Original Title: Chaos Labs Is Leaving Aave
Original Author: Omer Goldberg
Translation: Peggy, BlockBeats
Editor's Note: Chaos Labs has announced the proactive termination of its risk management collaboration with Aave and seeks to end this authorized relationship prematurely. As the core team responsible for risk pricing and management for Aave's V2 and V3 markets over the past three years, their exit occurs at a critical stage when Aave is advancing its V4 architectural reconstruction and institutional expansion.
In the statement, Chaos Labs emphasized that this decision is not due to short-term budget differences, but rather a divergence in understanding of the fundamental issue of "how risk should be managed." With the departure of core contributors, increasing system complexity, and the architectural rewrite brought by V4, the responsibilities and costs of risk management have significantly expanded, while resource input and prioritization have not adjusted accordingly.
The article further points out that as DeFi gradually attracts institutional funds, the risk record itself has become the most critical "entry asset." When protocols need to take on more complex system structures and higher standards of compliance simultaneously, risk is no longer just a technical issue but a foundational capability that determines whether it can operate sustainably.
As DeFi enters the next stage, the question is how risk management should be positioned and whether the industry is willing to bear the corresponding costs for it.
The following is the original text:
Since November 2022, Chaos Labs has been pricing every loan initiated on Aave and managing the risks of all Aave V2 and V3 markets across various networks, during which no materially impactful bad debts have occurred.
During this time, Aave's total value locked (TVL) grew from $5.2 billion to over $26 billion, with total deposits exceeding $2.5 trillion and over $2 billion in liquidations completed.
Today, we have decided to proactively end this authorized relationship and seek to terminate the collaboration early.
This decision was not made hastily. We have consistently collaborated in good faith with DAO contributors, and Aave Labs has remained professional, even raising the budget to $5 million to retain us. However, we chose to leave because this collaboration no longer aligns with our fundamental understanding of "how risk should be managed."
Although there are divergences in the future paths, I still believe Aave Labs is acting in a manner it believes to be most beneficial to Aave.
Why We Chose to Leave
Over the past three years, we have advanced and retreated with Aave, experiencing multiple market crises—these moments tested nearly every parameter we set and every machine learning model we built.
When we joined, the DAO's annual net expenditure was negative $35 million; a few months ago, its peak reached $150 million. Through this process, we genuinely felt proud to be one of the core contributors.
People do not easily give up such an experience. Therefore, for the sake of transparency and to provide some reference for the DAO's future, we outline the reasons here.
Funding can solve many problems, but not all. The deeper issue lies in the structural divergence between both parties on the fundamental question of "how to manage risk." As discussions about future paths continued, this divergence became increasingly clear.
Ultimately, the issues can be summarized in three points:
The departure of core Aave contributors has significantly increased the workload and operational risk;
The introduction of V4 expanded the scope of risk management functions, increasing operational and legal responsibilities, while its architecture was not designed by us and is not a design approach we would adopt;
Throughout the past three years, we have consistently handled Aave's risk management work while operating at a loss. Even with an increase of $1 million in budget, the overall operation would still remain in negative profit.
This implies only two options remain, neither of which we can accept:
To try our best with insufficient resources, but fail to meet the risk management standards that "the world's largest DeFi application" should possess;
To continue subsidizing Aave's risk operations with our own funds, continuously incurring losses.
Even if the economic issue is resolved, the divergence between both parties on risk priorities and management methods still exists, and this cannot be simply solved by increasing the budget.
However, none of this changes our perspective on this work.
For Chaos Labs, being able to contribute to Aave has always been an honor and carries a heavy responsibility. Our reputation comes from our past record. Every collaboration should either be completed according to its rightful standards or not done at all.
People, Technology, and Operational Experience
Aave is an excellent brand. Its leading position does not stem from the flashiest features or the most aggressive growth strategies.
What truly allows Aave to maintain a long-term advantage is its "reliability." The brand and market sentiment are essentially just lagging reflections of its performance, safety, and risk management capabilities—especially in those extreme market environments that destroy other participants. It is on this foundation that the consensus of "Just Use Aave" gradually forms.
