Skip to main content
Sign in
Aave7 decisions on this page

Audit log

Every state-changing event for Aave: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1reviewby reviewerreviewer
    2026-05-13 17:36:25Z
    Score: 00 (no score change)
    The Aave investigation page is substantially accurate across its historical, regulatory, and incident sections, with strong sourcing from CoinDesk, Chainalysis, Halborn, and official governance forums. The most significant factual error is the GHO circulating supply figure — stated as $3.5 billion by mid-2025, when all available data indicates actual supply peaked near $580 million as of early 2026, an approximately 6x overstatement that appears in two separate sections. Three claims are unverifiable due to reliance on documents requiring direct URL access. The Kelp DAO / rsETH section is generally well-sourced and accurate, with minor timing nuances on recovery completion.
    anchoranchored
    chain
    mainnet-betaslot 419,516,595
    sig
    46esnWX2V4a4…ezGeoTHcexplorer ↗
    hash
    8uc2KURPUH9u…mToJVusSsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1020 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-13T17:36:25.841Z","decision":"review","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The Aave investigation page is substantially accurate across its historical, regulatory, and incident sections, with strong sourcing from CoinDesk, Chainalysis, Halborn, and official governance forums. The most significant factual error is the GHO circulating supply figure — stated as $3.5 billion by mid-2025, when all available data indicates actual supply peaked near $580 million as of early 2026, an approximately 6x overstatement that appears in two separate sections. Three claims are unverifiable due to reliance on documents requiring direct URL access. The Kelp DAO / rsETH section is generally well-sourced and accurate, with minor timing nuances on recovery completion.","score_delta":0,"sequence_num":1,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision f59db300-a580-498c-9ee3-ea40132b9a0b
  2. #2review reviseby judgejudge
    2026-05-13 17:36:26Z
    Score: 00 (-10)
    The page is substantially accurate across historical, regulatory, and security sections, with strong sourcing from CoinDesk, Chainalysis, and official governance forums. However, claim_findings[8] and claim_findings[25] both cite a GHO circulating supply of $3.5 billion by mid-2025, contradicted by all Tier 1 sources consulted (DeFiLlama, CoinGecko) which show actual supply around $580 million as of early 2026 — approximately 6x smaller. This material factual error appears in two separate sections and requires correction with verified on-chain data before publication. Kelp DAO, governance, and SEC sections are well-documented and accurate.
    anchoranchored
    chain
    mainnet-betaslot 419,516,599
    sig
    4g3KiasaV48B…ax3uCWspexplorer ↗
    hash
    ym5xeSRNoHEi…xacyhGvMsha256 → base58
    verifying row…full verify ↗
    canonical bytes (991 B) ▸
    {"actor":"judge","decided_at":"2026-05-13T17:36:25.841Z","decision":"review_revise","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The page is substantially accurate across historical, regulatory, and security sections, with strong sourcing from CoinDesk, Chainalysis, and official governance forums. However, claim_findings[8] and claim_findings[25] both cite a GHO circulating supply of $3.5 billion by mid-2025, contradicted by all Tier 1 sources consulted (DeFiLlama, CoinGecko) which show actual supply around $580 million as of early 2026 — approximately 6x smaller. This material factual error appears in two separate sections and requires correction with verified on-chain data before publication. Kelp DAO, governance, and SEC sections are well-documented and accurate.","score_delta":-10,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6da403aa-64c0-41a0-b646-dba3826169c3
  3. #3reviewby reviewerreviewer
    2026-05-14 04:51:08Z
    Score: 00 (no score change)
    The Aave investigation page is broadly well-sourced and factually accurate across security incident history, regulatory narrative, governance dispute coverage, and the Kelp DAO exploit timeline. One material factual error stands out: the claim that GHO grew to over $3.5 billion in circulation by mid-2025 is directly contradicted by Aave's own official 2025 recap ('nearly $500 million') and independent market data (peak approximately $584M); the stated figure is off by a factor of roughly 6-7x. Secondary issues include conflating the September 2018 ETHLend-to-Aave rebrand with the January 2020 V1 launch, an uncertain Kulechov token purchase amount ($10M vs. the $15M he self-reported), an unverifiable 90%-recovery milestone for late April 2026, and two cited audit PDFs that were inaccessible for verification.
    anchoranchored
    chain
    mainnet-betaslot 419,618,020
    sig
    4BXxWnJcSuDR…TzWYTykFexplorer ↗
    hash
    HNZUJNmmUXwR…YgoJvJFxsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1156 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-14T04:51:08.904Z","decision":"review","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The Aave investigation page is broadly well-sourced and factually accurate across security incident history, regulatory narrative, governance dispute coverage, and the Kelp DAO exploit timeline. One material factual error stands out: the claim that GHO grew to over $3.5 billion in circulation by mid-2025 is directly contradicted by Aave's own official 2025 recap ('nearly $500 million') and independent market data (peak approximately $584M); the stated figure is off by a factor of roughly 6-7x. Secondary issues include conflating the September 2018 ETHLend-to-Aave rebrand with the January 2020 V1 launch, an uncertain Kulechov token purchase amount ($10M vs. the $15M he self-reported), an unverifiable 90%-recovery milestone for late April 2026, and two cited audit PDFs that were inaccessible for verification.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 9bb76843-43d9-47e7-a827-eadd30965bb9
  4. #4review reviseby judgejudge
    2026-05-14 04:51:09Z
    Score: 00 (-10)
    The page is broadly accurate across its security incident history, regulatory narrative, and Kelp DAO exploit coverage, but contains one material factual error that must be corrected before approval. claim_findings[7] finds that the stated GHO circulation figure of '$3.5 billion by mid-2025' is directly contradicted by Aave's own official 2025 Year in Review ('nearly $500 million') and by CoinGecko and The Defiant — independent Tier 1 sources — placing actual peak supply at approximately $584 million, roughly 6-7x lower than stated. Additionally, claim_findings[2] conflates the September 2018 ETHLend-to-Aave corporate rebrand with the January 2020 V1 protocol launch in a misleading way, claim_findings[22] reports Kulechov's pre-vote token purchase as $10 million when his own statement and multiple outlets cite $15 million, and the litigation section (claim_findings[16]) describes court proceedings as ongoing when a ruling clearing the $71M transfer was issued around May 9, 2026. The page does not warrant delisting — its core incident reporting is well-sourced and confirmed by Tier 1 outlets — but the GHO supply error requires correction before the page can be approved.
