Aave Proposes New Risk Framework After KelpDAO rsETH Bridge Exploit

Overview

• On June 9, Aave published a LlamaRisk‑authored risk framework for governance review that would be applied across Aave V3, V4 and Aave Horizon if token holders approve it.
• The framework sets four core areas of scrutiny — asset risk, bridge risk, chain risk and automated monitoring — and makes asset reviews continuous with quarterly refreshes and out‑of‑cycle checks for material changes.
• The proposal is a direct response to the April LayerZero‑powered KelpDAO exploit in which attackers minted about 116,500 rsETH (roughly $290–$292 million), deposited stolen rsETH into Aave V3 and borrowed WETH, forcing emergency freezes, zeroed LTVs and hundreds of parameter changes.
• Operational fixes in the plan include stricter bridge rules such as documented route topology, multiple independent verifiers, timelocked authority changes, per‑route rate limits, and automated alerts that can trigger temporary freezes or reduced exposure before full governance votes.
• If governance approves the framework it could speed interventions and asset removals to limit contagion, but the outcome depends on the vote and ongoing legal and frozen‑asset recovery work tied to the original exploit.