Original title: Chaos Labs Is Leaving Aave
This post is part of our special coverage Syria Protests 2011
Photo by Peggy Block Beats

The editor declared his initiative to end risk management cooperation with Aave and sought an early termination of the authorized relationship. As the core team that has provided risk pricing and management for all Aave V2 and V3 markets over the past three years, the departure took place at a critical stage when Aave was advancing the restructuring and institutionalization of the V4 architecture。

In the note, Chaos Labs stressed that this decision did not stem from short-term budgetary differences, but rather from a perception bias between the two sides on the fundamental issue of "how risks should be managed". With the loss of core contributors, the increased complexity of the system and the rewriting of the architecture brought about by V4, the responsibility and cost of risk management have expanded significantly, but the prioritization of resource inputs has not been synchronized。

The article further noted that in the process of DeFi gradually attracting institutional funds, risk recording itself has become the most critical "accessible asset". When agreements need to be accompanied by more complex systems structures and higher standards of compliance, the risk is no longer just a technical issue, but rather a bottom-up capability to determine their sustainability。

When DeFi enters the next phase, where risk management should be placed and whether industry is willing to bear the corresponding costs。

The following is the original text:

Since November 2022, Chaos Labs has priced every loan launched on Aave and managed the risks of all Aave V2 and V3 markets and networks, during which no bad debts with material impact occurred。

During this period, Aave ' s total warehouse volume (TVL) increased from $5.2 billion to over $26 billion, accumulated deposits over $2.5 trillion and completed liquidations over $2 billion。

Today, we have decided to take the initiative to end this mandate and to seek early termination of cooperation。

This decision was not taken in haste. We have always worked with DAO contributors in good faith, and Aave Labs has always remained professional and raised the budget to $5 million to keep us. However, we chose to leave because this cooperation no longer corresponds to our basic understanding of how risk should be managed。

In spite of the differences between the two sides on the way forward, I believe that Aave Labs is acting in the manner that he understands, in the best interests of Aave。

Why did we choose to leave

Over the past three years, we've been through a lot of market crises with Aave. I don't know. These moments have tested almost every parameter we set and every machine learning model we build。

AT THE TIME OF OUR ACCESSION, DAO ' S ANNUAL NET EXPENDITURE WAS NEGATIVE $35 MILLION; A FEW MONTHS AGO, IT PEAKED AT $150 MILLION. IN THIS PROCESS, WE ARE INDEED PROUD, AS ONE OF THE CORE CONTRIBUTORS。

ONE CANNOT EASILY GIVE UP SUCH AN EXPERIENCE. SO, FOR REASONS OF TRANSPARENCY, WE WOULD ALSO LIKE TO REFER TO THE FUTURE OF DAO, FOR WHICH WE ARE HERE。

Funding can solve many problems, but not all. The deeper problem is that there are structural differences on the fundamental issue of how to manage risk. This divergence has become clearer with the ongoing discussion of the way forward。

Ultimately, the problem focuses on three points:

The departure of the core Aave contributor has significantly increased the workload and operational risks

THE ROLL-OUT OF V4 HAS BROADENED THE SCOPE OF THE RISK MANAGEMENT FUNCTION TO INCLUDE OPERATIONAL AND LEGAL RESPONSIBILITIES, AND ITS ARCHITECTURE IS NOT DESIGNED BY US, NOR IS IT THE DESIGN THAT WE WILL ADOPT

Over the past three years, we have been taking on Aave's risk management as a loss. Even with a budget increase of $1 million, the overall operation would remain negative。

This means that there are only two options left, both of which we cannot accept:

(b) Do what is needed in the absence of adequate resources, but do not meet the risk management standards required for the "largest DeFi application in the world"

Continue to operate at risk with its own funds and sustain losses。

Even if economic problems were resolved, differences between the two sides over risk priorities and management patterns remained, which could not be resolved by simply increasing the budget。

But none of this will change our perception of this work。

For Chaos Labs, it has always been an honour and a heavy responsibility to contribute to Aave. Our reputation comes from past records. Each cooperation is either carried out in accordance with the standards it deserves or not。

People, technology and operational experience

Aave is an excellent brand. Its leading position does not stem from the most spectacular functions or the most radical growth strategies。

