Aave overhauls listing standards after $230 Million rsETH exploit exposed bridge risks
Aave says April’s $230 million rsETH exploit was not caused by a bug in its code, but by a LayerZero bridge verification failure that let one verifier approve a fake cross-chain message and mint 116,500 unbacked rsETH. Attackers deposited the worthless tokens into Aave and borrowed against them, causing losses when the collateral failed. In response, Aave is reviewing every V3-listed asset and rewriting its listing standards. Future collateral risk checks will include bridges, oracle dependencies, custodians, third-party contracts, operational security, and secondary-market liquidity, not just smart-contract and market risk. Aave is also building automated defenses, including systems that can drop an asset’s loan-to-value ratio to zero when risk thresholds are breached. Since the exploit, it has already made about 295 risk-parameter changes across V3, including supply-cap and borrow-cap cuts.
