Home
News
Details

Chaos Labs Ends Risk Management Partnership with Aave

iconOdaily
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
AAVE
$107.621-8.06%
AI summary iconSummary

expand icon
Chaos Labs has announced a partnership termination, ending its three-year risk management collaboration with Aave. The on-chain update follows the firm’s stated fundamental disagreements over risk strategies, not budgetary concerns. During the partnership, Aave’s TVL grew from $5.2 billion to over $26 billion, with more than 2,000 risk parameter adjustments. Chaos Labs cited increased complexity, the transition to Aave V4, and limited resources as key factors in its decision.

Chaos Labs Is Leaving Aave

Original author: Omer Goldberg

Peggy, BlockBeats

Editor’s Note: Chaos Labs has announced its voluntary termination of its risk management partnership with Aave and is seeking to end this authorization relationship ahead of schedule. This departure comes at a critical juncture as Aave advances its V4 architecture overhaul and institutional expansion, following three years during which Chaos Labs served as the core team providing risk pricing and management for all Aave V2 and V3 markets.

In the statement, Chaos Labs emphasized that this decision was not due to short-term budget disagreements, but rather a fundamental misalignment between the parties on how risk should be managed. As core contributors departed, system complexity increased, and the architecture was rewritten with V4, the responsibilities and costs associated with risk management expanded significantly, yet resource allocation and priority setting were not adjusted accordingly.

The article further points out that, as DeFi gradually attracts institutional capital, the risk record itself has become the most critical "admission asset." When protocols must simultaneously handle more complex system structures and higher compliance standards, risk is no longer merely a technical issue—but a foundational capability that determines whether they can sustain operations.

As DeFi enters its next phase, where should risk management be positioned, and is the industry willing to bear the associated costs?

The following is the original text:

Since November 2022, Chaos Labs has priced every loan initiated on Aave and managed risk across all Aave V2 and V3 markets and networks, with no material defaults occurring.

During this period, Aave's total value locked (TVL) grew from $5.2 billion to over $26 billion, with cumulative deposits exceeding $2.5 trillion and more than $2 billion in liquidations completed.

Today, we have decided to proactively terminate this authorization relationship and seek an early termination of the partnership.

This decision was not made lightly. We have always collaborated in good faith with DAO contributors, and Aave Labs has consistently maintained professionalism, even increasing the budget to $5 million in an effort to retain us. However, we chose to leave because this partnership no longer aligns with our fundamental understanding of how risk should be managed.

Despite differences in future paths, I believe Aave Labs is acting in a way that it understands to be most beneficial to Aave.

Why we chose to leave

Over the past three years, we have stood side by side with Aave through multiple market crises—moments that tested nearly every parameter we set and every machine learning model we built.

When we joined, the DAO's annual net expenditure was negative $35 million; a few months ago, it peaked at $150 million. Throughout this journey, we, as one of the core contributors, truly feel proud.

People won't easily let go of such an experience. Therefore, for the sake of transparency and to provide useful reference for the future of the DAO, we are stating the reasons here.

Funds can solve many problems, but not all. The deeper issue lies in a structural disagreement between the two parties on how to manage risk. As discussions about the future path continue, this divergence becomes increasingly clear.

Ultimately, the issue boils down to three points:

The departure of core Aave contributors has significantly increased the workload and operational risk;

The launch of V4 expanded the scope of risk management functions to include operational and legal responsibilities, yet its architecture was not designed by us nor is it a design approach we would adopt;

Over the past three years, we have consistently managed Aave's risk operations at a loss. Even with a $1 million budget increase, overall operations would remain unprofitable.

This leaves only two options, both of which we cannot accept:

Do our best under limited resources, but unable to meet the risk management standards expected of the world's largest DeFi application;

Continue subsidizing Aave's risk operations with own funds, incurring ongoing losses.

Even if economic issues are resolved, differences in risk prioritization and management approaches remain, and these cannot be solved simply by increasing the budget.

But none of these will change our perspective on this work.

For Chaos Labs, being able to contribute to Aave has always been an honor and a serious responsibility. Our reputation stems from our track record—every partnership is either executed to the highest standard or not undertaken at all.

