Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Chaos Labs Exits, Who Will Pick Up Aave's Risk?
Original Title: Chaos Labs Is Leaving Aave
Original Author: Omer Goldberg
Translation: Peggy, BlockBeats
Editor's Note: Chaos Labs has announced the proactive termination of its risk management collaboration with Aave, seeking an early end to this authorization. As the core team that has provided risk pricing and management for all V2 and V3 markets of Aave over the past three years, their departure comes at a key stage as Aave advances its V4 architecture overhaul and institutional expansion.
In their statement, Chaos Labs emphasizes that this decision stems not from short-term budget disagreements but from a fundamental cognitive gap between both parties on "how risk should be managed." With core contributors exiting, increasing system complexity, and the significant expansion of risk management responsibilities and costs due to V4's architectural rewrite, resource allocation and prioritization have not been synchronously adjusted.
The article further points out that in the process of DeFi gradually attracting institutional funds, the risk track record itself has become the most crucial "admission asset." As the protocol needs to concurrently accommodate more complex system structures and higher compliance standards, risk is no longer just a technical issue but a fundamental capability that determines its ability to sustain operation.
As DeFi enters the next stage, where should risk management be positioned, and is the industry willing to bear the corresponding costs for it.
Below is the original text:
Since November 2022, Chaos Labs has priced every loan initiated on Aave, and has been responsible for managing all risks of Aave V2 and V3 markets and networks, during which no substantively impactful defaults have occurred.
During this time, Aave's Total Value Locked (TVL) has grown from $5.2 billion to over $26 billion, with a cumulative deposit size exceeding $2.5 trillion and over $20 billion in liquidations completed.
Today, we have decided to proactively end this authorization and seek an early termination of our collaboration.
This decision was not made hastily. We have always cooperated with goodwill with DAO contributors, and Aave Labs has also remained professional, even raising the budget to $5 million to retain us. However, we have chosen to leave because this collaboration no longer aligns with our fundamental understanding of "how risk should be managed."
Despite diverging views on the future path, I still believe that Aave Labs is acting in the best interest of Aave as they understand it.
Why We Chose to Leave
Over the past three years, we have stood by Aave through multiple market crises—moments that stress-tested nearly every parameter we set and every machine learning model we built.
When we joined, the DAO's annualized net spend was minus 35 million dollars; a few months ago, it peaked at 150 million dollars. Throughout this process, as core contributors, we have indeed felt proud.
People don't easily walk away from such an experience. Therefore, for the sake of transparency and in hopes of providing a reference for the DAO's future, we outline the reasons here.
Money can solve many problems, but not all. The deeper issue lies in the fundamental structural disagreement between both parties on "how to manage risk." As discussions about the future path continued, this rift became more apparent.
Ultimately, the issues center around three points:
The departure of core Aave contributors significantly increased workload and operational risk;
The launch of V4 expanded the scope of risk management functions, added operational and legal responsibilities, and its architecture was not designed by us nor in a way we would adopt;
For the past three years, we have been conducting risk management for Aave at a loss. Even with a budget increase of 1 million dollars, the overall operation would still be in a negative profit.
This means there are only two options left, both of which we cannot accept:
Do our best with insufficient resources but fail to meet the risk management standards required for the "world's largest DeFi application;"
Continue to subsidize Aave's risk operations with our own funds, enduring ongoing losses.
Even if the financial issues were resolved, the divergence between both parties on risk prioritization and management styles would persist, and this is not something that can be purely solved by increasing the budget.
But none of this changes our view of the work.
For Chaos Labs, being able to contribute to Aave has always been an honor and a heavy responsibility. Our reputation is built on past performance. Every collaboration is either done to the standard it deserves or not done at all.
People, Technology, and Operational Expertise
Aave is an outstanding brand. Its leadership position is not derived from the flashiest features or the most aggressive growth strategy.
What truly allows Aave to maintain a long-term advantage is its "reliability." The brand's standing in the market is essentially just a lagging reflection of its performance, security, and risk management capabilities—especially in those extreme market conditions that have destroyed other participants. It is on this foundation that the consensus of "Just Use Aave" has gradually formed.
