On the rsETH Exploit and its impact on Aave

Disclosure

Disclosure on Chaos Labs' role. Chaos Labs' operational risk engagement with the Aave DAO ended on April 6th and was publicly announced. Immediately thereafter, Risk steward keys were rotated to Aave Labs and LlamaRisk, and risk oracles were shut down.

Chaos Labs has had no operational ability with Aave since then and is no longer permissioned to act on behalf of the protocol. We remain available to the DAO for recommendations upon request and continue to monitor the situation across affected venues.

Overview

The rsETH incident on April 18 is still moving, but enough is on the public record to write usefully about what happened, why the Aave ownership model matters for how depositors and the industry think about risk, and what is being worked through now on rates and markets. This piece lays out our reading of it.

This article draws on public information, our own onchain observations, and views we have shared with the current stewards.

Where will bad debt on Aave be realized?

Two paths have emerged from the public discourse. One is to isolate the loss to L2 holders, leaving mainnet rsETH fully backed. The other is to socialize the loss uniformly across the entire supply, regardless of chain. The gap between the two outcomes on Aave is meaningful, which makes both worth discussing.

Isolating Losses to L2s

In structural terms, Kelp would be establishing seniority across its token: Mainnet as the senior tranche, L2 as the junior tranche.

Under this allocation framework, Aave would face roughly $230 million in bad debt for depositors concentrated on L2 deployments. This is assuming that the rsETH bridged from mainnet to Arbitrum will be made redeemable by Kelp.

Socializing losses uniformly

An alternative framework exists where losses are socialized uniformly, and Aave would realize ~125 million in bad debt, with $92 million stemming from the mainnet deployment.

This decision sits with Kelp, and at the time of writing, no decision has been confirmed.

On Aave’s interest rates

Since the market freeze, we have shared our view with the current stewards, including:

• pausing reserves

• that lowering borrow-rate pressure on affected WETH markets may help reduce the risk of self-reinforcing deleveraging on non-Kelp collateralized debt.

On April 19th and 20th, LlamaRisk adjusted the WETH interest-rate model via the manual Risk Steward across several L2s, reducing slope2 and lowering the max borrow rate materially on those deployments. While we also recommended pausing the reserve, further parameter decisions ultimately rest with the current stewards, Aave Labs and LlamaRisk.

We acknowledge that in such a situation, there is no perfect solution, as reducing interest rates hurts lenders who were supplying liquidity on Aave, and should, in theory, be rewarded for this risk, especially as their assets are traded at a discount. It also reduces the pressure on borrowers who may otherwise be more incentivized to return capital to the platform.

However, with ~10 billion in capital being withdrawn from Aave over the past 72 hours, we are in the midst of a significant depositor outflow.

Moreover, higher rates only work when borrowers can materially respond to them: if they are locked up or maximally looped and without access to liquidity to deleverage, higher rates just risk becoming a multiplier on bad debt creation. The longer they stay elevated, the closer the system gets to cascading liquidations dynamics and their associated risks.

Pillars of Contribution Across DAO Service Providers

Aave's work has historically been split across several contributor teams, each with a defined scope. Understanding what each team covered and what they didn't helps explain how risk is managed across the protocol and how responsibilities are distributed across teams.

BGD Labs covered Aave's protocol technical risk: the smart contracts themselves, access control, execution environment, upgrade paths, and the Aave V3 codebase. BGD handled this exceptionally well over multiple years, with a level of rigor and responsiveness that set the standard for technical contributors across the industry. The Aave protocol contracts were not compromised in this incident. BGD has since exited the DAO.

ACI covered growth, governance facilitation, and DAO operations: proposal authorship, coordination, and incentive programs. ACI has since exited the DAO.

Chaos Labs covered economic and market risk. The scope is the quantitative modeling of listed assets: collateral behavior, liquidity, liquidation dynamics, pricing integrity, and parameter optimization under stress. For rsETH, that meant analyses of historical volatility, market depth, redemption behavior, and oracle configuration. All of it is on the Aave governance forum in full. Chaos Labs' operational engagement with the DAO ended on April 6.

TokenLogic also supports growth, governance facilitation, and DAO operations and continues to serve the DAO.

LlamaRisk covered qualitative risk assessment: structural review of listed assets, issuer documentation, and collateral risk analysis. Their scope has expanded over time, and with Chaos Labs' departure they now cover quantitative risk as well. LlamaRisk authored the original rsETH collateral risk assessment when the asset was onboarded in November 2024 and remains an active risk provider in the DAO.

These verticals were complementary, not redundant. Each covered a different surface, with a different failure mode, and a different team accountable for it. A depositor using Aave could publicly know which team was accountable for which surface, and the analysis backing each decision was available on the governance forum in full.

Listings and parameter decisions on Aave move through a multi-party review process and a governance vote. Service providers recommend from within their respective scopes, and DAO voters decide. No single service provider has, by design, unilateral authority to approve or reject asset listings.

The question of how DeFi as a whole evaluates asset-issuer infrastructure at listing, meaning bridge architecture, cross-chain messaging configuration, and issuer-side key management, is one that this incident surfaces sharply. That conversation will play out across Aave and every other major venue in the weeks ahead, and a broader piece from us on the lessons and takeaways is coming separately.

This is in stark contrast to a curator model, in which one party chooses the assets, sets the parameters, and controls the surface end-to-end. That is a different shape of risk, and users should know which shape they are opting into.

