Aave to overhaul collateral and listing standards after KelpDAO exploit

The lending giant is expanding its asset listing criteria beyond financial risk to include cybersecurity and architecture, and wants the rest of De Fi to follow.By Oliver Knight|Edited by Stephen Alpher May 7, 2026, 2:27 p.m. 2 min read Make preferred on How to Regulate De Fi panel (Consensus Miami 2026)What to know: Aave will assess all future collateral assets on cybersecurity, interoperability, and technical architecture — not just price volatility — and will publish a minimum-standards playbook for issuers seeking to list on the protocol.The changes follow April's KelpDAO bridge exploit, in which an attacker minted $293 million in unbacked rsETH tokens and used them as collateral on Aave, leaving the protocol with hundreds of millions in bad debt.Rather than a government rescue, DeFi self-organised through an industry coalition called "DeFi United" to plug the gap — a response Jeng compared favourably to the government-led bank bailouts of 2008.Miami — Aave Labs is set to fundamentally reshape how it assesses and lists collateral assets on its protocol, following the largest DeFi exploit of 2026, and the overhaul could set a new standard across the entire industry.

Linda Jeng, chief legal and policy officer at Aave Labs, said at Consensus Miami 2026 that the protocol's existing risk framework, while robust, had been too narrowly focused on financial risk and volatility.

Going forward, every asset seeking to be listed on Aave will face a broader assessment covering interoperability, cybersecurity vulnerabilities, and the underlying architecture of the asset. She cited rsETH, the restaking token issued by KelpDAO that sat at the center of April's crisis, as the catalyst for the change.