Competitors have introduced more aggressive mechanisms and growth strategies, but one by one, they have collapsed due to risk management mistakes or security vulnerabilities. In a market composed of the world's most volatile assets, "survivability" is a product in itself. The one who can better and longer manage risk will emerge victorious.
Aave's true innovation, on the contrary, lies in areas that many protocols overlook: processes and infrastructure. We built and first launched Risk Oracles on Aave, enabling the protocol to achieve self-recovery and real-time parameter updates based on dynamic and volatile market conditions. This infrastructure supports Aave's expansion to over 250 markets on 19 blockchains, processing hundreds of parameter updates per month, all while maintaining rigorous operational standards, thereby earning today's trust.
Over the past year, Chaos Labs has executed and continuously pushed out over 2000 risk parameter updates across all Aave markets, covering a combination of manual adjustments and automated Risk Oracle management mechanisms. This infrastructure has enabled Aave to expand to over 250 markets on 19 blockchains, still achieving real-time risk management.
Number of Aave risk parameter updates executed by manual stewards and Chaos Risk Oracles.
This rigor stems from a specific collaborative system and execution stack: ACI is responsible for growth and governance (@Marczeller), TokenLogic handles fund management and growth (@Token_Logic), BGD is in charge of protocol engineering (@bgdlabs), and Chaos Labs oversees risk management.
The brand is what the outside world sees; but what truly makes it worth seeing is the people, technology, and operational experience behind it.
GTM and Institutional Expansion
Our contribution goes far beyond risk management.
Over the past few years, the crypto industry has rapidly moved towards institutionalization. The world's largest financial institutions have started accessing DeFi, but the "on-chain" returns, no matter how real, are not worth it if there is one premise: if institutions are concerned that customer funds may be at risk, none of this makes sense. For any regulated entity, all discussions start with risk and end with risk. A few extra basis points of return are never worth the principal risk. Institutions seek risk-adjusted returns, and they will not allocate funds to a protocol that cannot be "well-explained" to a compliance team.
It is for this reason that Aave's risk narrative has become its most important GTM asset. And we, as the builders of this narrative, are therefore able to engage directly with these institutions. At the request of Aave Labs, we have taken on this role, meeting with partners globally, producing research and due diligence materials, and personally participating in Aave's institutional expansion. We also hope that the DAO will continue to benefit from these efforts in the coming months.
Ship of Theseus
If every plank of a ship has been replaced, is it still the same ship? The name remains, the flag remains, but the underlying is fundamentally different.
This is the state Aave finds itself in now. The core contributors who built and operated V3 have departed, taking with them three years of operational experience that supported Aave through market cycles.
We are the last remaining technical contributors from that cohort.
V3 still stands as the largest-scale application in DeFi, requiring 7x24x365 risk management. While Aave Labs is optimistic about the rapid migration to V4, history suggests that such migrations often take months or even years. Both systems must run in parallel until V4 fully takes over the market and liquidity from V3. The workload will not halve but double.
More crucial is the operational experience. Even assuming equal team capabilities, the experience accumulated from three years of continuous operation cannot be directly transferred in a handover.
How long will it take to bridge this gap? The answer is certainly not "zero." And until the gap is closed, someone must bear this cost—and this responsibility falls almost entirely on us, with a budget that is already insufficient as the scope expands.
Continuing the brand does not equate to continuing the system.
Why V4 is Different
V4 is a brand new lending protocol with entirely new smart contract code, system architecture, and design paradigm. Other than the name, it bears little resemblance to Aave V3.
The architectural changes directly impact risk: more cross-market, cross-module interdependencies, a brand new credit model, and adjusted liquidation logic. And any "second-order risk" of a new protocol only becomes apparent as real funds flow in.
Taking custody of this system responsibly means needing to rebuild infrastructure, tooling, and sim systems and redo a full-operational 0 to 1 on an unmarket-tested codebase. This scope is significantly larger than V3, and that's exactly where our convictions lie.