    anchoranchored
    chain
    mainnet-betaslot 419,618,024
    sig
    4poLFD9P1EiQ…j2EgmELtexplorer ↗
    hash
    9aHF4zip4qvM…az5KPSCssha256 → base58
    verifying row…full verify ↗
    canonical bytes (1531 B) ▸
    {"actor":"judge","decided_at":"2026-05-14T04:51:08.904Z","decision":"review_revise","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The page is broadly accurate across its security incident history, regulatory narrative, and Kelp DAO exploit coverage, but contains one material factual error that must be corrected before approval. claim_findings[7] finds that the stated GHO circulation figure of '$3.5 billion by mid-2025' is directly contradicted by Aave's own official 2025 Year in Review ('nearly $500 million') and by CoinGecko and The Defiant — independent Tier 1 sources — placing actual peak supply at approximately $584 million, roughly 6-7x lower than stated. Additionally, claim_findings[2] conflates the September 2018 ETHLend-to-Aave corporate rebrand with the January 2020 V1 protocol launch in a misleading way, claim_findings[22] reports Kulechov's pre-vote token purchase as $10 million when his own statement and multiple outlets cite $15 million, and the litigation section (claim_findings[16]) describes court proceedings as ongoing when a ruling clearing the $71M transfer was issued around May 9, 2026. The page does not warrant delisting — its core incident reporting is well-sourced and confirmed by Tier 1 outlets — but the GHO supply error requires correction before the page can be approved.","score_delta":-10,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision f405a7b2-118d-4c71-91c6-3dd42b99c07f
  5. #5publishby system:backfill
    2026-05-30 13:03:53Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,161,827
    sig
    4V2AYSif3LCo…bwCqaoELexplorer ↗
    hash
    DjtBWFgVt3y1…vXigEKXYsha256 → base58
    verifying row…full verify ↗
    canonical bytes (33782 B) ▸
    {"actor":"system:backfill","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","kind":"publish","page_slug":"aave","published_at":"2026-05-30T13:03:53.285Z","sequence_num":5,"snapshot":{"content_type":"investigation","entity_name":"Aave","sections":[{"content":"Aave was founded by Stani Kulechov, a Finnish lawyer born in Estonia on January 13, 1991. Kulechov began building web applications in his early teens and studied law at the University of Helsinki, earning a master's degree in 2020. He created ETHLend in 2017 as one of the first decentralized finance applications on Ethereum, using a peer-to-peer lending model. In November 2017, ETHLend conducted an initial coin offering (ICO) that raised $16.2 million by selling one billion LEND tokens. In January 2020, the project was relaunched under the name Aave — Finnish for 'ghost' — with a liquidity pool model replacing the peer-to-peer approach. Aave V1 launched on Ethereum on January 8, 2020. The protocol introduced flash loans, a novel form of uncollateralized borrowing within a single transaction, in early 2020. By February 2025, Bloomberg reported Aave as the largest DeFi lending platform by deposits, and Aave V4 launched on Ethereum on March 30, 2026.","heading":"Background and Founding","severity":"low","sources":[{"credibility":2,"name":"Aave - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Aave"},{"credibility":2,"name":"Stani Kulechov - Founder & CEO of Aave | CoinMarketCap","type":"other","url":"https://coinmarketcap.com/academy/people/stani-kulechov"},{"credibility":2,"name":"What is Aave? | Messari","type":"research","url":"https://messari.io/project/aave/profile"},{"credibility":1,"name":"Aave V4 Launch Roadmap - Governance Forum","type":"official","url":"https://governance.aave.com/t/aave-v4-launch-roadmap/23134"}]},{"content":"As of May 2026, Aave holds approximately $14.8 billion in total value locked (TVL) in V3 alone, with a combined ecosystem TVL approaching $25 billion across multiple protocol versions and chains. The AAVE governance token trades at approximately $93 with a market capitalization near $1.4 billion. Aave is deployed across more than ten blockchains including Ethereum, Avalanche, Polygon, Arbitrum, Optimism, Base, and BNB Smart Chain. Aave V3, launched in March 2022, introduced efficiency mode (E-Mode), isolation mode, and cross-chain portal features. Aave V4, launched March 30, 2026, introduced a hub-and-spoke architecture replacing fragmented liquidity pools. GHO, an overcollateralized decentralized stablecoin issued by the Aave DAO, launched in July 2023 and grew to over $3.5 billion in circulation by mid-2025. DeFiLlama lists Aave as one of the top DeFi protocols globally by TVL.","heading":"Protocol Scale and Market Position","severity":"low","sources":[{"credibility":2,"name":"Aave TVL, Fees & Revenue - DeFiLlama","type":"on_chain","url":"https://defillama.com/protocol/aave"},{"credibility":2,"name":"Aave roadmap for 2026 - Cryptonomist","type":"news_article","url":"https://en.cryptonomist.ch/2025/12/17/aave-roadmap-2026/"},{"credibility":1,"name":"Aave V4 Development Update - Governance Forum","type":"official","url":"https://governance.aave.com/t/aave-v4-development-update/23043"}]},{"content":"The U.S. Securities and Exchange Commission opened an investigation into Aave approximately in 2021-2022, during a period of intensified regulatory scrutiny of DeFi protocols under then-Chair Gary Gensler. The probe examined whether the AAVE token or Aave's lending pools constituted unregistered securities under U.S. law. On December 16, 2025, the SEC closed its investigation without filing an enforcement action. Multiple outlets reported the closure as a significant result for Aave, though the SEC's closure was not characterized as an exoneration or official regulatory approval, and the agency noted that fundamental questions about the applicability of securities law to decentralized protocols remain