Aave is rewriting its risk playbook after the KelpDAO rsETH exploit showed that trouble outside Aave can still hit markets inside it. On June 9, governance proposed tighter rules in four areas: the assets it lists, the bridges tied to those assets, the automated systems watching for stress, and the chains where Aave deploys.
In plain terms, getting listed would require more upfront proof: audits, bug bounties, timelocks, legal disclosures, and clearer bridge designs checked by multiple independent verifiers. Aave also wants automated controls that can cut exposure or freeze assets when risk signals worsen.
That matters because the April 18 rsETH incident forced emergency action and fed a broader liquidity shock. Aave is now trying to catch those problems earlier and limit the blast radius when they happen.
The move also lines up with how larger clients are entering DeFi. BitGo now gives qualified custody clients access to Aave through Narval, with policy controls and transaction checks layered on top. Aave wants growth, but only with tighter gates around what gets listed, how it connects across chains, and how fast the protocol can react when something breaks.