Aave deepens trust crisis: service providers collectively withdraw, technology, governance, and risk control all compromised

Author: Jae, PANews

Compared to external pressures in a bear market, Aave’s internal issues have instead revealed a “black swan.”

Long-standing as the king of the lending sector, Aave is now experiencing its most severe ecological upheaval since its inception. No hacker attacks, no code vulnerabilities—only a loss of control and conflicting interests.

From the decisive departure of the technical pillar BGD Labs, to the public split with governance pioneer ACI (Aave Chan Initiative), and the official severance from risk management firm Chaos Labs, a “mass withdrawal” of service providers is unfolding.

This conflict runs far deeper than a simple cooperation dispute; it triggers the ultimate paradox of DAO (Decentralized Autonomous Organization): the opposition between founder will and distributed governance, the contradiction between protocol long-termism and short-term capital profit, and the balance between decentralization faith and centralized efficiency during scale expansion of blue-chip protocols.

Can Aave continue to win?

What are the hidden reasons behind Chaos Labs abandoning risk control?

On April 7, Chaos Labs, which has been deeply involved with Aave V2/V3 for three years and achieved “zero major bad debt,” announced a break with Aave. The departure of this top-tier risk management firm directly hits Aave’s security red line.

Chaos Labs cited three reasons: long-term losses, the successive departure of key contributors BGD Labs and ACI, and fundamental disagreements over risk management philosophy amid the launch of Aave V4.

The main point of contention centers on V4’s “Hub-and-Spoke” architecture: Chaos Labs pointed out that while this design improves capital efficiency, it also exponentially amplifies risk. In an environment with unclear legal responsibility boundaries, risk teams must handle double the workload to maintain both V3 and V4 systems.

Aave Labs expressed respect and gratitude for their years of contribution, stating that the protocol’s smart contracts and network deployment are unaffected. However, there is another hidden reason behind their split.

Aave Labs revealed that they had multiple negotiations with Chaos Labs over renewal plans, supporting an increase in risk management fees from the current level to $5 million, but not supporting an immediate increase to $8 million without additional future terms. They also explicitly opposed three exclusive clauses: making Chaos Labs the sole risk manager, replacing Chainlink with Chaos Labs’ oracle, and setting an unaudited Chaos Labs treasury as the default treasury for all B2B integrations.

In simple terms, Chaos Labs wants to expand control and commercial interests. But for a DeFi protocol, over-reliance on a single vendor for risk management significantly raises systemic risk and weakens the protocol’s governance independence. For Aave, the potential risk is too great.

Moreover, in March this year, Chaos Labs’ responsible Aave CAPO oracle experienced an on-chain configuration error, leading to an underestimation of wstETH by about 2.85%, which erroneously triggered the forced liquidation of approximately $27 million in healthy positions.

Aave Labs emphasized that they will continue to adhere to a dual-layer risk management model and introduce a third layer of technical risk management led by Aave Labs. During the transition, LlamaRisk will take on more risk coverage responsibilities from Chaos Labs, with Aave Labs supporting team expansion and budget, providing engineering and analytical resources to ensure a smooth handover.

Regarding Aave V4, its architecture introduces isolated risk markets, new liquidation logic, and governance-controlled parameters, enabling DAO to more precisely manage risks across different markets and assets. In the short term, Aave Labs will work closely with LlamaRisk to ensure a smooth risk management transition and uninterrupted protocol operation.

Both technology and governance have been compromised, intensifying internal risks for Aave.

In addition to security, Aave’s technology and governance have both been compromised in the past two months.

On April 1, Aave V3’s technical service provider BGD Labs announced the termination of all technical contributions—this is not an April Fools’ joke. As the main development team for V3, BGD accused Aave Labs of pushing an immature V4, “artificially restricting” V3 features, “maliciously devaluing” its worth, and even forcing users to migrate through parameter manipulation.

