Aave Labs is fundamentally overhauling how it assesses and lists collateral assets, following the largest DeFi exploit of 2026. The change could set a new industry standard.
At Consensus Miami, Chief Legal and Policy Officer Linda Jeng said the protocol's existing risk framework had been too narrowly focused on financial risk and volatility.
Going forward, every asset seeking to list on Aave will face a broader assessment covering interoperability, cybersecurity, and underlying architecture. The catalyst: rsETH, the restaking token at the center of April's $293 million KelpDAO attack.
Aave will also publish a formal playbook for asset issuers-minimum standards before listing-and examine systemic interconnections across protocols.
"Out of a crisis like this, it ups our standards," Jeng said.
In April, an attacker exploited KelpDAO's cross-chain bridge, minting 116,500 unbacked rsETH tokens, then depositing them into Aave as collateral to borrow real wrapped ether-leaving the protocol with hundreds of millions in impaired debt.
Jeng, a former regulator during the 2008 financial crisis, said the episode felt familiar. But unlike 2008, the industry mobilized itself through "DeFi United," drawing commitments from Lido, EtherFi, and Ethena to cover the shortfall.
"In the financial crisis, we had to bail out the banks. Here, we came together as an ecosystem to bail ourselves out," she said.