Share this article
Aave to overhaul collateral and listing standards after KelpDAO exploit
The lending giant is expanding its asset listing criteria beyond financial risk to include cybersecurity and architecture, and wants the rest of DeFi to follow.
May 7, 2026, 2:27 p.m. 2 min read
What to know:
- Aave will assess all future collateral assets on cybersecurity, interoperability, and technical architecture — not just price volatility — and will publish a minimum-standards playbook for issuers seeking to list on the protocol.
- The changes follow April’s KelpDAO bridge exploit, in which an attacker minted $293 million in unbacked rsETH tokens and used them as collateral on Aave, leaving the protocol with hundreds of millions in bad debt.
- Rather than a government rescue, DeFi self-organised through an industry coalition called “DeFi United” to plug the gap — a response Jeng compared favourably to the government-led bank bailouts of 2008.
In this article
Going forward, every asset seeking to be listed on Aave will face a broader assessment covering interoperability, cybersecurity vulnerabilities, and the underlying architecture of the asset. She cited rsETH, the restaking token issued by KelpDAO that sat at the center of April’s crisis, as the catalyst for the change.
Beyond the new assessment criteria, Jeng announced that Aave would publish a formal playbook for asset issuers — a set of minimum standards that projects must meet before they can list on the protocol. She also said Aave would begin examining systemic interconnections across protocols, moving away from analyzing pools in isolation to understanding how exposure in one corner of DeFi can ripple into another.
