Has Aave changed? Chaos Labs, the risk control partner, publicly reveals the behind-the-scenes of their "breakup"

Compilation: Plain Language Blockchain

Since November 2022, Chaos Labs has priced every loan initiated for Aave and managed the risk across all markets and networks of Aave V2 and V3, achieving zero major bad debts.

During this period, Aave’s TVL (Total Value Locked) grew from $5.2 billion to over $26 billion, facilitating over $2.5 trillion in cumulative deposits and handling more than $2 billion in liquidations.

Today, we will relinquish this authorization and seek to proactively terminate our partnership. This decision was not made lightly. We have had sincere discussions with the DAO contributors. Aave Labs is very professional and supported increasing our budget to $5 million to retain us. However, the reason we are leaving is because the current mode of cooperation no longer reflects how we believe risk should be managed. Although we did not reach an agreement on the future path, I believe Aave Labs is doing what it considers to be in the best interest of Aave.

Why we are leaving

For three years, we have worked closely with Aave, experiencing market crises that tested every parameter we set and every machine learning model we built. When we joined, the DAO’s annual loss was $35 million. At its peak a few months ago, its revenue reached $150 million. We are genuinely proud to have been core contributors during that period. Without good reasons, no one would leave such achievements. Therefore, for transparency and to help the DAO’s future development, here are our reasons.

Money can solve many problems, but not all. Deeper issues stem from fundamental disagreements over Aave’s risk management approach. The more we discussed, the clearer these disagreements became. They mainly boil down to three points:

1. Core contributors to Aave have left, leading to a significant increase in workload and operational risk.
2. V4 expanded the scope of risk functions, increasing operational and legal burdens, and its architecture was not designed by us; even if it had been, we wouldn’t adopt this approach.
3. Over the past three years, we have been operating Aave at a loss. Even with an increased budget of $1 million, our gross profit managing Aave’s risk remains negative.

This leaves us with two options, both of which we are unwilling to accept:

• Do our best with limited resources, knowing this cannot meet the standards required of the world’s largest DeFi application.
• Subsidize Aave’s risk operations with money and continue to incur losses.

But even if the economic issues are resolved, disagreements over risk priorities and management approaches still exist. These cannot be fixed simply by increasing the budget.

This does not change our view of the work itself. Chaos Labs has always regarded contributing to Aave as an honor, accompanied by great responsibility. Our reputation is our track record. Every task must meet its required standards, or not be done at all.

Personnel, Technology, and Operational Experience

Aave is a great brand. Its dominance has never been due to having the most glamorous features or the most aggressive growth strategies.

What keeps Aave at the top in the long run is its reliability. Brand and reputation are always lagging indicators of its performance, security, and risk management. For this reason, “Just Use Aave” emerged.

Competitors have launched more exotic mechanisms and more aggressive strategies, but all have collapsed due to risk management failures or security vulnerabilities. In markets with high volatility, survival is the product. The one who manages risk best and lasts longest is the winner.

Aave’s innovation lies in areas most protocols ignore: processes and infrastructure. We built and pioneered the launch of Risk Oracles on Aave, allowing the protocol to self-heal and update parameters in real-time based on dynamic, volatile market conditions. This infrastructure has helped Aave expand to over 250 markets across 19 blockchains, transmitting hundreds of parameter updates monthly while maintaining operational rigor.

Over the past year, Chaos Labs has executed and transmitted more than 2,000 risk parameter updates on Aave markets through manual and automated Risk Oracles.

This rigor is the result of the combined efforts of specific actors and architecture: responsible for growth/governance, ACI (@Marczeller); responsible for treasury/growth, TokenLogic (@Token_Logic); responsible for protocol engineering, BGD (@bgdlabs); and responsible for risk, Chaos Labs. Brand is what people see on the surface, but personnel, technology, and operational experience are the core support of this brand.

Market Entry (GTM) and Institutional Expansion

Our contribution goes far beyond risk management itself. In recent years, cryptocurrency has rapidly institutionalized. The world’s largest financial institutions are now integrating DeFi, but if institutions worry about losing client deposits, the on-chain benefits become meaningless. For any regulated entity, the starting and ending point of the conversation is risk. This reality makes Aave’s risk record its most valuable market asset. As the team responsible for this record, we also communicate directly with these institutions on behalf of Aave, producing research reports and due diligence materials to support Aave’s institutional expansion.

Theseus’ Ship

If you replace every plank on a ship, is it still the same ship? The name and flag remain unchanged, but everything underneath has changed. That’s the current state of Aave. The core contributors who built and operated V3 have left. We are among the last remaining technical contributors from that group.

V3 remains the largest application in DeFi, requiring risk management 24/7/365. Although Aave Labs is optimistic about a rapid migration to V4, history shows such transitions typically take months or even years. Before V4 fully absorbs V3’s markets and liquidity, the workload not only does not decrease but doubles. Even with equivalent team capacity, the knowledge accumulated over three years of continuous operation cannot be fully transferred during handover. Until the gap is bridged, someone must bear the cost of closing it, and that responsibility falls entirely on us.

Why V4 is different

V4 is a completely new lending protocol, with new smart contract codebases, new system architecture, and new paradigms. Aside from the name, its only similarity to V3 is the name itself. The architectural changes directly impact risk: more complex cross-chain/cross-market dependencies, new credit structures, modified liquidation logic. When the architecture is completely rewritten, the risk infrastructure must be rewritten accordingly. As a result, the scope of work expands significantly, but resource allocation has not kept pace. Aave Labs may accept this trade-off, but we do not.

What is the actual cost

We are giving up a project worth $5 million that has proven effective historically. As a startup, this is no easy decision. Compensation is part of the story, but more importantly, it’s a signal: the level of an organization’s investment in risk reflects how much it values risk.

• Compared to banks: Banks allocate 6% to 10% of their revenue to compliance and risk infrastructure. In 2025, Aave generated $142 million in revenue, and our budget accounts for only about 2%.
• Estimated needs: We estimate the minimum risk budget for V3 + V4 to be $8 million (about 5.6% of revenue), still below the banking baseline.

I believe DeFi’s investment in risk management should surpass traditional finance, not lag behind. For Aave, affordability is not a limiting factor (its treasury holds $140 million, and Aave Labs just passed a $50 million self-funding proposal). But regardless of resource scarcity, the cost of risk management does not change. Budgets do not reshape threat landscapes; costs are costs.

Hidden costs in the budget

1. Legal and institutional risk exposure: The boundaries of liability in DeFi risk management are still unclear. If everything goes well, the work is invisible; if problems arise, blame follows.
2. Network and operational security: Managing risks for hundreds of billions in funds makes you a target. Ensuring the security of risk management systems involves audits, monitoring, and internal controls, with costs scaling as user deposits grow.

If returns are incremental and risks are infinite, then agreeing to cooperate is not “faith,” but “poor risk management.”

Our values

Chaos Labs always adheres to a simple principle: We only sign off on work we fully believe in. When things go smoothly, promoting this principle is easy; when it costs you (as it did today, costing us $50 million), it truly matters. If we believe the industry needs higher standards, we must first demand them of ourselves.

I hope V4 succeeds, and if my concerns turn out to be unnecessary, that’s good for everyone. To the Aave community: thank you for your trust. It has been an honor.

Link to this article: https://www.hellobtc.com/kp/du/04/6280.html

Source: