Rekt News — Aave Ecosystem Security Coverage

Governance
1

Brief Description

Independent investigative editorial coverage of Aave and the broader lending protocol category for 12 months. Output: 6 long-form investigations, 1 video documentary, 1 podcast panel, an annual State of Lending Protocols report, 8 distribution features across newsletter (~30K subscribers) and X (~280K followers @RektHQ) and a dedicated lending sector security tag on hub.rekt.news. Topic selection collaborative with Aave; framing, conclusions and incident coverage stay editorially independent. Ask: 75,000 USDC, 4 quarterly tranches against shipped deliverables.

Project Category

Security / Public Goods / Ecosystem Education

Requested Amount

75,000 USDC

Team / About Us

Rekt News (rekt.news) was founded by Julien Bouteloup and has operated since 2020 as an independent investigative publication covering DeFi security. No paywall, no token, no VC funding. Approximately 280K X followers (@RektHQ), 30K+ newsletter subscribers, 42K monthly readers. Routinely cited by audit firms, governance forums and security researchers.

We hosted the inaugural Rekt Security Summit in Cannes, March 2026 (https://summit.rekt.news). 40+ speakers including Ethereum Foundation, Certora, Nethermind, Trail of Bits, Immunefi, Cyfrin, Hypernative, Aragon, Curve and Gnosis VC. Full session recordings: https://www.youtube.com/playlist?list=PL8GXJfkZ1Eyhnmg46D7HeblLlHzBiZTMs

Operating entity located in Switzerland.

Project Description

The Aave ecosystem includes Aave v3, GHO and a growing constellation of Aave-derived protocols (Spark, Radiant, Yldr, ZeroLend and others). The lending category is architecturally rich (oracle adapters, e-mode parameter interactions, liquidation cascade dynamics, isolation mode edge cases, GHO peg mechanics, cross-protocol composability) and security incidents across the sector are frequent and consequential.

Rekt has covered both layers. Our March 2026 piece “Price Impact Kills” analysed the $27.78M wstETH liquidations stemming from the CAPO oracle incident alongside the parallel CoWSwap solver incident that routed $50M into a $73K pool for 327 AAVE out ( Rekt - <!-- -->Price Impact Kills ). Our April 2026 piece “KelpDAO - Rekt” covered the $290M LayerZero bridge compromise and how the contagion propagated across lending markets, including Aave’s exposure ( Rekt - <!-- -->KelpDao - Rekt ).

There is no consistent, independent, well-distributed editorial record of these incidents and their architectural lessons. Real-time risk dashboards and post-incident investigative editorial are different formats serving different audiences. Rekt fills the editorial gap with depth and reach that the dashboard format does not.

This grant funds Rekt to dedicate a meaningful portion of editorial bandwidth to the Aave stack for 12 months, producing structured outputs that delegators, contributors and the broader DeFi audience can use. The work fits AGD’s stated mandate of “empowering the community with accessible and novel insights.”

Goals

  1. Produce the definitive independent editorial record of Aave-ecosystem security incidents over a 12-month window.

  2. Document security incidents across Aave-derived lending protocols systematically (often coverage that no other outlet provides with technical depth) so the lessons feed back into Aave governance.

  3. Produce an annual State of Lending Protocols report synthesising the year’s work as a reference for the whole sector.

  4. Establish a discoverable archive of lending-sector security coverage on hub.rekt.news that delegators, builders and auditors can reference.

Editorial scope and independence

This grant funds Rekt News to produce educational content covering Aave-ecosystem security. Topic selection and editorial planning for the deliverables happen in collaboration with the Aave Grants DAO and Aave contributors. Aave may suggest topics, propose angles and review draft content for factual accuracy and clarity. Rekt retains final editorial decision on framing, conclusions and headlines.

Coverage of security incidents is treated separately. If Aave or any lending protocol in the category experiences a security incident during this partnership, that coverage is not part of the educational scope above and is not subject to collaborative input. Incidents are covered with the same depth applied to “Price Impact Kills” and “KelpDAO - Rekt.”

Disbursement is contingent on the listed deliverables being publicly published. It is not contingent on coverage tone or the specific framing of any individual piece. An Aave Grants DAO multisig signer verifies that each deliverable exists at each tranche.

This commitment is documented in this application so it is enforceable as a community expectation, not just a promise.

Why this benefits Aave

Aave V4 is in active development and the protocol is transitioning between major architectural generations. During such transitions, independent editorial coverage of security incidents (within the Aave stack and across the broader lending sector) has unusual value as a public reference for what worked, what didn’t and why. Reference material that captures architectural decisions and incident lessons matters more, not less, during change.

Aave delegators read governance proposals. Independent editorial coverage of lending-sector incidents gives them researched context they can pull from when evaluating risk parameters, new asset listings or oracle changes. The output is reference material that lives alongside (not in place of) the real-time risk work the DAO already commissions.

There is also a fork-coverage byproduct. When other lending protocols (Aave-derived or otherwise) experience security incidents, that coverage creates natural contextual comparison that positions Aave as the architectural reference, without the proposal needing to say so explicitly. Independent voices doing this in editorial output is materially more credible than Aave saying it about itself.