What really gives Aave a long-term advantage is his "reliability". Branding and market sentiment are essentially a reflection of the lag in their performance, safety and risk management capacity — especially in extreme market environments that destroy other players. It is on this basis that the consensus of "Just Use Aave" has evolved。

Competing parties have introduced more radical mechanisms and growth strategies, but one after another have collapsed because of risk management failures or security loopholes. In a market made up of the world's most volatile assets, "survival" itself is a product. Those who manage risk better and longer will win。

Aave's real innovation is reflected in areas that many agreements ignore: processes and infrastructure. We built and launched the Risk Oracles on Aave for the first time, so that the agreement can be self-rehabilitated and the parameters updated in real time according to dynamic and volatile market conditions. This infrastructure supports the expansion of Aave to more than 250 markets on 19 block chains, processing hundreds of monthly updates of parameters while maintaining rigorous operating standards, thus winning today ' s trust。

During the past year, Chaos Labs implemented and continued to carry out updates of more than 2000 risk parameters in Aave markets, covering the Risk Oracle management mechanism for manual adjustment and automation. This infrastructure has enabled Aave to expand to over 250 markets in 19 block chains while still achieving real-time risk management

Number of updates of Aave risk parameters implemented through manual managers and Chaos Risk Oracles。

This rigour stems from a specific system of collaboration and execution: ACI for growth and governance (@Marczeller), TokenLogic for fund management and growth (@Token Logic), BGD for protocol works (@bgdlabs) and Chaos Labs for risk management。

The brand, which is seen outside, is really worth seeing, and it is the people behind it, the technology and the business experience。

GTM AND INSTITUTIONAL EXPANSION

Our contribution goes far beyond risk management。

Over the past few years, the encryption industry has moved rapidly towards institutionalization. The world's largest financial institution has started to access DeFi, but the "uplink" gains can only be real: It would be pointless if the agency feared that the client's funds might be damaged. For any regulated entity, all discussions begin and end at risk. A few more basis points would never be worth the principal risk. Agencies seek risk-adjusted benefits, and they do not allocate funds to an agreement that cannot be explained to the compliance team。

That is why Aave's risk record became its most important GTM asset. And we, as the builders of this record, are thus able to speak directly to these institutions. At the request of Aave Labs, we assumed this role by meeting with partners on a global scale, producing research and refining materials, and personally participating in the expansion of Aave's institutions. We also hope that DAO will continue to benefit from these accumulations in the coming months。

The ship of Teshus

If every piece of wood on a ship is replaced, is it the same ship? The name hasn't changed, the flag hasn't changed, but the bottom is different。

Aave is in this state right now. The core contributors to the construction and operation of V3 have left, and the business experience of supporting Aave through the market cycle over the past three years has also been lost。

We are the last remaining technical contributor to this group。

V3 continues to be the largest application in DeFi, requiring 7x24x365 risk management. While Aave Labs is optimistic about the rapid movement of V4, history has shown that such movements often take months or even years. Until V4 fully covers V3 markets and liquidity, both systems must operate in parallel. The workload would not be halved, but would be doubled。

More crucial is operational experience. Even assuming that different teams have the same capacity, the experience gained from three years of continuous operation cannot be transferred directly during the handover。

How long will it take to fill this gap? The answer is clearly not "zero". And before the gap disappears, it must be borne by someone — a responsibility that falls almost entirely on us — while the budget is insufficient in the context of an expanded scope。

The continuation of the brand is not equivalent to the continuation of the system。

WHY IS V4 DIFFERENT

V4 is an entirely new lending agreement with brand new smart contract codes, systems architecture and design paradigms. Except for the name, it's almost nothing like Aave V3。

Changes at the structural level directly affect risks: more cross-market, cross-module interdependence, completely new credit structures, and adjusted liquidation logic. And the "second-level risk" of any new agreement will only become apparent when real money enters the system。

A RESPONSIBLE TAKEOVER OF THE SYSTEM MEANS THAT INFRASTRUCTURE, TOOL CHAINS AND SIMULATION SYSTEMS NEED TO BE RE-ENGINEERED AND FULLY OPERATED IN A CODE LIBRARY THAT HAS NOT YET UNDERGONE MARKET TESTING, FROM 0 TO 1. THIS IS MUCH GREATER THAN V3, WHICH IS AT THE HEART OF OUR DECISION-MAKING。

