that your own personal keys were hacked then for me it is not Aaves responsibility but your own. You want to extend the cooldown period, this will affect all stakers and in my opinion would not pass if put to a community vote. The protocol is not decentralised so this is how the decision would have to be made.

Its a shitty situation for you but I think it would be in your interest to not waste your time blaming Aave. If your keys were hacked find out how and make sure it doesnt happen again, if you have another 7 million dollars there are much better ways you could spend your time.

Maybe I have misunderstood the situation but this is how it seems to me, I wish you luck finding the hacker and getting your tokens back but i do not think you are going about it in the best way.


I’m sorry to see you suffered a hack and i feel your pain and anger. With that said, i think it was clearly showed in other threads that your private keys were compromised, and at the very least there is no way to demonstrate that what happened with your wallet and your funds wasn’t the result of your own actions (not saying that it was; but what i believe really does not matter). With that said, it’s false to say that Aave has responsibility on the stake: the governance of the whole ecosystem is decentralized and Aave itself does not have any control. A proposal would have need to be discussed, which if passed would have greatly affected other users, and set a dangerous precedent for the future of the AAVE ecosystem and community. I would have personally voted against if that proposal would have been put to vote. I suggest you redirect your understandable anger to something more productive for your future, like improving your security practices and better understanding of how decentralized systems work.

1 Like

Thanks TheDoo.

My private keys are not compromised. Just before I visited, I had more than 500eths and not taken. After staking AAVE, I did not do any other transactions and no ways to be compromised. Because I move eth-lend from sushiswap and converted lend to aave and then staked. So the 470 ethers were sitting in the wallet and safe. Means even at that time no one can take my eth. But after staken aave and trying unstaking, eth and stkAAVE are taken and other 7m staked in other defi such as harvest eth etc were safe.
Now I have moved fund to a new cold wallet.

As my AAVE were staked at and I was not able to withdraw, it makes AAVE is responsible for the fund’s safty, especially when AAVE is able to secure it. As your term deposit in a bank, you lose your card and ask the bank to freeze the account.
Even with a decentralized system, there are different permission levels for different actions(functions), it is in the code. Further, in the governance page it says:“The cooldown period by default is 10 days, but this can be further extended by the governance.” Therefore extending cooldown is not against code and not a function that needs a vote. It is a security issue that needs immediate action. Not a issue of DAO.
Or, would you give any proof that extending cooldown need a DAO?

Even everything you said are right, then AAVE‘s system is not working. Pleasse understand I am not attacking decentralized sysytem. I am attacking AAVE. A good thing can be bad when it is used by bad person just as a gun can be used by murderers. AAVE facilitates crimes purposely against social common sense. When it has committed such crime, that must be destroyed. You can have your argument about this, but let it be decided by the jury.

Like recent Pickle attack, please learn more about it. There are many functions especially the functions regarding security, need to be executed immediately and they did, without any vote. And you look at AAVE’s voting page, so far there is only one executed vote. Does it really use the voting to do business? I am ok if we can have a vote on this. But when I tried to create a vote, it has error. I asked there develop team. They said it is a known issue. That is, even the voting system is not working or has been shutdown.
I think what I am doing is very productive and very needed by the society, to protect invester’s (including your) money. Can you ensure there will be no further hacking on AAVE? Perhaps your wallet is already under AAVE’s control and they are just waiting for the right target and right time to get it(when you try to withdraw and enter the cooldown period just as I did).

1 Like

Thank you PatrickB
My private keys are not compromised. Just before I visited, I had about 500eths and not taken. After staking AAVE, I did not do any other transactions and no ways to be compromised.
Now I have moved fund to a new cold wallet.

Here is how I will spend my 7m, now 8M (you can verify this from the hacked address). Only interest is more than 3k usd per day. And that is only one of my eth addresses. I will use every resource I have to destroy AAVE. Fortunately I am myself an experienced software engineer and have several teams in China, Japan and Canada. I know how to do it. Just spreading the experience of losing the money in AAVE in social platform will make investors in these three language community nervous. It also gives me a perfect reason and passion to dive into the defi world, to take defi from evil like AAVE’s hand. So please for your own sake, abandon AAVE. There are plentof defi tokens.