unresolved. Broader regulatory context: SEC crypto enforcement fell approximately 60% in 2025 compared to 2024, from 33 actions to 13, coinciding with the tenure of new SEC Chair Paul Atkins and a shift toward a more collaborative regulatory posture. Despite the SEC closure, questions around decentralized governance, token classification, and value capture continue to represent latent regulatory risk for Aave and analogous protocols.","heading":"SEC Investigation and Regulatory Exposure","severity":"medium","sources":[{"credibility":2,"name":"SEC Ends Four-Year Probe Into Aave - Unchained","type":"news_article","url":"https://unchainedcrypto.com/sec-ends-four-year-probe-into-aave/"},{"credibility":2,"name":"SEC Closes Aave Case, But Governance Questions Linger - BeInCrypto","type":"news_article","url":"https://beincrypto.com/sec-drops-aave-investigation-no-enforcement/"},{"credibility":2,"name":"SEC Closes 4-Year Long Investigation Into Aave - Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/sec-closes-4-long-investigation-091715487.html"},{"credibility":3,"name":"What are the regulatory compliance risks facing AAVE - Gate Wiki","type":"research","url":"https://dex.gate.com/crypto-wiki/article/what-are-the-regulatory-compliance-risks-facing-aave-and-how-does-sec-oversight-impact-defi-lending-20260116"}]},{"content":"On April 18, 2026, an attacker exploited Kelp DAO's cross-chain bridge infrastructure, ultimately draining approximately $292 million from the broader DeFi ecosystem. The root cause was Kelp DAO's use of a 1-of-1 DVN (Decentralized Verifier Node) configuration on a LayerZero V2 route, meaning a single compromised verifier could approve fraudulent cross-chain messages. Attackers compromised two RPC nodes and used a DDoS attack to force failover, tricking LayerZero's verifier into approving a fraudulent transaction. The attacker minted approximately 89,567 unbacked rsETH tokens and deposited them into Aave's lending markets as collateral, then borrowed roughly $190 million in ETH and related assets across Ethereum and Arbitrum. LayerZero attributed the attack with preliminary indicators pointing to North Korea's Lazarus Group, specifically the 'TraderTraitor' unit, a finding corroborated by forensics firms Chainalysis and TRM Labs. The attack caused Aave's TVL to fall by approximately $15 billion over four days and triggered $9 billion in protocol-wide withdrawal activity. Aave, SparkLend, and Fluid froze their rsETH markets to limit further bad debt accumulation. The Aave protocol ultimately faced approximately $196 million in bad debt concentrated in the rsETH–wrapped ether pair; recovery efforts were approximately 90% complete as of late April 2026. Aave was an indirect victim in this incident; the primary security failure occurred in Kelp DAO's bridge infrastructure.","heading":"Kelp DAO / rsETH Exploit and Lazarus Group Attribution (April 2026)","severity":"critical","sources":[{"credibility":1,"name":"Aave could face up to $230M in losses after Kelp DAO bridge exploit - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos"},{"credibility":1,"name":"KelpDAO rallies DeFi partners to contain fallout from $292M hack - CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack"},{"credibility":1,"name":"rsETH Incident Report (April 20, 2026) - Aave Governance","type":"official","url":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580"},{"credibility":1,"name":"LayerZero blames Kelp's setup for $290M exploit, attributes it to Lazarus - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":2,"name":"Explained: The Kelp DAO Hack (April 2026) - Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kelp-dao-hack-april-2026"},{"credibility":1,"name":"Massive crypto hack triggers $9 billion panic withdrawal - Yahoo Finance","type":"news_article","url":"https://sg.finance.yahoo.com/news/massive-crypto-hack-triggers-9-190000027.html"}]},{"content":"Following the April 2026 Kelp DAO exploit, Aave and protocol responders recovered approximately $71 million in ETH from the attacker's positions on Arbitrum. Law firm Gerstein Harrow LLP, representing victims of North Korean state-sponsored terrorism under the Terrorism Risk Insurance Act, obtained a restraining notice in a U.S. federal court in New York seeking to freeze and redirect the recovered funds to satisfy decades-old default judgments against North Korea. On May 5, 2026, Aave LLC filed a motion in federal court to lift the restraining notice, arguing that the frozen assets belong to Aave protocol users — not to North Korea — and that keeping them frozen risks 'irreparable harm' to the platform and broader DeFi ecosystem. The firm Gerstein Harrow contended that assets derived from a Lazarus Group hack constitute North Korean state property subject to attachment. The legal dispute raises novel questions about whether DeFi protocols have standing to challenge seizure orders when their own terms of service disclaim control over user assets, and whether crypto recovered from state-sponsored hackers can be redirected to satisfy unrelated civil judgments. As of early May 2026, the litigation was ongoing.","heading":"North Korea Sanctions / Court Action (May 2026)","severity":"high","sources":[{"credibility":1,"name":"DeFi lender Aave asks court to block $71M crypto seizure tied to North Korea claims - CoinDesk","type":"news_article","url":"https://www.coindesk.com/policy/2026/05/05/defi-lender-aave-asks-court-to-block-usd71-million-crypto-seizure-tied-to-north-korea-claims"},{"credibility":1,"name":"North Korea terror victims escalate fight to seize $71M from Aave hack - CoinDesk","type":"news_article","url":"https://www.coindesk.com/policy/2026/05/06/north-korea-terror-victims-escalate-fight-to-seize-usd71-million-from-aave-hack"},{"credibility":2,"name":"Aave vs Gerstein Harrow: Court Clash Over $71M Stolen ETH - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/05/aave-vs-gerstein-harrow-court-clash-over-71m-stolen-eth-linked-to-kelp-dao-hack/"},{"credibility":2,"name":"Aave Fights to Unfreeze $71 Million as Kelp DAO Hack Spills Into Court - Decrypt","type":"news_article","url":"https://decrypt.co/366744/aave-unfreeze-71m-arbitrum-kelp-dao-hack"}]},{"content":"November 2023 Vulnerability: On November 4, 2023, Aave received a report through its bug bounty program describing a high-severity vulnerability affecting Aave V2, which was subsequently escalated to critical severity. The vulnerability affected Aave V2 Ethereum markets and certain assets on V3 markets across Polygon, Arbitrum, Optimism, and Avalanche. Aave paused relevant markets as a precautionary measure and reopened V2 markets on November 13, 2023 after remediation. A periphery contract (the ParaSwapRepayAdapter) was separately exploited for approximately $56,000; this contract is not part of the core Aave protocol and no core user funds were reported at risk. The attacker exploited an arbitrary call/logic error in the adapter contract. CRV Bad Debt Incident (November 2022): Trader Avraham Eisenberg — who had earlier drained Mango Markets — accumulated a 92 million CRV short position on Aave over several days, collateralized with approximately 57 million USDC. A community-coordinated short squeeze forced a 40%+ CRV price increase, liquidating Eisenberg's position at a $10 million loss to him, but leaving Aave with approximately $1.6 million in bad debt in CRV. In January 2023, Aave purchased 2.7 million CRV tokens to offset the residual bad debt. Flash Loan Ecosystem Risks: While Aave's flash loans have not been used to exploit Aave's own core protocol, the mechanism has been used in attacks on third-party DeFi protocols, including the Beanstalk Farms exploit in April 2022 ($182 million) and the Euler Finance exploit in March 2023 ($197 million), both of which involved flash loans sourced partly from Aave. Aave was not directly harmed in either incident. V3 Liquidation Risk: A Bank of Canada staff paper found that while Aave V3 avoided unrecovered bad debt from January 2023 to May 2025 through rapid automated liquidations, this design transferred significant risk to borrowers, with liquidation-related borrower losses ranging from 10% to 30% in some cases during sharp market drawdowns.","heading":"Historical Security Incidents and Smart Contract Risks","severity":"high","sources":[{"credibility":1,"name":"Aave v2/v3 security incident 04/11/2023 - Aave Governance","type":"official","url":"https://governance.aave.com/t/aave-v2-v3-security-incident-04-11-2023/15335"},{"credibility":2,"name":"Aave unpauses V2 and V3 markets after addressing critical security bug - CryptoSlate","type":"news_article","url":"https://cryptoslate.com/aave-securely-unpauses-v2-and-v3-markets-after-addressing-critical-bug/"},{"credibility":2,"name":"Aave Hacked: $56K Stolen from Periphery Contract - Vibranium Audits","type":"community_report","url":"https://vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar"},{"credibility":1,"name":"DeFi Protocol Aave Clears Bad CRV Token Debt from Exploit Attempt - CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2023/01/26/defi-protocol-aave-clears-bad-crv-token-debt-from-exploit-attempt"},{"credibility":2,"name":"Aave protocol buys 2.7M CRV tokens to offset bad debts caused by Eisenberg - CryptoTVPlus","type":"news_article","url":"https://cryptotvplus.com/2023/01/aave-protocol-buys-2-7m-tokens-to-offset-bad-debts-caused-by-eisenberg/"},{"credibility":2,"name":"Aave V3 Avoided Unrecovered Bad Debt From 2023 to 2025: Study - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/aave-v3-bad-debt-liquidations-borrower-losses-study"},{"credibility":2,"name":"Feature or Flaw? Aave Left With $1.7M in Bad Debt - Blockworks","type":"news_article","url":"https://blockworks.co/news/aave-curve-bad-debt"}]},{"content":"From late 2025 into early 2026, Aave experienced significant governance tension between Aave Labs — the centralized development entity helmed by Stani Kulechov — and AAVE token holders acting through the DAO. Swap Fee Redirection: Onchain analysis revealed that swap-related fees previously routed to the DAO treasury were redirected to wallets controlled by Aave Labs, with delegate estimates placing the impact at approximately $200,000 per week or over $10 million per year. Brand Asset Ownership Proposal: A governance proposal requested that Aave Labs transfer brand assets — including naming rights, social media accounts, and the aave.com domain — to the DAO. Aave Labs submitted the proposal for a vote without first consulting the proposal's originator, and the vote was held over the Christmas holiday period when many token holders were inactive. The proposal was rejected, with 55.29% voting against and 41.21% abstaining. Founder Token Purchase: Reports emerged that Kulechov purchased approximately $10 million in AAVE tokens ahead of the governance vote, leading community members to raise concerns about structural weaknesses in token-weighted governance where large holders can materially influence outcomes. 