People, technology, and operational expertise

Aave is an excellent brand. Its leadership does not stem from the most flashy features or the most aggressive growth strategies.

What truly gives Aave a long-term advantage is its reliability. Brand and market sentiment are essentially lagging indicators of its performance, security, and risk management capabilities—especially in extreme market conditions that have destroyed other participants. It is on this foundation that the consensus of “Just Use Aave” has gradually formed.

Competitors have launched more aggressive mechanisms and growth strategies, but one by one have collapsed due to risk management failures or security vulnerabilities. In a market composed of the world’s most volatile assets, “survivability” is itself the product. Whoever can manage risk better and for longer will win.

Aave's true innovation lies in areas often overlooked by other protocols: processes and infrastructure. We built and first introduced Risk Oracles on Aave, enabling the protocol to self-heal and update parameters in real time based on dynamic and volatile market conditions. This infrastructure supports Aave’s expansion to over 250 markets across 19 blockchains, handling hundreds of parameter updates monthly while maintaining rigorous operational standards—earning the trust it has today.

Over the past year, Chaos Labs has executed and continuously pushed over 2,000 risk parameter updates across Aave’s markets, encompassing both manual adjustments and automated Risk Oracle management mechanisms. This infrastructure has enabled Aave to scale to more than 250 markets across 19 blockchains while maintaining real-time risk management.

Number of Aave risk parameter updates executed by human managers and Chaos Risk Oracles.

This rigor stems from a specific collaboration framework and execution stack: ACI handles growth and governance (@Marczeller), TokenLogic manages treasury and growth (@Token_Logic), BGD oversees protocol engineering (@bgdlabs), and Chaos Labs manages risk.

A brand is what the outside world sees; what truly makes it worthy of attention is the people, technology, and operational expertise behind it.

GTM and Institutional Expansion

Our contributions go far beyond risk management.

Over the past few years, the crypto industry has rapidly institutionalized. The world’s largest financial institutions are beginning to access DeFi, but no matter how real the on-chain returns may be, they are meaningless unless one precondition is met: if institutions fear their clients’ funds could be at risk, none of it matters. For any regulated entity, every discussion begins and ends with risk. A few additional basis points in yield are never worth risking principal. Institutions seek risk-adjusted returns, and they will not allocate capital to a protocol they cannot clearly explain to their compliance teams.

For this reason, Aave’s risk record has become its most important GTM asset. As the builders of this record, we are uniquely positioned to engage directly with these institutions. At the request of Aave Labs, we have taken on this role, meeting with partners worldwide, producing research and due diligence materials, and actively participating in Aave’s institutional expansion. We also hope the DAO will continue to benefit from these accumulated efforts over the coming months.

Theseus's Ship

If every plank of a ship is replaced, is it still the same ship? The name hasn’t changed, the flag hasn’t changed, but the underlying structure is entirely different.

Aave is currently in this state. The core contributors who built and operated V3 have left, taking with them the operational expertise that supported Aave through market cycles over the past three years.

We are the last remaining technical contributor in this group.

V3 remains the largest application in DeFi and requires 7×24×365 risk management. Although Aave Labs is optimistic about a swift migration to V4, history shows that such migrations often take months or even years. Until V4 fully assumes V3’s market and liquidity, both systems must run in parallel. The workload will not be halved—it will double.

More importantly, operational experience. Even assuming equal capabilities across teams, the experience accumulated over three years of continuous operation cannot be directly transferred during handover.

How long will it take to close this gap? The answer is clearly not "zero." And before the gap disappears, someone must bear this cost—and that responsibility falls almost entirely on us, even as our budget is already insufficient amid expanding scope.

Brand continuity does not equate to system continuity.

Why is V4 different?

V4 is a completely new lending protocol with entirely new smart contract code, system architecture, and design paradigm. Aside from its name, it has almost nothing in common with Aave V3.

Changes at the architectural level directly impact risk: increased interdependencies across markets and modules, a new credit structure, and revised liquidation logic. The "second-order risks" of any new protocol only gradually emerge after real funds enter the system.

