Aave Rolls Out Four-Layer Risk Framework After April's $290M rsETH Bridge Exploit 🛡️

Aave founder Stani Kulechov has outlined a new four-layer risk framework for the protocol in response to April's $290 million KelpDAO rsETH bridge exploit. Developed over the past several weeks, the framework introduces guidelines covering Asset Risk, Bridging Risk, Chain Risk, and automated risk management tools, and will be applied to all assets and markets once approved.

Assets that fail to meet the new standard will be removed from Aave in the coming weeks. The framework is organized into four main layers. The first, Asset Risk, addresses potential delisting, monitoring, due diligence, and onboarding. The second, Bridging Risk, establishes security standards for assets transferred between chains. The third, Automated Risk Oracles and Monitoring, provides automated defenses against new threats along with continuous oversight. The fourth, Chain Risk, evaluates a blockchain's suitability for Aave deployment and sets the maximum exposure allowed for assets on each chain.

The decision follows an April exploit in which the LayerZero-powered cross-chain bridge Kelp DAO lost 116,500 rsETH tokens. After the exploiter deposited a sizable amount of the stolen assets into Aave V3, the attack extended to the Aave protocol. Aave has not published a separate statement on remediation tied to the incident beyond the new framework.

Market data shows AAVE trading at $60.95, down 2.16% over the previous day. Aave's TVL moved by more than $170 million this week, reaching approximately $14.75 billion, according to AMBCrypto — well below the more than $25 billion recorded in mid-April.