'Aave Will Win' Resolution: In April 2026, the DAO approved the 'Aave Will Win' (AWW) framework, which mandates that 100% of revenue from all Aave-branded products flow to the DAO treasury, resolving the immediate revenue redirection dispute. The AWW framework also established a $25 million grant to Aave Labs to execute its multi-year development strategy. The underlying tension between decentralized governance and a centralized development team with significant operational influence over the protocol has not been fully resolved.","heading":"Governance Disputes: Aave Labs vs. DAO Token Holders","severity":"medium","sources":[{"credibility":1,"name":"Aave passes landmark vote ending months-long fight over protocol revenue - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/13/aave-passes-landmark-vote-ending-months-long-fight-over-who-controls-protocol-revenue"},{"credibility":2,"name":"Aave DAO Rejects Brand Ownership Proposal After Governance Vote - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/aave-governance-vote-rejected-brand-ownership-dao"},{"credibility":1,"name":"AAVE News: Aave community splits over control of protocol's brand assets - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2025/12/23/most-important-tokenholder-rights-debate-aave-faces-identity-crisis"},{"credibility":2,"name":"Aave's governance crisis: the vote is over, the ownership question isn't - 21Shares","type":"research","url":"https://www.21shares.com/en-eu/research/aaves-governance-crisis-the-vote-is-over-the-ownership-question-isnt"},{"credibility":2,"name":"Aave DAO Controversy Rekindles Debate on Tokenholder Rights - The Defiant","type":"news_article","url":"https://thedefiant.io/news/defi/aave-dao-controversy-rekindles-debate-on-tokenholder-rights"},{"credibility":2,"name":"Aave Labs critics lose key DAO vote — for now - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/aave-labs-critics-lose-key-dao-vote-for-now/"}]},{"content":"GHO is an overcollateralized, multi-collateral, decentralized stablecoin launched by the Aave DAO in July 2023. Following launch, GHO traded persistently below its intended $1.00 peg, ranging between approximately $0.97 and $0.99. Experts attributed the depeg to the absence of a formal arbitrage redemption mechanism at launch and weak initial demand. Aave founder Stani Kulechov publicly acknowledged the depeg was expected in early stages, stating 'the focus on peg should come later.' By 2025, GHO's circulation had grown to over $3.5 billion, and peg stability improved, though the stablecoin continued to experience periodic deviations. Sources indicate approximately nine depeg events exceeding 1% occurred in 2025, most of which resolved within hours. The sGHO (savings GHO) and anti-GHO mechanisms introduced in 2025 were designed to further support peg stability and incentivize holding. GHO's design as a DAO-issued stablecoin means its supply and parameters are subject to governance votes, introducing an additional layer of protocol dependency compared to algorithmic or custodial stablecoins.","heading":"GHO Stablecoin: Depeg and Stability Concerns","severity":"medium","sources":[{"credibility":2,"name":"Aave stablecoin GHO struggles to hold dollar peg - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/why-aave-stablecoin-gho-trades-below-its-intended-dollar-peg/"},{"credibility":2,"name":"Aave in 2025: The Three Horsemen of GHO - OAK Research","type":"research","url":"https://oakresearch.io/en/analyses/innovations/aave-2025-three-horsemen-of-gho-stkgho-anti-gho-sgho"},{"credibility":2,"name":"Aave community pushes GHO stablecoin growth with governance votes - The Block","type":"news_article","url":"https://www.theblock.co/post/344819/aave-community-pushes-gho-stablecoin-growth-with-governance-votes-including-proposal-for-yield-bearing-savings-token"}]},{"content":"Aave employs multiple layers of security review. Each major protocol version has undergone audits by independent firms including OpenZeppelin, Trail of Bits, Sigma Prime, ABDK, SigmaPrime, and others. Aave V3.3.0 was audited by Oxor in January 2025. The V3.6.0 codebase was reviewed by Pashov Audit Group in November 2025, with one issue reported, none classified as critical. The V3 Risk-Steward contracts underwent formal verification by Certora in June 2024. Aave maintains an ongoing bug bounty program through Immunefi, which was the channel through which the critical November 2023 vulnerability was disclosed. The Aave protocol's source code is publicly available on GitHub. The protocol's risk framework includes on-chain governance, timelocked upgrades, and asset-level risk parameters managed by elected risk stewards. The Bank of Canada study covering 2023-2025 found that Aave V3 on Ethereum avoided unrecovered bad debt during that period, though at the cost of transferring liquidation risk to borrowers. The April 2026 Kelp DAO incident exposed a vulnerability in Aave's collateral acceptance process for cross-chain liquid staking tokens, prompting a freeze of rsETH markets and a post-incident governance proposal to tighten oracle and collateral standards for such assets.","heading":"Security Posture and Audits","severity":"low","sources":[{"credibility":1,"name":"Security | Aave Official","type":"official","url":"https://aave.com/security"},{"credibility":2,"name":"Aave V3.3.0 Smart Contracts Security Audit Report - Oxor","type":"research","url":"https://oxor-io.github.io/public_audits/Aave/Aave-v3.3.0-Audit-Report.pdf"},{"credibility":2,"name":"Aave V3 Risk-Steward Audit Report - Certora","type":"research","url":"https://www.certora.com/reports/aave-v3-risk-steward"},{"credibility":2,"name":"AAVE Bug Bounties - Immunefi","type":"official","url":"https://immunefi.com/bug-bounty/aave/"},{"credibility":2,"name":"Aave V3 Avoided Unrecovered Bad Debt From 2023 to 2025 - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/aave-v3-bad-debt-liquidations-borrower-losses-study"}]},{"content":"Aave pioneered the flash loan — a mechanism for uncollateralized borrowing and repayment within a single Ethereum transaction. While flash loans have broad legitimate uses in arbitrage, liquidation, and collateral swaps, they have also been used as a funding mechanism in attacks on third-party DeFi protocols. Notable incidents using Aave-sourced flash loans include: the Beanstalk Farms governance exploit in April 2022 ($182 million drained, attacker borrowed over $1 billion from Aave and other protocols to gain temporary voting power); and the Euler Finance exploit in March 2023 ($197 million), in which the attacker used a $30 million flash loan from Aave as part of the