Aave, one of the longest-standing protocols in decentralized finance lending, is set to significantly raise its risk standards by introducing a comprehensive new framework. This could result in the removal of several assets that fail to meet the upgraded criteria.
Over the past several weeks, Aave has been developing a new risk framework that includes Asset Risk, Bridging Risk, Chain Risk, and advanced automation capabilities for risk management.
This framework establishes a new standard for how Aave assesses, monitors, and manages risk… https://t.co/yTYvkC3tKD
— Stani (@StaniKulechov) June 9, 2026
The development was highlighted on June 9 by Aave founder Stani Kulechov. LlamaRisk, Aave’s risk service provider, submitted the detailed ARFC proposal outlining a four-layer risk model. The framework will apply across Aave V3, the upcoming V4, and the institutional Aave Horizon platform. Assets that do not comply will face systematic offboarding if the proposal is approved.
A Four-Layer Approach Addressing Interconnected Risks
LlamaRisk’s comprehensive ARFC proposal outlines a robust new risk framework. The proposal goes beyond traditional single-asset evaluations and tackles systemic vulnerabilities through four integrated layers:
- Asset Risk: Requires rigorous smart contract audits with re-attestation on upgrades, active bug bounty programs, detailed liquidity and market analysis, issuer transparency, legal disclosures, and clear deprecation triggers. It also mandates continuous quarterly due diligence and strict protocols for material changes or unresolved past incidents.
- Bridging Risk: This section directly responds to recent cross-chain exploits. It demands full bridge topology disclosure, independent verifier thresholds, separate pause mechanisms, per-route rate limiting, dedicated security teams, and structured configuration lifecycles.
- Monitoring and Automated Risk Oracles: The framework pushes for proactive defense using real-time risk oracles, automated freeze guardians, human oversight through Risk Stewards, and integration with Aave’s Umbrella safety module.
- Chain Risk: Evaluates the underlying blockchain’s architecture, decentralization, finality guarantees, governance, operational history, and liquidity infrastructure before any deployment is allowed.
This new structure is designed to work alongside Aave Labs’ technical asset listing framework, forming a strong dual-gate system for both new and existing assets.
Timing Linked to KelpDAO Incident
The proposal arrives in the wake of the April 2026 KelpDAO rsETH bridge exploit, one of the largest DeFi incidents this year. Attackers exploited a weak single-verifier setup in the LayerZero bridge and drained roughly 116,500 rsETH, valued at around $292 million. A large portion of the stolen funds was then used as collateral on Aave to borrow nearly $190 million in WETH before the asset’s backing collapsed.
Aave quickly froze the affected rsETH markets to limit damage. The event caused a sharp temporary drop in Aave’s Total Value Locked and triggered billions in withdrawals across DeFi. Potential bad debt on Aave was estimated between $123 million and $230 million.
The protocol has already demonstrated its readiness to take difficult governance decisions during major security incidents. Earlier this year, a court-approved recovery process involving frozen ETH connected to the Lazarus Group hack drew significant attention across the industry, reinforcing the importance of structured risk controls and coordinated response mechanisms.
Market Reaction and Broader Impact
According to DefiLlama, Aave continues to cement its leadership in DeFi lending, with over $12 billion in Total Value Locked (TVL) and nearly $9.7 billion in active loans, underscoring strong and sustained user demand. The protocol’s on-chain activity saw notable growth through 2025, with spikes in volume, fees, and capital inflows reflecting renewed investor participation and improving market sentiment.
Aave generates approximately $946 million in annualized fees and $124 million in annualized earnings, highlighting a scalable and sustainable revenue model within decentralized finance. Despite recent moderation from peak levels, the platform continues to demonstrate resilient liquidity, robust user engagement, and a leading position in the evolving DeFi ecosystem.
The lending platform has also continued to showcase the effectiveness of its collateral management systems through large borrower activities. In a recent example, Ethereum whale ThomasG sold 10,000 ETH worth nearly $20 million to repay a portion of his Aave debt, demonstrating how the protocol’s risk parameters encourage borrowers to actively manage leverage during changing market conditions.
Community feedback on governance forums and social media has been mostly positive. Many see this as a sign of DeFi’s growing maturity, with one observer noting that “one sign of a maturing credit market is becoming more selective, not less.” While some worry about short-term effects on fees and yields from potential offboarding, the overall view supports stronger long-term stability.
The development was highlighted on June 9 by Aave founder Stani Kulechov. LlamaRisk, Aave’s risk service provider, submitted the detailed ARFC proposal outlining a four-layer risk model. The framework will apply across Aave V3, the upcoming V4, and the institutional Aave Horizon platform. Assets that do not comply will face systematic offboarding if the proposal is approved.
For a battle-tested protocol that has survived multiple market cycles, this risk overhaul marks a clear strategic shift: moving away from chasing maximum TVL toward building durable infrastructure capable of withstanding future shocks.
