Aave has proposed a sweeping new risk framework following a $292 million exploit tied to KelpDAO, as the decentralized lending protocol moves to tighten defenses against cross-chain vulnerabilities.
New framework targets systemic risks
Founder Stani Kulechov said the initiative is designed to reduce weaknesses across the platform after the April attack, which leveraged a LayerZero-powered bridge rather than flaws in Aave’s core contracts.
The framework, developed with risk firm LlamaRisk, expands how assets are evaluated by introducing multi-layered checks that go beyond smart contract code and liquidity. It incorporates assessments of bridge infrastructure, oracle reliability, and the operational controls of token issuers, alongside automated monitoring systems.
If approved by governance, the standards will apply across all current and future Aave markets.
Stricter oversight and asset removal rules
Under the proposal, listed assets will undergo quarterly reviews and immediate reassessment when significant changes occur. Tokens that fail to meet updated criteria will be systematically removed to limit contagion risk.
LlamaRisk said the framework also enables faster offboarding of risky assets and introduces stricter listing requirements. Automated safeguards are included, such as mechanisms that can cut an asset’s loan-to-value ratio to zero if predefined risk thresholds are breached, effectively neutralizing its borrowing power.
Details of the KelpDAO exploit
The changes come after an attack in April that resulted in the theft of 116,500 rsETH tokens, valued at about $292 million. The attacker deposited a significant portion of the stolen funds into Aave V3 and used them as collateral to borrow WETH, exposing the protocol to potential bad debt.
Initial estimates placed the bad debt risk between $177 million and $292 million. The incident triggered heavy withdrawals, with total value locked dropping by around $11.6 billion within 30 days of the breach.
Impact on platform activity and market sentiment
On-chain data shows Aave is still in a recovery phase. As of early June 2026, total value locked stands at დაახლოებით $12.33 billion, down from $26.4 billion before the exploit.
Despite the decline, the protocol continues to lead the decentralized lending sector, with roughly 10,900 daily active addresses.
The native token has reflected broader uncertainty, trading near $61 in early June, including a 12% decline over a 24-hour period.
Governance decision pending
The proposal is currently under review by the governance community. If approved, the framework will introduce a more conservative approach to collateral onboarding and risk management across the protocol.
The move signals a shift toward stricter controls as Aave responds to risks stemming from third-party infrastructure, particularly cross-chain bridges, which played a central role in the April incident.
Strengthen your DeFi security playbook—explore what to learn from crypto security breaches and hacking after Aave’s $292M exploit.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