BGD stated that V3 contributed 98% of the code, nearly all TVL, and generated over $100 million annually, making it the “jewel” of the protocol. Aave Labs closed off V4 development, sidelining external teams. BGD Labs has no say and no reasonable compensation, only protesting their departure as a response to this “radical transformation” and the irresponsibility toward user assets.

Led by Marc Zeller, the governance service provider ACI also plans to exit in July, with the immediate trigger being BGD Labs’ departure. Zeller criticized Aave Labs for initiating a “slow-motion coup”: on-chain data shows he controls 23% of the AAVE token supply, with whale wallets dominating community proposals.

ACI’s exit marks a shift in Aave governance from “checks and balances” toward “centralization,” with third-party service providers forced into a decorative role.

Although Aave was once a model of distributed collaboration in DeFi—Aave Labs sets the direction, third-party providers develop, govern, and manage risks, supporting its leading position in lending—this well-functioning system over the years is now showing increasing cracks.

Pain or terminal illness? Aave faces a test of funding and trust.

In this complex conflict, the interests of both sides are sharply divergent.

From the perspective of Aave Labs and founder Stani Kulechov, they aim to transform the protocol from a loosely coordinated multi-party effort into a more cohesive and executable closed-loop ecosystem through V4 and the “Aave Will Win” framework.

The business logic of this transformation is: DeFi has entered a scale-up phase, and relying solely on loose cooperation is insufficient to meet institutional demands and compete globally.

By consolidating resources to develop high-profit products and unifying brand ownership, Aave can improve execution efficiency, reduce fragmented decision-making, and enhance the value capture of AAVE tokens.

Of course, this is a challenge faced by mature DeFi protocols during scale expansion, and Aave’s internal turmoil, as the leading lending protocol, is magnified, reflecting broader governance issues in DeFi.

However, this “strongman rule” approach to efficiency is seen as sacrificing DAO’s decentralization reputation.

Service providers fundamentally rely on their expertise to secure DAO funding. When Aave Labs attempts to marginalize them or offers insufficient compensation to offset increasing legal and operational risks, they will inevitably withdraw. This also reveals that under the current DAO service provider model, even top teams face difficulties maintaining sustainable business models.

For Aave, will the departure of service providers be a short-term pain or a long-term death sentence?

Optimistically, the wave of departures might be a “growing pain” during Aave’s transformation.

Streamlined decision chains: With multiple external stakeholders leaving, Aave Labs can push V4 more smoothly, shortening product deployment cycles in a competitive market;

Front-end revenue recirculation: If the “Aave Will Win” proposal ultimately achieves 100% front-end revenue return to DAO, AAVE tokens could shift from mere governance tokens to true “profit-sharing certificates”;

Unified technical paradigm: V4’s “Hub-and-Spoke” architecture addresses V3’s multi-chain fragmentation. By unifying liquidity hubs, Aave could gain an advantage in RWA and institutional lending markets.

However, these positive expectations are mostly based on the assumption that “everything proceeds smoothly,” and the negative impacts are more urgent.

Security downgrade: V4’s complexity demands stricter risk controls. Losing Chaos Labs leaves only LlamaRisk as a major risk service provider, significantly increasing systemic risk in extreme market conditions.

Experience vacuum: Departing service providers take with them three years of operational data and experience. If the protocol encounters a sudden issue, new teams like LlamaRisk may respond slowly due to lack of deep involvement.

Reputation damage: Aave Labs’ behavior of heavily intervening in voting with large token holdings effectively depletes the protocol’s reputation assets. If DAO loses its checks and balances, its attractiveness to new developers will decline sharply.

This negative impact also raises concerns about funding. Although Aave has not experienced severe security incidents before, the risk uncertainty is rising, and community confidence in its execution and risk management is waning. Some even say, “Old crew leaving en masse, new crew not yet familiar with the course—don’t put all your assets on this ship.”

Currently, Aave stands at a critical crossroads.