Hello @peter, i read multiple times the post by @MarcZeller and checked the individual transactions. There is undeniable onchain evidence that your private keys are compromised and that what happened with your funds did not happen through the aave protocol smart contracts or the aave frontend. Smart contracts or other entities that are NOT you cannot invoke the ERC20 transfer() function and move plain ETH out of your wallet. The sooner you acknowledge this, the sooner you will understand what went wrong and how to fix it. Your AAVE were not “staked” at, they were staked in a decentralized smart contract owned by the $AAVE community on which Aave itself has no control, and for which is just a mere gateway (you can use many different others to achieve the same goal) . If you would have created a poll or a signal of whatever kind here on the forum, i would have voted against your proposal of prolonging the cooldown period because to be honest, that was not only useless but also damaging for the $AAVE community.


hello @TheDoo ,I undestand your point. Mine are:
1)We need more time to hire an (all agreed) expert (company) to investigate why it happened. Is it an “undeniable” evidence my private keys are compromised? You are not expert, neither @MarcZeller. Before an formal investigation, attempt to closing this issue is unresponsible.
2)You can not seperate or confuse people with AAVE admin team and community. Decentralized community also need to abide the law. Smart contract is deployed by aave. Community is also organized by aave. Therefore aave is held responsible for everything generated from smart contract or community. Here is an on-going hacking. A crime facilitated by aave. If aave is not stopping it, surely aave is an accomplice. My stkAAVE is certainly a term deposit on aave. If aave not existed, no such things happen.
3) would you give any proof that extending cooldown need a DAO?
4)why their voting system is not working now? Why there is only one vote executed so far?
5)If something like Pickle attack happens, you still want to have a vote to decide what to do?
Please learn more and read more.

I might not be an expert, but i know how to read etherscan transactions. The transactions originated from your wallet. So it was either you, or someone that got access to your private keys. That’s not up to discussion, it is like that, and there is evidence. This fact alone makes it impossible to really know if it was a hack, or it was actually you. You can hire as many “experts” you want, but these facts are onchain and are undeniable. Anyone with a bit of experience on how Ethereum works can confirm. It’s not really rocket science.
The voting system is working, there are actually 3 proposals voted, two passed just yesterday. Proposals that followed proper procedure and got acknowledged by the community are implemented and voted. That’s how it works.
Again, i’m sorry you got hacked. But better face the truth, keep your ego aside and learn how to improve, rather than live in denial.

To my five points above you just answered 1, and 4. How about the others?
as to respond to you, 1), that is why we need to investigate to know how the hacker did this.
4)perhaps they shut me out the system, but I have screenshot that the team told I could not create vote.

As to other 2,3,5, I still want to have your opinions. Because 1) and 4) are actually not important. Even if I got hacked somehow, it does not remove aave from any responsibilities if either 2 or 3 or 4 is true.

To be honest i didnt answer point 2 because it doesnt even deserve an answer. You are claiming that there was an hack, and Aave is directly responsable for it (???) or that they didn’t take the necessary actions to stop the hacker. I have a question for you then, can you prove, unequivocally and without any shed of doubt, that you weren’t the one submitting the transactions?
This one for example

has been submitted by YOUR wallet (0x8135908bbcb583d65978accfe3da6ca927185eb1) to the “Attacker” address (0xD7C40C252cAEBfeA30A02cDC648Bf5CF8Cb690e1)

Can you prove, with absolute certainty, that you don’t have the keys of 0xD7C40C252cAEBfeA30A02cDC648Bf5CF8Cb690e1? Can you prove that this whole smearing campaign you started here is not a mere attempt to discredit Aave for your own profit?
So there isn’t even a way to really demonstrate that this was a hack. And you expect the community will mess up the whole Aave governance process and the ecosystem just because you are claiming you got hacked.
This alone should make you understand that there is no way a governance vote like the one you asked would pass. I don’t think even centralized exchanges would ever lock the funds you are claiming were stolen based on the data you provided.
To answer your point n 5, IF there is a hack like the one of pickle (don’t even compare the hack you suffered with that one - they are on a completely different level, technically speaking) then yes, the governance will need to decide how to move forward. The Aave ecosystem has a series of safety guards in place (like the safety module where you originally staked) to compensate the system for the loss. It requires a governance process to be activated.