Loading prices…
Zipp Zipp Advertise
Sign up Sign in
〽️NEUTRAL WuBlockchain

Aave Too Permissive on LSTs, Arbitrum Council Warns

Griff Green argues the real risk on Aave isn't smart-contract bugs — it's operational: leaked keys and social engineering from state-aligned attackers that lending markets haven't priced in.

Griff Green, a member of the Arbitrum Security Council, said lending protocols like Aave are too permissive in how they list liquid staking tokens and that the technical risks underneath those wrappers are routinely underweighted.

Why it matters

Green's argument is that the dominant threat model in DeFi has shifted. Smart-contract audits and bug bounties have matured to the point that operational failures — leaked private keys, compromised frontends, social engineering — now drive the bulk of major losses. North Korean state-aligned hackers in particular have leaned heavily on social engineering against protocol teams, and Green says the industry's security posture has not caught up to that of mature cloud and software companies.

Market impact

For Aave, the read is direct: LST collateral parameters — debt ceilings, liquidation thresholds, oracle configurations — are policy choices made by governance, not code. If security council members and other protocol voices begin publicly framing LST listings as the under-priced risk, governance proposals to tighten those parameters become more politically viable. Other lending markets on Arbitrum and mainnet sit in the same blast radius, since they price their own LST collateral against Aave's benchmarks.

Related tokens
$ARB $AAVE
#LiquidStaking#Security#Aave#DeFi

Frequently asked questions

  1. Who is Griff Green and why does his Aave criticism carry weight?

    Griff Green sits on the Arbitrum Security Council, the multisig body with power to fast-track fixes on Arbitrum. He's not an Aave governance figure, but his security-council role gives his operational-risk arguments standing in the wider DeFi community.

  2. What is the liquid staking token risk Green is flagging on Aave?

    Green argues that lending markets treat LSTs as interchangeable collateral without fully pricing in the technical risks of the underlying staking protocol — validator slashing conditions, restaking assumptions, bridge dependencies — that sit beneath the wrapper.

  3. Why does Green think operational risk now exceeds smart-contract risk in DeFi?

    Smart-contract audits and bug bounties have matured, while the human layer has not. State-aligned attackers — he names North Korean hackers — increasingly use social engineering and compromised credentials to drain treasuries, and Green says crypto security standards lag behind mature tech companies.

  4. How could Aave actually tighten liquid staking token risk?

    Through governance: Aave Risk Stewards and token-holders vote on per-asset parameters — debt ceilings, liquidation thresholds, oracle configurations, and whether to delist specific LSTs entirely. Public criticism from respected protocol figures tends to shift the political calculus on those proposals.

  5. Do other lending markets face the same LST risk as Aave?

    Yes. Aave sets de facto benchmarks for LST collateral pricing across DeFi. If Aave governance tightens LST parameters, competing lending markets on Arbitrum and Ethereum mainnet tend to follow within a cycle to stay capital-efficient.

Source attribution
Aggregated from WuBlockchain · Verified · Last refreshed 51d ago
Open original →

More from Security

Stories our editors think pair well with this one.

Older in Security

Catch up on earlier coverage from this beat.