Chaos Labs exits, who will take over Aave's risks?

When risk control exits, DeFi’s security foundation gets repriced.

By Omer Goldberg

Compiled by Peggy, BlockBeats

Editor’s note: Chaos Labs has announced that it will proactively end its risk management collaboration with Aave and seek to terminate this authorization relationship early. As the core team that has provided risk pricing and management for all Aave V2 and V3 markets over the past three years, its departure is occurring at a critical stage—just as Aave is pushing ahead with V4 architecture restructuring and institutional expansion.

In its announcement, Chaos Labs emphasized that this decision does not stem from a short-term budget disagreement, but rather from a fundamental mismatch in how the two sides understand “how risk should be managed.” As core contributors leave, system complexity increases, and the architecture rewrite brought by V4 expands the scope of risk management responsibilities and costs significantly, resource allocation and priority-setting have not been adjusted in sync.

The article further points out that as DeFi gradually attracts institutional capital, risk records themselves have become the most critical “admission asset.” When a protocol needs to take on both more complex system structures and higher standards of regulatory compliance, risk is no longer just a technical issue—it becomes the underlying capability that determines whether it can keep operating.

As DeFi enters its next phase, where should risk management be positioned, and whether the industry is willing to bear the corresponding costs for it.

The following is the original text:

Since November 2022, Chaos Labs has priced every loan initiated on Aave and managed the risks of all Aave V2 and V3 markets and across each network, during which there has been no loan loss with any material impact.

During this period, Aave’s total value locked (TVL) grew from $5.2 billion to over $26 billion, cumulative deposits exceeded $2.5 trillion, and more than $2 billion in liquidations have been completed.

Today, we have decided to proactively end this authorization relationship and seek to terminate our collaboration early.

This decision was not made in a rush. We have always worked in good faith and in collaboration with DAO contributors, and Aave Labs has always acted professionally. We even increased the budget to $5 million to try to retain us. However, we chose to leave because this collaboration no longer aligns with our core understanding of how “risk should be managed.”

Although there are differences between the two sides on the future path, I still believe that Aave Labs is acting in the way it believes to be most beneficial for Aave.

Why we chose to leave

Over the past three years, we have risen and fallen with Aave, going through multiple market crises—moments that almost tested every parameter we set and every machine learning model we built.

When we joined, the DAO’s annualized net expenditure was negative $35 million; a few months ago, its peak had already reached $150 million. In this process, as one of the core contributors, we truly felt proud.

People don’t easily give up an experience like this. Therefore, for the sake of transparency—and in the hope that it may provide reference for the DAO’s future—we set out the reasons here.

Money can solve many problems, but it cannot solve all of them. The deeper issue is that there is a structural disagreement between the two sides on the fundamental question of “how to manage risk.” As discussions about the future path continue, this disagreement becomes ever clearer.

In the end, the problem boils down to three points:

The departure of core Aave contributors has significantly increased workload and operational risk;

The rollout of V4 expands the scope of risk management responsibilities, adding operational and legal liabilities, while the architecture is not something we designed and not the kind of design we would adopt;

Over the past three years, we have always carried Aave’s risk management work while operating at a loss. Even with a $1 million budget increase, the overall operation would still remain loss-making.

This means there are only two choices left—and we cannot accept either of them:

Do our best with insufficient resources, but we cannot meet the risk management standards that “the world’s largest DeFi application” should have;

Continue to subsidize Aave’s risk operations with our own funds, while continuously bearing losses.

Even if economic issues are resolved, the disagreement between the two sides on risk priorities and management approaches still remains—and this is not something that can be solved simply by increasing the budget.

But none of this changes our view of this work.

For Chaos Labs, being able to contribute to Aave is always an honor—and it also means bearing a heavy responsibility. Our reputation comes from our track record. For every collaboration, either it is completed to the standards it deserves, or we do not do it.

People, technology, and operational experience

Aave is an excellent brand. Its leading position does not come from the flashiest features or the most aggressive growth strategy.