Competitors have introduced more aggressive mechanisms and growth strategies but have collapsed one after another due to risk management missteps or security vulnerabilities. In a market composed of the world's most volatile assets, "survivability" itself is a product. Those who can manage risk better and longer will win.
The true innovation of Aave, paradoxically, lies in areas that many protocols overlook: processes and infrastructure. We developed and first launched the Risk Oracles on Aave, enabling the protocol to self-repair and update parameters in real-time according to dynamic and significantly fluctuating market conditions. This infrastructure supports Aave's extension to over 250 markets across 19 blockchains, processing hundreds of parameter updates monthly while maintaining rigorous operational standards, earning today's trust.
In the past year, Chaos Labs has executed and continuously pushed over 2,000 risk parameter updates across Aave's markets, covering both manual adjustments and automated Risk Oracle management mechanisms. This infrastructure has enabled Aave to expand to over 250 markets across 19 blockchains while still achieving real-time risk management.
The number of Aave risk parameter updates executed by manual managers and Chaos Risk Oracles.
This rigor comes from a specific collaborative system and execution stack: ACI is responsible for growth and governance (@Marczeller), TokenLogic manages funds and growth (@Token_Logic), BGD is responsible for protocol engineering (@bgdlabs), while Chaos Labs handles risk management.
The brand is the visible part to the outside world; what truly makes it worth seeing is the people, technology, and operational experience behind it.
GTM and Institutional Expansion
Our contributions extend far beyond risk management.
In recent years, the crypto industry has rapidly moved towards institutionalization. The world's largest financial institutions have begun to engage with DeFi, but no matter how real "on-chain" returns may be, it all hinges on a premise: if institutions are concerned that customer funds may be at risk, all of this is meaningless. For any regulated entity, all discussions start and end with risk. A few more basis points of yield have never justified taking on principal risk. Institutions seek risk-adjusted returns, and they will not allocate funds to a protocol that cannot be "clearly explained" to compliance teams.
For this reason, Aave's risk record has become its most important GTM asset. As the builders of this record, we can directly converse with these institutions. At the request of Aave Labs, we took on this role, meeting with partners globally, producing research and due diligence materials, and personally participating in Aave's institutional expansion. We hope that the DAO can continue to benefit from these accumulations in the coming months.
Theseus' Ship
If every plank of a ship is replaced, is it still the same ship? The name hasn't changed, the flag hasn't changed, but the foundation has already been different.
Aave is currently in such a state. The core contributors who built and operated V3 have already left, and the operational experience that supported Aave through market cycles over the past three years has also dissipated.
We are the last remaining technical contributors of this group.
V3 remains the largest application in DeFi, requiring 24/7/365 risk management. While Aave Labs is optimistic about the swift migration to V4, history demonstrates that such migrations often require months or even years. Before V4 fully assumes the markets and liquidity of V3, both systems must run in parallel. The workload will not be halved but rather doubled.
More critically is the operational experience. Even assuming different teams have the same capabilities, the experience accumulated over three years of continuous operation cannot be directly transferred during a handover.
How long will it take to bridge this gap? The answer is clearly not "zero." And before this gap disappears, someone must bear this cost—and this responsibility almost entirely falls on us while the budget is already insufficient as the scope expands.
The continuation of the brand does not equate to the continuation of the system.
Why V4 is Different
V4 is a brand new lending protocol, with entirely new smart contract code, system architecture, and design paradigms. Apart from the name, it bears almost no resemblance to Aave V3.
Changes at the architectural level directly impact risk: more interdependencies across markets and modules, a completely new credit structure, and adjusted liquidation logic. The "second-order risks" of any new protocol will only gradually manifest after real funds enter the system.
To take over this system responsibly means having to rebuild infrastructure, toolchains, and simulation systems, and to operate a complete operation from 0 to 1 on a codebase that has not yet undergone market testing. This scope is far greater than that of V3, and this is the essence of our decision.
