Aave V3

Aave V3 receives a C- risk grade (53/100) from Hindenrank, where lower scores indicate lower risk. Elevated risk — DeFi's most battle-tested lending protocol experienced its first major bad debt event on April 18, 2026 ($177-200M from stolen rsETH collateral cascade), downgraded from B- to C. Scale and battle-testing remain strong, but LRT listing governance and backstop sufficiency are now under active stress. Aave is the largest lending protocol in DeFi, where users deposit crypto to earn interest or borrow against their holdings. It manages $25B+ in deposits across 10+ blockchains with 5+ years of operation. On April 18, 2026, an attacker who had stolen $292M in rsETH from Kelp DAO deposited the stolen rsETH on Aave V3 as e-mode collateral and borrowed WETH against it. When Kelp paused rsETH in response to their hack, Aave was left with $177-200M in bad debt. The WETH pool hit 100% utilization, $6.2B fled the protocol, and AAVE dropped 17.7%. Its grade was downgraded from B- to C reflecting the first major bad debt event in Aave's history.

The key risks identified for Aave V3 are: (1) On April 18, 2026, Aave took $177-200M in bad debt after accepting stolen rsETH as collateral for a large WETH borrow. The Umbrella backstop may not fully cover the shortfall, raising the prospect that AAVE stakers (stkAAVE holders) absorb some of the losses. (2) On March 10, 2026, Aave's CAPO oracle layer misfired on wstETH pricing, causing $27M in wrongful liquidations across 34 accounts. The DAO reimbursed affected users, but the incident confirmed that Aave's custom oracle adaptations introduce failure modes beyond standard Chainlink feeds. (3) The Aave Chan Initiative (61% of DAO governance actions) and BGD Labs (core development team) both departed in early 2026, thinning independent governance oversight at $25B+ scale. Governance changes concurrent with a major credit event is a recognized risk-multiplier pattern.

Aave V3 scores 53/100 across eight risk dimensions: Mechanism Novelty: 0/15, Interaction Severity: 14/20, Oracle Surface: 5/10, Documentation Gaps: 1/10, Track Record: 10/15, Scale Exposure: 9/10, Regulatory Risk: 5/10, Vitality Risk: 9/10. The highest risk area is Scale Exposure at 9/10.

Among 90 rated Lending protocols on Hindenrank, Aave V3 ranks #85 by safety (lowest risk score = safest). Its 53/100 risk score and C- grade place it among the riskier Lending protocols.

Aave V3 scores 10/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.