Aave Labs will add cybersecurity and architecture reviews to its asset listing process following the April KelpDAO bridge exploit, with the goal of setting a new bar for DeFi risk management.
Posted May 8, 2026 at 5:26 am EST.
Aave Labs is set to fundamentally reshape how it assesses and lists collateral assets, following the largest DeFi exploit of 2026. The overhaul could set a new standard across the industry.
Speaking Thursday at Consensus Miami 2026, Aave Labs Chief Legal and Policy Officer Linda Jeng said the protocol’s existing risk framework had been too narrowly focused on financial risk and volatility. Going forward, every asset seeking to be listed will face a broader assessment covering cybersecurity, interoperability, and underlying technical architecture.
This story is an excerpt from the Unchained Daily newsletter.
Subscribe here to get these updates in your email for free
Jeng also announced that Aave will publish a minimum-standards playbook for issuers seeking to list on the protocol. The framework is intended to give other lending markets a template for evaluating risk beyond price action.
The catalyst was the April 18 KelpDAO bridge exploit, in which an attacker minted 116,500 unbacked rsETH worth roughly $293 million and used them as collateral on Aave to borrow real wrapped ether and wstETH. The maneuver left the protocol holding hundreds of millions in impaired debt and triggered a deposit run that pulled roughly $10 billion from Aave’s total value locked.
Jeng, who worked as a regulator during the 2008 financial crisis, said the episode triggered a strong sense of deja vu. But she argued the resolution was markedly different: rather than a government-led bailout, the industry mobilized through an industry coalition called “DeFi United” to plug the gap, drawing contributions from Mantle, Consensys, EtherFi, Ethena, LayerZero, Aave founder Stani Kulechov, and others.
Aave finished liquidating the attacker’s remaining rsETH-backed positions on Ethereum and Arbitrum on Wednesday, but the rsETH supply remains roughly 10% below the Ethereum backing needed for full recovery, according to Galaxy Digital research VP Thaddeus Pinakiewicz. A separate legal complication looms: a U.S. federal court has frozen approximately $71 million in ETH that Arbitrum’s Security Council had earmarked for the recovery fund, after families holding terrorism judgments against North Korea filed claims based on the exploit’s attribution to the Lazarus Group.
DeFi,Aave,KelpDAO,Linda Jeng,yahooAave,KelpDAO,Linda Jeng,yahoo#Aave #Overhaul #Collateral #Listing #Standards #Million #KelpDAO #Exploit1778235478