What truly keeps Aave ahead for the long term is its “reliability.” The brand and market sentiment are, in essence, just lagging reflections of its performance, safety, and risk management capabilities—especially in extreme market environments that destroy other participants. It is precisely on this foundation that the consensus of “Just Use Aave” gradually took shape.

Competitors have rolled out more aggressive mechanisms and growth strategies, but one after another, they collapsed due to risk management mistakes or security vulnerabilities. In a market composed of the world’s most volatile assets, “survivability” is itself a product. Whoever can manage risk better and for longer wins.

Aave’s real innovation shows up instead in areas that many protocols overlook: processes and infrastructure. The Risk Oracles we built and first deployed on Aave enable protocols to self-heal and update parameters in real time based on dynamic and sharply volatile market conditions. This infrastructure supports Aave expanding to over 250 markets across 19 blockchains—handling hundreds of parameter updates every month—while maintaining rigorous operational standards, thereby earning the trust Aave enjoys today.

Over the past year, Chaos Labs has executed and continuously pushed more than 2,000 risk parameter updates across Aave’s various markets, covering both manual adjustments and automated Risk Oracle management mechanisms. This infrastructure enables Aave to expand to more than 250 markets across 19 blockchains while still achieving real-time risk management.

The number of Aave risk parameter updates carried out through human operators and Chaos Risk Oracles.

This rigor comes from a specific collaboration system and execution stack: ACI is responsible for growth and governance (@Marczeller), TokenLogic is responsible for treasury management and growth (@Token_Logic), BGD is responsible for protocol engineering (@bgdlabs), and Chaos Labs is responsible for risk management.

Brand is the part the outside world can see. But what truly makes it worth seeing is the people, technology, and operational experience behind it.

GTM and institutional expansion

Our contribution is far more than risk management.

In the past few years, the crypto industry has rapidly moved toward institutionalization. The world’s largest financial institutions have started to access DeFi, but no matter how real the returns from “on-chain” activities are, they don’t outweigh one prerequisite: if institutions are worried that customer funds could be harmed, none of this matters. For any regulated entity, all discussion begins with risk and ends with risk. A few additional basis points of return are never worth taking principal risk. Institutions pursue risk-adjusted returns, and they will not allocate funds to a protocol that they cannot “explain clearly” to their compliance teams.

For this reason, Aave’s risk track record has become its most important GTM asset. And we, as the builders of that track record, can therefore speak directly with these institutions. At Aave Labs’ request, we took on this role—meeting with partners globally, producing research and due diligence materials, and personally participating in Aave’s institutional expansion. We also hope the DAO can continue to benefit from these accumulations in the coming months.

Ship of Theseus

If every plank of a ship is replaced, is it still the same ship? The name doesn’t change, the flag doesn’t change, but the underlying structure has long been different.

Aave is in a similar state now. The core contributors who built and operated V3 have left, and the operational experience that supported Aave through market cycles over the past three years has gone with them.

We are the last technical contributors still in this group.

V3 is still the largest application in DeFi by scale and requires 7×24×365 risk management. Although Aave Labs is optimistic about a rapid migration to V4, history shows that this kind of migration often takes months or even years. Until V4 fully takes over V3’s markets and liquidity, the two systems must run in parallel. The workload will not be halved—it will be doubled.

More importantly, there is operational experience. Even if we assume the capabilities of different teams are the same, the experience accumulated from running continuously for three years cannot be directly transferred during handover.

How long does it take to close this gap? Obviously not “zero.” And until the gap disappears, someone must bear the cost—and that responsibility almost entirely falls on us, while the budget is already insufficient even as the scope expands.

Brand continuity does not equal system continuity.

Why V4 is different

V4 is a completely new lending protocol, with entirely new smart contract code, system architecture, and design paradigms. Other than the name, it is almost nothing like Aave V3.

Architectural changes directly affect risk: more cross-market and cross-module interdependencies, a new credit structure, and adjusted liquidation logic. Any “second-order risks” of a new protocol will only gradually become apparent after real funds enter the system.