attack vector. Aave itself was not directly harmed in either incident. Subsequent improvements in on-chain oracle design (Chainlink TWAP, Uniswap V3 TWAP) and protocol-level safeguards have reduced, though not eliminated, the risk of flash loan-enabled oracle manipulation attacks on DeFi systems broadly.","heading":"Flash Loan Systemic Risk","severity":"medium","sources":[{"credibility":1,"name":"Flash loans, flash attacks, and the future of DeFi - Bank Underground","type":"research","url":"https://bankunderground.co.uk/2023/05/25/flash-loans-flash-attacks-and-the-future-of-defi/"},{"credibility":2,"name":"Euler Finance Flash Loan Attack Explained - Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/"},{"credibility":2,"name":"5 Biggest Flash Loan Attacks & Stats - Koinly","type":"news_article","url":"https://koinly.io/blog/biggest-flash-loan-attacks-stats/"}]}],"sources_used":[{"credibility":2,"name":"Aave - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Aave"},{"credibility":2,"name":"Aave TVL, Fees & Revenue - DeFiLlama","type":"on_chain","url":"https://defillama.com/protocol/aave"},{"credibility":2,"name":"SEC Ends Four-Year Probe Into Aave - Unchained","type":"news_article","url":"https://unchainedcrypto.com/sec-ends-four-year-probe-into-aave/"},{"credibility":2,"name":"SEC Closes Aave Case, But Governance Questions Linger - BeInCrypto","type":"news_article","url":"https://beincrypto.com/sec-drops-aave-investigation-no-enforcement/"},{"credibility":2,"name":"SEC Closes 4-Year Investigation Into Aave - Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/sec-closes-4-long-investigation-091715487.html"},{"credibility":1,"name":"DeFi lender Aave asks court to block $71M seizure - CoinDesk","type":"news_article","url":"https://www.coindesk.com/policy/2026/05/05/defi-lender-aave-asks-court-to-block-usd71-million-crypto-seizure-tied-to-north-korea-claims"},{"credibility":1,"name":"North Korea terror victims escalate fight to seize $71M - CoinDesk","type":"news_article","url":"https://www.coindesk.com/policy/2026/05/06/north-korea-terror-victims-escalate-fight-to-seize-usd71-million-from-aave-hack"},{"credibility":1,"name":"Aave could face up to $230M in losses after Kelp DAO exploit - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos"},{"credibility":1,"name":"LayerZero blames Kelp's setup, attributes to Lazarus - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":1,"name":"rsETH Incident Report (April 20, 2026) - Aave Governance","type":"official","url":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580"},{"credibility":2,"name":"Explained: The Kelp DAO Hack (April 2026) - Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kelp-dao-hack-april-2026"},{"credibility":1,"name":"Aave passes landmark vote ending revenue fight - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/13/aave-passes-landmark-vote-ending-months-long-fight-over-who-controls-protocol-revenue"},{"credibility":2,"name":"Aave DAO Rejects Brand Ownership Proposal - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/aave-governance-vote-rejected-brand-ownership-dao"},{"credibility":1,"name":"Aave community splits over brand assets - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2025/12/23/most-important-tokenholder-rights-debate-aave-faces-identity-crisis"},{"credibility":2,"name":"Aave governance crisis - 21Shares Research","type":"research","url":"https://www.21shares.com/en-eu/research/aaves-governance-crisis-the-vote-is-over-the-ownership-question-isnt"},{"credibility":1,"name":"Aave v2/v3 security incident 04/11/2023 - Governance Forum","type":"official","url":"https://governance.aave.com/t/aave-v2-v3-security-incident-04-11-2023/15335"},{"credibility":1,"name":"Aave clears bad CRV debt from exploit attempt - CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2023/01/26/defi-protocol-aave-clears-bad-crv-token-debt-from-exploit-attempt"},{"credibility":2,"name":"Aave V3 Avoided Unrecovered Bad Debt study - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/aave-v3-bad-debt-liquidations-borrower-losses-study"},{"credibility":2,"name":"Aave stablecoin GHO struggles to hold dollar peg - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/why-aave-stablecoin-gho-trades-below-its-intended-dollar-peg/"},{"credibility":1,"name":"Security | Aave Official","type":"official","url":"https://aave.com/security"},{"credibility":2,"name":"AAVE Bug Bounties - Immunefi","type":"official","url":"https://immunefi.com/bug-bounty/aave/"},{"credibility":2,"name":"Euler Finance Flash Loan Attack Explained - Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/"},{"credibility":1,"name":"Flash loans, flash attacks, and the future of DeFi - Bank Underground (Bank of England)","type":"research","url":"https://bankunderground.co.uk/2023/05/25/flash-loans-flash-attacks-and-the-future-of-defi/"},{"credibility":2,"name":"Aave V4 roadmap signals end of multichain sprawl - Blockworks","type":"news_article","url":"https://blockworks.co/news/aave-v4-roadmap"},{"credibility":2,"name":"Aave vs Gerstein Harrow: Court Clash Over $71M - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/05/aave-vs-gerstein-harrow-court-clash-over-71m-stolen-eth-linked-to-kelp-dao-hack/"},{"credibility":1,"name":"Massive crypto hack triggers $9 billion panic withdrawal - Yahoo Finance","type":"news_article","url":"https://sg.finance.yahoo.com/news/massive-crypto-hack-triggers-9-190000027.html"}],"summary":"Aave is a decentralized, non-custodial liquidity protocol built on Ethereum and multiple other blockchains, enabling users to supply assets to earn interest or borrow against overcollateralized positions. Founded in 2017 as ETHLend by Finnish lawyer Stani Kulechov, it rebranded to Aave in 2020 and grew into the largest DeFi lending platform by total value locked, reporting over $40 billion in net deposits as of early 2025. The protocol has faced