Risk is downstream of architecture. When the architecture undergoes fundamental changes, risk management itself must also be restructured. Unlike standardized services like price oracles or reserve proofs, Risk Oracles and their supporting systems must be tailored to specific protocol architectures. Once the architecture is rewritten, the risk infrastructure also must be rebuilt.
The problem lies in the fact: the scope has significantly expanded, yet resources have not increased in parallel. Aave Labs may be able to accept this trade-off, but we cannot.
The Real Cost of This Matter
What we are giving up is a historically well-functioning, $5 million collaboration. For a startup, this is by no means a trivial decision, and it deserves fuller background explanation.
Compensation is only part of it; a more important signal is how much a organization invests in risk reflects its prioritization of risk.
At the same time, I believe that few truly understand the actual costs, real expenditures, and risks undertaken by such systems. Therefore, I hope to clarify these here.
It must be clear that the DAO has every right to decide what it values and what it is willing to pay for it. I have no objections to this. My responsibility is only to judge whether these conditions are suitable for us—and this time, they are not.
Comparing Aave to Banks
Aave often likens itself to banks, and we also use this standard. Banks typically allocate 6%–10% of revenue for compliance and risk infrastructure. In 2025, Aave's revenue is projected at $142 million, while our budget is $3 million, accounting for about 2%.
We estimate that the minimum risk budget for V3 + V4 should be $8 million to cover a wider range of risks, additional infrastructure, and the GTM work we have already undertaken, accounting for about 5.6% of revenues, still below the lower limit for banks.
This comparison might even lean towards being "lenient." The openness of blockchain makes it more complex and asymmetrical in terms of market risk and cybersecurity risk. Open-source and transparent protocols mean that the attack surface is visible to everyone. Recent series of attacks have proven that this is not just a theoretical risk. We believe that DeFi should invest more in risk than traditional finance, not less.
Of course, Aave's scale has nearly no comparable objects in DeFi; banks are just a reference point for understanding how much institutions that "take risk seriously" typically invest. Whether a protocol "has the capacity" to invest in risk and whether it "chooses to invest" are two different things.
For Aave, ability isn't the issue: the DAO holds approximately $140 million in reserves, and Aave Labs just passed a $50 million self-funded proposal. But even with scarce resources, the cost of risk management will not change as a result. The budget cannot reshape the threat structure—cost is cost.
Costs That Won't Appear in the Budget
Human resources and infrastructure are just the visible costs; there are also harder-to-quantify but necessary implicit costs.
The first is legal and institutional risk. Engaging in risk management in DeFi (whether as risk managers or treasury managers) faces unclear responsibility boundaries. There is no mature regulatory framework, no "safe harbor," and no clear legal definition of what responsibilities risk managers should bear when protocols fail. These responsibilities are "invisible" when systems operate normally; however, they do not disappear once problems arise.
The second is network and operational security. Providing risk services for a protocol managing hundreds of billions in assets will itself become a target for attacks. The costs for audits, monitoring, infrastructure, and internal control systems will rise in tandem with the scale of user deposits.
These costs are not unique to us. Any team undertaking this role at this scale will face the same exposure. The question is whether such a collaborative structure reflects this reality.
If the upside returns are limited while the downside risk is unlimited, then choosing to continue is not a matter of "having faith," but rather a form of poor risk management.
Our Principles
At Chaos, we adhere to a simple principle: only sign off on work we fully endorse.
When everything goes smoothly, this principle is easy to maintain; what truly matters is when it comes at a cost. Today, that cost amounts to $5 million.
I have previously written about what institutional-level risk management should look like in "The Market Crypto Never Built." This decision is a manifestation of that belief in reality. If we advocate for the industry to hold higher standards, we must first apply those standards to ourselves.
I hope V4 will succeed. If it turns out our concerns are overestimated, that would be a good thing for the entire industry.
To the Aave community: Thank you for your trust during this time; it has been our honor.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
