Aave overhauls listing standards after $230 Million rsETH exploit exposed bridge risks
An official postmortem traced the exploit to a LayerZero bridge verification failure and outlined a sweeping overhaul of Aave's asset-listing standards as DeFi risks shift beyond smart contract bugs.
By Sam Reynolds|Edited by Shaurya Malwa Jun 1, 2026, 5:04 a.m. 3 min readMake preferred on
What to know:
- Aave said the record 2026 rsETH exploit stemmed from a failure in KelpDAO’s LayerZero-powered bridge, not a bug in Aave’s own smart contracts, prompting a sweeping review of all V3 assets and listing standards.
- In its postmortem, Aave detailed how attackers abused a single LayerZero verifier to forge a cross-chain message and mint 116,500 unbacked rsETH on Ethereum, exposing hidden risks in bridges and other off-chain infrastructure.
- Aave plans to overhaul its risk framework to scrutinize bridges, oracles, custodians and operational security, add automated defenses that can instantly strip collateral of borrowing power, and has already made hundreds of parameter changes to curb exposure.
The most expensive DeFi attack of 2026 began with KelpDAO's restaked ether (rsETH) bridge, not a bug in Aave's code. That, the lending protocol argues in an official postmortem published this week, is precisely why the industry needs to rethink how it measures risk.
Aave said it is launching a review of every asset listed on V3 and rewriting its listing standards after April's $230 restaked ETH exploit exposed a new class of DeFi risk.
The protocol's postmortem traced the attack not to a flaw in Aave's smart contracts but to a LayerZero bridge verification failure, where a single verifier approved a forged cross-chain message that released 116,500 unbacked rsETH.
Going forward, Aave says collateral assessments will weigh bridges, oracle dependencies, custodians and operational security alongside the financial and smart-contract risks it has traditionally screened for.
KelpDAO is a "restaking" service, which lets users take their ether that is already locked into Ethereum to earn staking rewards and reuse it as collateral to earn additional yield from other protocols. The token rsETH represents a user's claim on that restaked ether. To move rsETH between blockchains, KelpDAO uses LayerZero, a piece of infrastructure called a cross-chain bridge that passes messages between networks so a token issued on one chain can show up on another.
Bridges rely on a set of independent verifiers who confirm each message is real before the receiving chain releases the equivalent tokens.
In April's attack, just one of those verifiers approved a fake message, which let the attacker mint 116,500 rsETH on the receiving chain with no actual ether backing it.
Those tokens were then deposited into Aave, a lending protocol where users borrow against collateral they post, and used to take out loans Aave could not recover once the rsETH was revealed as worthless. Aave's own code worked exactly as designed. The collateral it accepted turned out to be fake because the bridge that delivered it had been compromised.
While LayerZero acknowledged earlier this month that it "made a mistake" by allowing its own verification system to secure high-value assets in a one-of-one configuration, Aave's postmortem goes further by using the incident to justify a broader overhaul of DeFi risk management.
The protocol argues that traditional reviews focused on volatility, liquidity and smart contract audits failed to capture the risks created by bridges, verification networks and other infrastructure that sits outside application code.
Beyond smart contract audits and financial risk analysis, Aave said it will now evaluate bridge infrastructure, oracle dependencies, third-party contracts, custodial arrangements, operational security practices, and secondary-market liquidity before approving or expanding collateral listings.
The protocol is also building new automated defenses designed to react faster when collateral assets show signs of distress. Among the proposals outlined in the postmortem is a system that would automatically reduce an asset's loan-to-value ratio to zero once predefined risk thresholds are breached, removing its borrowing power before losses can spread through the broader market.
Since the exploit, Aave says its risk managers have already executed roughly 295 parameter changes across V3 markets, including 168 supply-cap reductions and 66 borrow-cap reductions aimed at limiting exposure to individual assets.
As DeFi protocols become more interconnected, Aave's postmortem suggests the industry may need to scrutinize not only the assets it lists, but also the infrastructure those assets depend on
More For You
XRP drops to $1.32 as sellers overpower exchange outflows
By Shaurya Malwa18 minutes ago
XRP hit a 15-week low before stabilizing, with traders watching whether the latest washout turns into a base or another leg lower.
What to know:
- XRP has fallen to a 15-week low near $1.32, with sellers repeatedly overpowering attempts at price recoveries despite signs of tokens leaving exchanges.
- More than 25 million XRP have moved off exchanges and spot XRP ETFs have drawn about $1.42 billion in cumulative inflows, but these accumulation signals have not...
XRP drops to $1.32 as sellers overpower exchange outflows
18 minutes ago
Bitcoin extends slide as spot ETF outflows hit a record while Wall Street rips on AI
48 minutes ago
Coinbase makes a major play for India’s booming $3 billion crypto market with local currency launch
6 hours ago
A massive $1.26 billion sale of BlackRock’s IBIT was likely a rapid exit by a large investor
10 hours ago
How the House Financial Services Committee is taking on tokenization: State of Crypto
11 hours ago
How Stellar became part of DTCC's tokenization push for Wall Street securities onchain
13 hours agoTop Stories
SEC sues Texas man over $12.3 million alleged crypto scheme built on fake AI trading bots
May 30, 2026
Bitcoin's wild days are over — and Trace Mayer says that's a good thing
17 hours ago
U.S. says it seized about $1 billion in Iranian crypto as pressure campaign expands
May 30, 2026
Hyperliquid could become a ‘financial services juggernaut’ as DeFi expands, says Grayscale
May 30, 2026
Bitcoin, ether, XRP, dogecoin lag a nine-week stocks rally as ETF demand cools
May 30, 2026