Risk is downstream of architecture. When architecture fundamentally changes, risk management must also be rearchitected. Unlike "standardized services" like price oracles or reserve proofs, the Risk Oracle and its system must be tailored to a protocol's specific architecture. Once the architecture is rewritten, risk infrastructure must also be rebuilt.
The issue is that while the scope has significantly increased, resources have not increased in tandem. Aave Labs may be able to accept such trade-offs, but we cannot.
The Real Cost of This
What we gave up was a historically well-functioning $5M partnership. For a startup, this is far from a trivial decision and thus merits fuller context.
The compensation is just one part; more importantly, it's a signal: how much resource an organization allocates to risk speaks volumes about its risk priorities.
At the same time, I also believe that few people truly understand the actual costs, real expenses, and risks involved in such systems. Therefore, I hope to clarify these here.
It needs to be clear: a DAO has every right to decide what it values and how much it's willing to pay. I have no dispute with that. My duty is solely to judge whether those terms are right for us—and this time, they are not.
Comparing Aave to Banks
Aave often compares itself to banks, and we use this benchmark as well. Banks typically allocate 6%–10% of their revenue to compliance and risk infrastructure. By 2025, Aave's revenue is projected to be $142M, and our budget is $3M, representing around 2%.
We estimate that the minimum risk budget for V3 + V4 should be $8M to cover a broader risk spectrum, additional infrastructure, and the GTM work we've already undertaken, representing 5.6% of revenue, still below the lower end for banks.
And this comparison might even be leaning towards the "lenient" side. The openness of blockchain makes it more complex and asymmetric in terms of market risk and network security risk. The protocol's open-source transparency means that the attack surface is equally visible to everyone. A recent series of attacks has proven that this is not just a theoretical risk. We believe that in terms of risk tolerance, DeFi should be higher than traditional finance, not lower.
Of course, Aave's scale in DeFi has almost no comparable counterpart. A bank is just a reference point used to understand how much institutions that take "risk management" seriously usually invest. Whether a protocol has the "ability" to take on risk is different from whether it "chooses to."
For Aave, the ability is not the issue: the DAO holds around $140 million in reserves, and Aave Labs has just passed a $50 million self-funding proposal. But even with scarce resources, the cost of risk management will not change. Budgets cannot reshape threat structures — cost is cost.
Costs That Won't Appear in the Budget
Human resources and infrastructure are just explicit costs; there are also more difficult-to-quantify but necessary implicit costs.
First, there is legal and institutional risk. Engaging in risk management in DeFi (whether as a risk manager or a treasury manager) faces responsibility boundaries that have not yet been clearly defined. Without a mature regulatory framework, without a "safe harbor," and without clear legal delineation of the responsibilities risk managers should bear when a protocol fails, these are "invisible" tasks when the system is running as expected; the responsibility will not disappear once something goes wrong.
Second, there is network and operational security. Providing risk services for a protocol managing assets worth hundreds of billions of dollars makes it a target for attacks itself. The costs of audit, monitoring, infrastructure, and internal control system development will rise in sync with the user deposit scale.
These costs are not exclusive to us. Any team taking on this role at this scale will face similar exposures. The question is whether such a collaboration structure reflects this reality.
If the upside return is limited and the downside risk is unlimited, then choosing to continue is not about "having faith" but rather poor risk management.
Our Principles
At Chaos, we always adhere to a simple principle: only sign up for work that we fully endorse.
When everything is going well, this principle is easy to uphold; what truly matters is when it comes at a cost. Today, that cost is $5 million.
I've written about what institutional-grade risk management should look like in "The Market Crypto Never Built." This decision is a manifestation of that belief in reality. If we argue that the industry needs higher standards, we must first adhere to those standards ourselves.
I hope V4 succeeds. If it turns out that our concerns were overstated, it will be good for the entire industry.
To the Aave community: Thank you for your trust during this time; it has been our privilege.
App