On Kelp’s rsETH listing and conflicting engagements

For the record, so there is no ambiguity:

Chaos Labs has never had any commercial, advisory, or consulting relationship with the Kelp DAO.

Our involvement with rsETH was limited to our role as a risk service provider to the Aave DAO, operating in public through governance. Every parameter recommendation we made for rsETH is on the Aave governance forum, along with the analysis and rationale.

The most recent rsETH parameter work we did on Aave was in January 2026, when we validated the E-Mode LTV adjustment proposed by ACI. That work addressed the market and liquidity risk of the underlying asset, which was the scope of our engagement. It did not evaluate the security posture of Kelp's cross-chain bridge. Bridge security is an infrastructure risk owned by the asset issuer and its infrastructure providers. The consequences of a failure at that layer propagates to every protocol that has integrated the asset, which is a structural feature of composability rather than a scope question. The broader question is how DeFi as a whole evaluates issuer-side risk at the listing stage, given that downstream protocols warehouse the consequences.

On Looping in Aave and DeFi in general

A few of the takes over the last week have argued that looping on Aave is should be restricted or throttled. Risk is always viewed in the context of reward, so I will frame this with data.

Looping strategies have historically accounted for a significant share of Aave's strategy, representing 40% of Aave 2025's protocol revenue and 35% of its TVL, as reported in the ACI Transparency Report. Looping is one of the defining things Aave does, and one of the defining product-market fits of DeFi lending generally. DeFi allows risk-taking lenders and borrowers to use onchain primitives to build carry on top of base yields, in a way that centralized venues cannot structurally replicate. Treating it as a strategy, Aave could rid itself of, without meaningful consequence, misunderstands Aave’s business to date.

The demand for looping is also rising, not falling, for reasons unrelated to Aave. Onchain yields have compressed toward the risk-free rates available in short-dated Treasuries. Users who choose to keep capital onchain are doing so against a benchmark that has gotten harder to beat, and looping is one of the few remaining ways to generate the kind of spread that justifies the onchain exposure in the first place. In an environment like that, restricting looping is not a neutral safety measure. It is a decision about how competitive the protocol is willing to be in a yield environment that is already unkind to DeFi.

The broader point, which applies well beyond Aave and this incident, is that risk and reward must be examined together. Service providers recommend within their scopes. Listings and parameter decisions move through TEMP CHECK, ARFC, and onchain execution, with DAO voters as the final authority. The hardest governance questions are rarely about a single parameter on a single asset. They are about how a DAO resolves the tensions between risk posture and business development / growth, and every major DeFi venue has those tensions.

Pooled vs Isolated Architectures and Tradeoffs

A lot of takes over the last few days have argued that what happened is validation that the pooled model is broken, or that isolated markets are structurally safer for users. They’re fundamentally different, so it’s an apples-to-oranges comparison.

There are two kinds of risk a depositor can face.

The first is liquidity risk. Your position is structurally fine, but you cannot access your funds when you want them because the market is at 100% utilization. This is bad UX, especially for users who are not deep in crypto, and it can feel scary in the moment. But it is temporary, and the principal is intact.

The second is principal risk. You take a haircut on your deposits. The loss is permanent. Neither model eliminates both risks. They distribute them differently. A pooled model offers greater liquidity, higher capital efficiency, and a better chance of excess yield. In exchange, you are only as safe as the riskiest asset in the basket. An isolated market gives you cleaner containment of bad debt to the specific market that broke. In exchange, you typically get lower liquidity and yield.

What we are watching this week is the trade-off between the pooled and isolated models realized. That does not make the model “wrong”; however, it does make the tradeoff real. Users should understand what they are depositing into beyond the headline APY, because the number on the front page is priced against a risk profile, and that profile is not the same everywhere.

We’ve previously written about this here.

Composability - A double-edged sword?

It is widely believed that what we are seeing today is an inherent trade-off of one of DeFi's best features: composability.

I am here to say that to a certain extent, you can have your cake and eat it too.

Every asset issuer should run a proof-of-reserves oracle, regardless of which provider you use. It is not costly. It requires a little transparency and a little integration work on the issuer side. A proof of reserves oracle prevents exactly this class of incident by ensuring the minted supply always equals the backing deposits, and that mints and burns cannot drift. Every bridge and every DeFi protocol can implement sanity checks and circuit breakers. Applications can connect to those proof-of-reserve oracles or adopt dynamic risk-oracle switches that throttle deposits above a given threshold, queue large withdrawals for liquidity review, or pause entirely when an upstream signal breaks. There are many variants, and many more kinds of checks and guarantees that can be put in place at the smart contract level, at every layer of the stack. I will not turn this into a catalog of solutions. The point is that this is not something the industry has to live with. Composability does not force you to accept silent insolvency propagating across protocols. You just have to do composability responsibly.

On recent exploits

The methods used to gain access have grown more sophisticated, but the escalation of privileges after an access control breach has not. Bridge compromise and infinite mint attacks have been happening for years. The contagion they cause across ecosystems and protocols is not new. What has changed is the attack surface, not the playbook.

On recovery

We hope for the fullest possible recovery of user funds. A broader write-up on lessons and takeaways for the industry will follow separately, including where responsibility for infrastructure-layer failures like this one sits, and why that matters for how DeFi gets built going forward.