Taking responsibility for inheriting this framework means rebuilding the infrastructure, toolchain, and simulation systems, and conducting a complete operational run from 0 to 1 on a codebase that has not yet been market-tested. This scope is far beyond V3—and this is the core of our decision.

Risk is downstream of architecture. When architecture undergoes fundamental changes, risk management itself must be rebuilt. Unlike “standardized services” such as price oracles or reserve proofs, Risk Oracle and its supporting systems must be customized to the specific protocol architecture. Once the architecture is rewritten, the risk infrastructure must be rebuilt as well.

The issue is that the scope expands significantly, but resources are not increased accordingly. Aave Labs may be able to accept such a trade-off, but we cannot.

The real cost of this

We are giving up a $5 million partnership that has historically run well. For a startup, this is not a casual decision, so it deserves more thorough background explanation.

Compensation is only part of it. More important is a signal: how many resources an organization invests in risk reflects how it prioritizes risk.

At the same time, I also believe very few people truly understand the actual costs of such systems, the real expenditures, and the risks being borne. That is why I want to lay this out clearly here.

To be clear: the DAO has full authority to decide what it values and how much it is willing to pay for it. I have no objections to that. My responsibility is simply to judge whether these conditions fit us—and this time, they do not.

Compare Aave to banks

Aave often compares itself to banks, and we also look at it through that lens. Banks typically allocate 6%–10% of their income to compliance and risk infrastructure. In 2025, Aave’s revenue is $142 million, while our budget is $3 million—about 2%.

We estimate that the minimum risk budget for V3 + V4 should be $8 million, to cover a broader risk scope, additional infrastructure, and the GTM work we have already taken on—amounting to about 5.6% of revenue, which is still below the bank’s lower bound.

And even this comparison may be somewhat “lenient.” The openness of blockchains makes them more complex and more asymmetric in terms of market risk and network security risk. Because protocols are open source and transparent, the attack surface is visible to everyone. A series of recent attacks has already proven this is not theoretical risk. We believe that DeFi should invest more in risk management than traditional finance—not less.

Of course, Aave’s scale has almost no comparable peers in DeFi. Banks are merely a reference point for understanding how much institutions that usually take risk seriously invest. For a protocol, whether it has the “ability” to invest in risk is one thing; whether it “chooses” to invest is another.

For Aave, ability is not the problem: the DAO holds reserves of about $140 million, and Aave Labs has also just passed a $50 million self-funded proposal. Even if resources are scarce, the cost of risk management does not change. Budgets cannot reshape the threat structure—cost is cost.

Costs that don’t show up in the budget

Labor and infrastructure are just the visible costs. There are also implicit costs that are harder to quantify but still must be borne.

First is legal and institutional risk. In DeFi, doing risk management (whether as a risk manager or a treasury manager) faces responsibility boundaries that have not yet been clearly defined. Without a mature regulatory framework, without a “safe harbor,” and without clear legal definitions of what responsibilities a risk manager should bear when a protocol fails. When the system is operating normally, these efforts are “invisible”; but once something goes wrong, responsibility does not disappear.

Second is network and operational security. Providing risk services for a protocol that manages hundreds of billions of dollars of assets in itself makes it an attack target. The costs of building audits, monitoring, infrastructure, and internal control systems will rise in step with user deposit volumes.

These costs are not unique to us. Any team taking on that role at this scale will face the same exposure. The question is whether this kind of collaboration structure reflects that reality.

If the upside returns are limited while downside risk is unlimited, choosing to continue is not “having conviction”—it is actually a poor form of risk management.

Our principles

At Chaos, we always adhere to one simple principle: we only attach our name to work that we fully approve of.

When everything goes smoothly, it’s easy to stick to this principle. What truly matters is when it requires paying a price. Today, that price is $5 million.

I previously wrote about what institutional-grade risk management should look like in 《The Market Crypto Never Built》. This decision is a real-world expression of that belief. If we argue that the industry needs higher standards, we must first hold ourselves to those standards.

I hope V4 will succeed. If it turns out that our concerns are overestimated, that would be good news for the entire industry.

To the Aave community: Thank you for the trust during this time. It is our honor.