Aave is moving to implement a new risk framework following an April exploit that exposed vulnerabilities in cross-chain bridge systems. Aave founder Stani Kulechov announced Tuesday that a proposal prepared by LlamaRisk has been submitted for governance review, covering asset risk, bridging risk, chain risk, and automated management tools across Aave's markets. The framework responds directly to the KelpDAO incident in April, when a LayerZero-powered bridge was exploited for 116,500 rsETH tokens valued at approximately $292 million—stolen assets that were subsequently deposited into Aave V3 as collateral to borrow large amounts of WETH. The proposal reflects a broader shift in DeFi lending, where collateral quality now requires full infrastructure assessment beyond traditional price volatility and liquidity metrics.
KelpDAO Exploit Exposes Cross-Chain Collateral Risk in Aave V3
The KelpDAO exploit in April demonstrated how lending protocols face exposure even when the original breach occurs elsewhere. A LayerZero-powered bridge used by KelpDAO was exploited for 116,500 rsETH tokens valued at about $292 million. The attacker then deposited a significant portion of the stolen rsETH into Aave V3 and used it as collateral to borrow large amounts of WETH. Aave was not the initial target, but the stolen asset entered its market as collateral, creating the risk that the protocol could be left with bad debt if the collateral became impaired or could not be liquidated cleanly.
Kulechov said the proposed framework would set a new standard for how Aave assesses, monitors, and manages risk across the protocol. "Over the past several weeks, Aave has been developing a new risk framework that includes asset risk, bridging risk, chain risk, and advanced automation capabilities for risk management," he said. The framework also gives Aave a clearer path to respond when an asset's risk profile changes after listing.
LlamaRisk Framework Introduces Continuous Asset Review Process
LlamaRisk said the framework would apply to every asset on Aave V3, V4, and Aave Horizon. It would be binding at onboarding, during quarterly due diligence reviews, after material changes, and during parameter or deprecation decisions. That structure would make risk review a continuous process rather than a one-time listing check. Assets would need to meet the new standard not only when they enter Aave, but also as their supporting infrastructure changes.
For bridge-dependent assets, that could mean closer review of bridge security, operating controls, liquidity paths, and failure scenarios. The proposal also points to stronger depositor protections through more demanding asset reviews, bridge requirements, and automated monitoring. It would also make it easier to offboard problematic assets before issues spread through the protocol. LlamaRisk said the framework is intended to become the standard against which every listing and parameter decision is measured once endorsed.
Aave Plans Asset Offboarding for Non-Compliant Tokens
Kulechov said that once the proposal passes, the framework will be applied across all markets and assets. "Assets that do not qualify for the new standard will be off-boarded from Aave over the coming weeks," he added. For depositors, tighter standards may reduce exposure to assets that can transmit losses from other protocols. For borrowers, the trade-off is that some collateral types may face lower loan-to-value ratios, stricter caps, or removal from Aave markets if they fail the new requirements.
For asset issuers, the framework raises the bar for gaining and keeping access to Aave liquidity. Listings on a major lending protocol can increase an asset's utility, but that access may now depend more heavily on bridge audits, chain security, issuer controls, and live monitoring. The result is a more defensive posture from one of DeFi's largest lending platforms, aiming to reduce the chance that the next cross-chain failure becomes a lending-market balance sheet problem.
FAQ
What did Aave announce on Tuesday regarding risk management?
Aave founder Stani Kulechov announced Tuesday that a new risk framework proposal prepared by LlamaRisk has been submitted for governance review. The framework covers asset risk, bridging risk, chain risk, and automated management tools across Aave's markets.
How did the KelpDAO exploit in April affect Aave?
In April, a LayerZero-powered bridge used by KelpDAO was exploited for 116,500 rsETH tokens valued at approximately $292 million. The exploiter deposited a significant portion of the stolen rsETH into Aave V3 and used it as collateral to borrow large amounts of WETH, creating potential bad debt risk for the protocol.
What will happen to assets that do not meet the new Aave risk standard?
Aave founder Stani Kulechov stated that assets not qualifying for the new standard will be offboarded from Aave over the coming weeks once the proposal passes and the framework is applied across all markets.