notable security incidents, a multi-year SEC investigation that closed without enforcement in December 2025, ongoing governance tensions between token holders and Aave Labs, and significant indirect exposure to a $292 million exploit in April 2026 attributed to North Korea's Lazarus Group.","timeline":[{"date":"2017-11-25","event":"ETHLend conducts ICO, raising $16.2 million by selling one billion LEND tokens at $0.0162 each.","source":"Wikipedia / CoinMarketCap","source_url":"https://en.wikipedia.org/wiki/Aave"},{"date":"2020-01-08","event":"Aave V1 launches on Ethereum, rebranding from ETHLend. Flash loans introduced as a novel DeFi primitive.","source":"Aave Wikipedia / Messari","source_url":"https://en.wikipedia.org/wiki/Aave"},{"date":"2022-04","event":"Beanstalk Farms exploited for $182 million using a flash loan sourced partly from Aave; Aave itself not directly harmed.","source":"Koinly / Bank Underground","source_url":"https://koinly.io/blog/biggest-flash-loan-attacks-stats/"},{"date":"2022-03-16","event":"Aave V3 launches on Polygon, Avalanche, Fantom, Arbitrum, Optimism, and Harmony.","source":"Aave Wikipedia","source_url":"https://en.wikipedia.org/wiki/Aave"},{"date":"2022-11","event":"Avraham Eisenberg accumulates 92 million CRV short position on Aave; community short squeeze liquidates him, leaving Aave with approximately $1.6 million in CRV bad debt.","source":"CoinDesk / Blockworks","source_url":"https://www.coindesk.com/markets/2022/11/22/mango-exploiter-gets-liquidated-after-roiling-aave-using-20m-of-borrowed-curve-tokens"},{"date":"2023-01-26","event":"Aave purchases 2.7 million CRV tokens to offset residual bad debt from the Eisenberg incident.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2023/01/26/defi-protocol-aave-clears-bad-crv-token-debt-from-exploit-attempt"},{"date":"2023-03","event":"Euler Finance exploited for $197 million using a flash loan partially sourced from Aave; Aave itself not directly harmed.","source":"Chainalysis","source_url":"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/"},{"date":"2023-07-14","event":"Aave DAO passes AIP-268 to launch GHO stablecoin. GHO begins trading below its $1.00 peg.","source":"DL News / Aave Wikipedia","source_url":"https://www.dlnews.com/articles/defi/why-aave-stablecoin-gho-trades-below-its-intended-dollar-peg/"},{"date":"2023-11-04","event":"Critical vulnerability reported via Aave bug bounty affecting V2 Ethereum and V3 on Polygon, Arbitrum, Optimism, Avalanche. Markets paused as precaution.","source":"Aave Governance / CryptoSlate","source_url":"https://governance.aave.com/t/aave-v2-v3-security-incident-04-11-2023/15335"},{"date":"2023-11-13","event":"Aave V2 markets reopen after critical vulnerability remediated.","source":"CryptoSlate","source_url":"https://cryptoslate.com/aave-securely-unpauses-v2-and-v3-markets-after-addressing-critical-bug/"},{"date":"2025-12-16","event":"SEC closes its approximately four-year investigation into Aave with no enforcement action.","source":"Unchained / BeInCrypto / Yahoo Finance","source_url":"https://unchainedcrypto.com/sec-ends-four-year-probe-into-aave/"},{"date":"2025-12-23","event":"Aave Labs submits brand asset transfer proposal to DAO vote during Christmas holiday period without consulting original proposer; 55.29% of token holders vote against.","source":"CoinDesk / CoinTelegraph","source_url":"https://www.coindesk.com/tech/2025/12/23/most-important-tokenholder-rights-debate-aave-faces-identity-crisis"},{"date":"2026-03-30","event":"Aave V4 launches on Ethereum with hub-and-spoke architecture after audits found zero critical vulnerabilities.","source":"Aave Governance / Blockworks","source_url":"https://blockworks.co/news/aave-v4-roadmap"},{"date":"2026-04-13","event":"DAO approves 'Aave Will Win' framework: 100% of revenue from Aave-branded products directed to DAO treasury; $25 million grant approved for Aave Labs.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/13/aave-passes-landmark-vote-ending-months-long-fight-over-who-controls-protocol-revenue"},{"date":"2026-04-18","event":"Kelp DAO rsETH exploit occurs; attacker attributed to North Korea's Lazarus Group mints unbacked rsETH and borrows approximately $190 million from Aave, causing approximately $196 million in Aave bad debt and $15 billion TVL decline.","source":"CoinDesk / Halborn / Aave Governance","source_url":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580"},{"date":"2026-05-05","event":"Aave LLC files motion in New York federal court to lift restraining notice blocking access to approximately $71 million in recovered ETH frozen by Gerstein Harrow LLP on behalf of North Korea terror victims.","source":"CoinDesk","source_url":"https://www.coindesk.com/policy/2026/05/05/defi-lender-aave-asks-court-to-block-usd71-million-crypto-seizure-tied-to-north-korea-claims"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 3c77a28d-2e1f-499f-ac13-0d972a2815d5
  6. #6reviewby reviewerreviewer
    2026-06-03 04:10:37Z
    Score: 00 (no score change)
    The Aave investigation page is well-sourced for its coverage of the SEC investigation closure, governance disputes, and security incidents, with most claims confirmed by credible independent sources. Three material factual errors were identified: (1) GHO stablecoin circulation is stated as '$3.5 billion by mid-2025' when actual figures show approximately $500-584 million — an overstatement of roughly 6x; (2) the 'combined ecosystem TVL approaching $25 billion' is significantly stale given the post-KelpDAO TVL decline that brought combined Aave TVL to approximately $14.5 billion by May 2026; (3) the recovery progress from the KelpDAO exploit was approximately 80% by late April 2026 per CoinDesk, not 90% as stated. Additionally, the claim that TRM Labs corroborated the Lazarus Group attribution could not be independently verified from cited sources.
