Aave is rewriting the rulebook after the biggest DeFi exploit of 2026 exposed a hidden systemic risk: not buggy lending code, but a compromised cross-chain bridge. What happened - In April, attackers exploited KelpDAO’s rsETH — a “restaked” ether token that represents users’ re-used staked ETH — by forging a cross-chain message through the LayerZero bridge. - A single verifier in LayerZero’s network approved the fake message, allowing the attacker to mint 116,500 unbacked rsETH on the receiving chain. - Those fake rsETH tokens were deposited into Aave v3 as collateral, enabling roughly $230 million in loans that Aave could not recover once the tokens were revealed as worthless. - Crucially, Aave’s smart contracts worked as designed; the failure was in the bridge verification process. LayerZero has acknowledged it “made a mistake” by running a high-value verification setup in a one-of-one configuration. Aave’s response: broadened risk criteria and faster defenses - In a detailed postmortem, Aave announced a full review of every asset listed on V3 and a rewrite of its listing standards. The protocol says traditional assessments — volatility, liquidity and smart-contract audits — are no longer enough. - Going forward, collateral approvals will explicitly evaluate off-chain and cross-protocol infrastructure: bridge security and verification models, oracle dependencies, custodial arrangements, third-party contracts, operational security, and secondary-market liquidity, alongside financial and code risks. - Aave is also building automated protections to act quickly when assets show distress. One proposed measure would automatically cut an asset’s loan-to-value (LTV) to zero if predefined risk thresholds are breached, effectively removing its borrowing power before losses cascade. Immediate risk management steps - Since the exploit, Aave’s risk team has already implemented roughly 295 parameter changes across V3 markets, including 168 supply-cap reductions and 66 borrow-cap reductions to limit exposure to vulnerable assets. Why this matters - The incident highlights how increasingly interconnected DeFi infrastructure — bridges, messenger networks, and other off-chain verifiers — can create attack surfaces that traditional smart-contract-focused reviews miss. - Aave’s overhaul signals a broader industry shift: protocols will need to evaluate not just token contracts, but the external infrastructure those tokens rely on. As DeFi grows more composable, these dependencies will become central to measuring systemic risk. Bottom line: the exploit was a wake-up call. Aave is using it to push collateral reviews and automated safety mechanisms that factor in cross-chain and operational threats — a model other protocols may soon have to follow. Read more AI-generated news on: undefined/news