Taking responsibility for this system means rebuilding the infrastructure, toolchain, and simulation environment, and starting from scratch to run a complete operation on a codebase that has not yet been tested in the market. This scope far exceeds that of V3, and it is at the core of our decision.

Risk is a downstream consequence of architecture. When the architecture undergoes fundamental changes, risk management itself must be restructured. Unlike "standardized services" such as price oracles or proof of reserves, Risk Oracle and its accompanying systems must be custom-built for each specific protocol architecture. Once the architecture is rewritten, the risk infrastructure must also be rebuilt.

The issue is that the scope has expanded significantly, but resources have not increased accordingly. Aave Labs may be able to accept this trade-off, but we cannot.

The true cost of this matter

We are walking away from a historically successful $5 million partnership. For a startup, this is no trivial decision, and thus warrants fuller context.

Compensation is only part of it; more importantly, it’s a signal: how much resource an organization invests in risk reflects its priority on risk.

At the same time, I believe few people truly understand the actual costs, real expenses, and risks involved in such systems. Therefore, I aim to clarify these points here.

It is important to clarify: the DAO has full authority to determine what it values and how much it is willing to pay for it. I have no objection to that. My role is simply to assess whether these conditions are suitable for us—and in this case, they are not.

Compare Aave to a bank

Aave often compares itself to banks, and we use the same standard for evaluation. Banks typically allocate 6%–10% of their revenue to compliance and risk infrastructure. In 2025, Aave's revenue was $142 million, while our budget was $3 million, accounting for approximately 2%.

We estimate that the minimum risk budget for V3 + V4 should be $8 million to cover a broader risk scope, additional infrastructure, and the GTM work we have already undertaken, representing approximately 5.6% of revenue, still below the bank’s lower limit.

This comparison may even be somewhat "lenient." The openness of blockchain makes market and cybersecurity risks more complex and asymmetric. Open and transparent protocols mean that attack surfaces are visible to everyone. A series of recent attacks have proven that this is not merely a theoretical risk. We believe that DeFi should allocate higher risk investment than traditional finance, not lower.

Of course, Aave's scale is nearly unmatched in DeFi; banks are merely a reference point for understanding how much institutions that take risk seriously typically invest. Whether a protocol has the capacity to invest in risk is a different matter from whether it chooses to do so.

For Aave, capacity is not the issue: the DAO holds approximately $140 million in reserves, and Aave Labs has just passed a $50 million self-funded proposal. But even with scarce resources, the cost of risk management does not change. Budgets cannot reshape the threat structure—costs are costs.

Costs that won't appear in the budget

Human resources and infrastructure are only the visible costs; there are also less quantifiable but unavoidable hidden costs.

First, there is legal and institutional risk. In DeFi, those engaged in risk management—whether as risk managers or treasury managers—face undefined boundaries of responsibility. There is no mature regulatory framework, no "safe harbor," and no clear legal determination of what responsibilities risk managers bear when a protocol fails. These roles are "invisible" when the system operates normally, but the accountability does not disappear when things go wrong.

Second, network and operational security. Providing risk services for a protocol managing tens of billions of dollars in assets inherently makes it a target for attacks. The costs of building audits, monitoring, infrastructure, and internal control systems rise in tandem with user deposit volumes.

These costs are not unique to us. Any team taking on this role at this scale would face the same exposure. The question is whether this collaborative structure reflects that reality.

If the upside is limited and the downside is unlimited, continuing is not a sign of conviction—it’s poor risk management.

Our principles

At Chaos, we始终坚持一个简单原则:只为我们完全认可的工作署名。

This principle is easy to uphold when things go smoothly; what truly matters is when it comes at a cost. Today, that cost is $5 million.

I once wrote in "The Market Crypto Never Built" what institutional-grade risk management should look like. This decision is the embodiment of that belief in practice. If we advocate for higher standards in the industry, we must first hold ourselves to those standards.

I hope V4 succeeds. If our concerns turn out to be exaggerated, it will be good for the entire industry.

To the Aave community: Thank you for your trust during this time; it has been our honor.

[Original link]

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.