    anchoranchored
    chain
    mainnet-betaslot 423,951,619
    sig
    4HGMjajMZNH4…84rDRc4Eexplorer ↗
    hash
    66YJsXrYd8ZE…5kMDVkkfsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1197 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-03T04:10:37.421Z","decision":"review","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The Aave investigation page is well-sourced for its coverage of the SEC investigation closure, governance disputes, and security incidents, with most claims confirmed by credible independent sources. Three material factual errors were identified: (1) GHO stablecoin circulation is stated as '$3.5 billion by mid-2025' when actual figures show approximately $500-584 million — an overstatement of roughly 6x; (2) the 'combined ecosystem TVL approaching $25 billion' is significantly stale given the post-KelpDAO TVL decline that brought combined Aave TVL to approximately $14.5 billion by May 2026; (3) the recovery progress from the KelpDAO exploit was approximately 80% by late April 2026 per CoinDesk, not 90% as stated. Additionally, the claim that TRM Labs corroborated the Lazarus Group attribution could not be independently verified from cited sources.","score_delta":0,"sequence_num":6,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision c06ee7e6-782d-4c48-ac23-ef1b2b4130c9
  7. #7review reviseby judgejudge
    2026-06-03 04:10:37Z
    Score: 00 (-12)
    The reviewer confirmed 27 of 37 claims and found a disputed_pct of 11%, placing this page in the minor-revision band. However, two of the three disputed findings are material: claim_findings[12] states GHO reached 'over $3.5 billion in circulation by mid-2025' when multiple independent sources — including DeFiLlama, CoinMarketCap, and The Defiant — show GHO's market cap peaked around $500-584 million, an overstatement of approximately 6x on a named protocol product. claim_findings[9] reports Aave V3 alone holds $14.8 billion TVL with a combined ecosystem TVL approaching $25 billion, when as of May 2026 the total Aave TVL across all versions was approximately $14.5 billion combined; the '$25 billion' figure reflects a pre-KelpDAO snapshot and is significantly stale. The third disputed item, claim_findings[10] (AAVE token price and market cap), is a minor point-in-time variance. The page requires revision to correct the GHO circulation figure and refresh the TVL and market cap data to reflect current values; no delisting or status change is warranted given the strength of sourcing elsewhere.
    anchoranchored
    chain
    mainnet-betaslot 423,951,622
    sig
    1VM7wDJ9K6KQ…yoYctAjvexplorer ↗
    hash
    5jtEBbUbjw1J…Bz3h4De7sha256 → base58
    verifying row…full verify ↗
    canonical bytes (1450 B) ▸
    {"actor":"judge","decided_at":"2026-06-03T04:10:37.421Z","decision":"review_revise","investigation_id":"87acc083-7c0c-435d-beef-c1a04c27d81a","new_score":0,"page_slug":"aave","prev_score":0,"reason":"The reviewer confirmed 27 of 37 claims and found a disputed_pct of 11%, placing this page in the minor-revision band. However, two of the three disputed findings are material: claim_findings[12] states GHO reached 'over $3.5 billion in circulation by mid-2025' when multiple independent sources — including DeFiLlama, CoinMarketCap, and The Defiant — show GHO's market cap peaked around $500-584 million, an overstatement of approximately 6x on a named protocol product. claim_findings[9] reports Aave V3 alone holds $14.8 billion TVL with a combined ecosystem TVL approaching $25 billion, when as of May 2026 the total Aave TVL across all versions was approximately $14.5 billion combined; the '$25 billion' figure reflects a pre-KelpDAO snapshot and is significantly stale. The third disputed item, claim_findings[10] (AAVE token price and market cap), is a minor point-in-time variance. The page requires revision to correct the GHO circulation figure and refresh the TVL and market cap data to reflect current values; no delisting or status change is warranted given the strength of sourcing elsewhere.","score_delta":-12,"sequence_num":7,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision f311391f-b2bd-4e03-bc5a-d859f7420085
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.