Risk is the downstream of the architecture. When the architecture changes fundamentally, risk management itself must be re-engineered. Unlike "standardized services" such as price forecasters or reserve certificates, Risk Oracle and its supporting systems must be tailored to specific protocol structures. Once the architecture is rewritten, the risk infrastructure must also be rebuilt。

The problem was that there had been a significant expansion, but resources had not increased simultaneously. Aave Labs may accept such a trade-off, but we can't。

The real cost of this

We gave up a well-functioning $5 million partnership in history. This is by no means reckless for a start-up company and therefore deserves a fuller background。

Compensation is only part of it, and more importantly a signal of how much an organization invests in risk, reflecting its priority for risk。

At the same time, I believe that very few really understand the real costs of such systems, the real expenditures and the risks they take. It is therefore to be clear here。

IT NEEDS TO BE CLEAR THAT DAO HAS EVERY RIGHT TO DECIDE WHAT IT VALUES AND HOW MUCH IT IS WILLING TO PAY FOR IT. I HAVE NO OBJECTION TO THAT. IT IS MY DUTY TO JUDGE WHETHER THESE CONDITIONS ARE SUITABLE FOR US — THIS TIME, NOT FOR US。

Compare aave with the bank

Aave often compared himself to banks, and we look at it with that standard. Banks usually spend 6 per cent-10 per cent of their revenues on compliance and risk infrastructure. In 2025, Aave earned $142 million, while our budget was $3 million, or about 2 per cent。

WE ESTIMATE THAT THE MINIMUM RISK BUDGET FOR V3 + V4 SHOULD BE US$ 8 MILLION, COVERING A WIDER RANGE OF RISKS, ADDITIONAL INFRASTRUCTURE AND THE GTM WORK THAT WE HAVE UNDERTAKEN, REPRESENTING ABOUT 5.6 PER CENT OF REVENUES, STILL BELOW THE BANKING THRESHOLD。

And this comparison may even be "lax". The openness of block chains makes them more complex and asymmetric in terms of market and network security risks. Transparency in the opening of agreements means that the face of the attack is equally visible to all. A series of recent attacks have proved that this is not a theoretical risk. In our view, DeFi should be better at risk inputs than traditional finance, not lower。

Of course, the size of Aave is hardly comparable in DeFi, and banks are only a reference system for understanding how much the agency that takes risks seriously usually invests. There are two different things about whether an agreement is "capable" of putting in risk, and whether it is "chosen to do."。

Capacity is not a problem for Aave: DAO holds approximately $140 million in reserves, and Aave Labs has just adopted a $50 million self-financing proposal. But even if resources are scarce, the cost of risk management will not change. Budgets cannot reshape threat structures — costs are costs。

Those costs that don't appear in the budget

Human resources and infrastructure are only visible costs, with hidden costs that are more difficult to quantify but must be borne。

First, there are legal and institutional risks. Risk management in DeFi (whether it is a risk manager or a treasury manager) faces an undefined liability boundary. There is no mature regulatory framework, there is no “safe harbour”, and there is no clear law defining the responsibilities of risk managers when agreements fail. When the system works, the work is "unseeable"; if there is a problem, responsibility does not disappear。

Second, network and operational security. By providing risk services for an agreement to manage tens of billions of dollars of assets, it will itself be targeted. The construction costs of audit, monitoring, infrastructure and internal control systems will rise in step with the size of the user deposits。

These costs are not unique to us. Any team that assumes that role on this scale faces the same exposure. The question is whether such a structure of cooperation reflects this reality。

If there are limited upside returns and no limit to downward risks, then the choice continues, not " with faith " , but rather with bad risk management。

Our principles

In Chaos, we have always adhered to the simple principle that we only sign the work that we fully endorse。

That principle can easily be upheld when everything goes well; what really matters is when it has to pay. Today, the price is $5 million。

As I wrote in The Market Cripto Never Built, what ERM should look like. This decision is the expression of that conviction in reality. If we argue that industry needs higher standards, they must first be applied to itself。

I HOPE V4 SUCCEEDS. IF IT TURNS OUT THAT OUR CONCERNS ARE OVERESTIMATED, IT IS GOOD FOR THE INDUSTRY AS A WHOLE。

To Aave Community: It's an honor to thank you for your trust

[ Chuckles ]Original Link]