Aave is rewriting the rulebook after the biggest DeFi exploit of 2026 exposed a hidden systemic risk: not buggy lending code, but a compromised cross-chain bridge. What happened - In April, attackers exploited KelpDAO’s rsETH — a “restaked” ether token that represents users’ re-used staked ETH — by forging a cross-chain message through the LayerZero bridge. - A single verifier in LayerZero’s network approved the fake message, allowing the attacker to mint 116,500 unbacked rsETH on the receiving chain. - Those fake rsETH tokens were deposited into Aave v3 as collateral, enabling roughly $230 million in loans that Aave could not recover once the tokens were revealed as worthless. - Crucially, Aave’s smart contracts worked as designed; the failure was in the bridge verification process. LayerZero has acknowledged it “made a mistake” by running a high-value verification setup in a one-of-one configuration. Aave’s response: broadened risk criteria and faster defenses - In a detailed postmortem, Aave announced a full review of every asset listed on V3 and a rewrite of its listing standards. The protocol says traditional assessments — volatility, liquidity and smart-contract audits — are no longer enough. - Going forward, collateral approvals will explicitly evaluate off-chain and cross-protocol infrastructure: bridge security and verification models, oracle dependencies, custodial arrangements, third-party contracts, operational security, and secondary-market liquidity, alongside financial and code risks. - Aave is also building automated protections to act quickly when assets show distress. One proposed measure would automatically cut an asset’s loan-to-value (LTV) to zero if predefined risk thresholds are breached, effectively removing its borrowing power before losses cascade. Immediate risk management steps - Since the exploit, Aave’s risk team has already implemented roughly 295 parameter changes across V3 markets, including 168 supply-cap reductions and 66 borrow-cap reductions to limit exposure to vulnerable assets. Why this matters - The incident highlights how increasingly interconnected DeFi infrastructure — bridges, messenger networks, and other off-chain verifiers — can create attack surfaces that traditional smart-contract-focused reviews miss. - Aave’s overhaul signals a broader industry shift: protocols will need to evaluate not just token contracts, but the external infrastructure those tokens rely on. As DeFi grows more composable, these dependencies will become central to measuring systemic risk. Bottom line: the exploit was a wake-up call. Aave is using it to push collateral reviews and automated safety mechanisms that factor in cross-chain and operational threats — a model other protocols may soon have to follow.
Aave Tightens Collateral Rules After $230M rsETH Exploit via LayerZero Bridge
ChainGPTShare
Summary
Aave has updated its cryptocurrency rules after a $230 million DeFi exploit involving KelpDAO’s rsETH token. Attackers used a forged cross-chain message via the LayerZero bridge to mint 116,500 unbacked rsETH tokens, which were deposited into Aave v3 as collateral. The protocol’s smart contracts operated correctly, but the breach exposed weaknesses in bridge verification. Aave is now revising asset listing standards to address off-chain risks like bridge security and oracle dependencies. The protocol has already made 295 parameter changes to reduce exposure to vulnerable assets.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.