Defensive narrative for sector incidents matters too. In the event of any future incident affecting Aave or a major fork, having a publication that already understands the architecture writing the post-mortem is materially better for the lending sector than the alternative. We commit to covering Aave-stack incidents with the same depth regardless of partnership status, as our existing coverage of the March 2026 oracle and CoWSwap incidents demonstrates.

Deliverables (12 months)

All deliverables published openly on rekt.news under standard editorial terms. Public URLs reported at each tranche review.

  1. 6 long-form investigations on lending protocol security. Topics determined collaboratively at scope-planning sessions with Aave Grants DAO. At least 1 will cover Aave-fork incidents (Spark, Radiant, Yldr, ZeroLend or others as they occur). At least 1 will cover Aave architecture deep-dives (oracle adapters, liquidation cascade dynamics, isolation mode edge cases, composability, GHO peg mechanics, e-mode interactions).

  2. 1 video documentary covering lending protocol security. Published on YouTube and embedded on rekt.news.

  3. 1 podcast panel on a lending protocol security topic, with relevant security researchers, auditors and contributors as guests. Distributed via Spotify and YouTube. Recording archived on rekt.news.

  4. 8 distribution features across Rekt’s owned channels (newsletter ~30K subscribers + @RektHQ on X ~280K followers). Format at editorial discretion (newsletter feature, X thread or X mention with substantive context).

  5. Annual “State of Lending Protocols” report published on month 12. Synthesises the year’s work into a reference document covering incident patterns, architectural lessons and sector-wide implications. CC-licensed on rekt.news.

  6. Dedicated lending sector security tag on hub.rekt.news with all relevant coverage organised and discoverable. Maintained through the 12 months.

Strategic partnership with TheDefiant (optional extension)

Rekt holds a strategic content partnership with TheDefiant (~327K followers on X, ~130K subscribers on YouTube), under which co-productions are distributed across both communities. Example output, originally tied to a Stellar engagement and shared across three communities (Stellar, TheDefiant, Rekt): https://x.com/RektHQ/status/2047368048806408409

If Aave Grants DAO and the Aave community see value, we are open to reframing this proposal to include joint content production and cross-community distribution with TheDefiant. Concrete options include co-production of the video documentary, co-production of the podcast panel or additional joint formats. Cross-community reach would extend materially beyond Rekt’s owned channels. Specifics would be negotiated during the application review or in a follow-up revision based on Aave appetite.

Past work / Track record

Selected Rekt coverage of Aave and the lending category, grouped by relevance.

Direct Aave coverage:

  • “Price Impact Kills” (March 2026): https://rekt.news/price-impact-kills — CAPO oracle incident ($27.78M wstETH liquidations) + CoWSwap solver routing $50M into a $73K pool (327 AAVE out). Combined analysis of two incidents in one week.

  • “KelpDao - Rekt” (April 2026): https://rekt.news/kelpdao-rekt — $290M DPRK / LayerZero bridge compromise; analysis of how the contagion propagated across lending markets, including Aave’s exposure.

Sector flagship — pre-mortem and post-mortem on the Stream Finance / xUSD collapse:

  • “House of Cards” (October 2025): https://rekt.news/house-of-cards — pre-mortem on Stream Finance / Elixir recursive minting, published weeks before the $93M xUSD collapse and the resulting $285M contagion across lending markets (positions held by TelosC, Elixir, MEV Capital, Re7 Labs, Varlamore).

  • “The Loop Contagion” (November 2025): https://rekt.news/loop-contagion — forensic follow-up after the collapse; cross-protocol contagion mapping across Morpho, Euler, Compound, Lista DAO and adjacent lending markets.

Architectural pattern coverage in the lending category:

  • “Euler - Rekt” (March 2023): https://rekt.news/euler-rekt — investigation of the $197M Euler Finance flash loan attack via donateToReserves exploit. The attack sourced its flash loan from Aave V2, illustrating how Aave-stack infrastructure plays a role even in incidents at adjacent lending protocols.

  • “Makina - Rekt” (January 2026): https://rekt.news/makina-rekt — $4.13M oracle manipulation drain; flash loans sourced from both Aave V2 and Morpho. Documents the “out-of-scope in audit” pattern where known attack vectors are deliberately excluded from audit coverage.

  • “Moonwell - Rekt”: https://rekt.news/moonwell-rekt — oracle misconfiguration on a Compound v2 fork on Base; the cbETH/ETH ratio (1.12) was treated as a USD price by liquidation bots, stripping $1.78M from borrowers in one block. Architectural lesson for any lending market using rate-derived oracles.

  • “Sturdy Finance - Rekt” (June 2023): https://rekt.news/sturdy-rekt — read-only reentrancy oracle manipulation in lending, $800K loss. Same attack vector that hit Midas Capital and dForce Network. Vulnerable contract was outside the audit scope.

Broader track record: 280K X followers, 30K+ newsletter, 42K monthly readers. Routinely cited by audit firms, governance forums and security researchers. Over 100 long-form post-mortems published in the last 12 months covering incidents totalling billions in user losses.

Rekt Security Summit Cannes 2026: https://summit.rekt.news/

**

Budget breakdown**

75,000 USDC total, disbursed in four equal quarterly tranches of 18,750 USDC against verified delivery of milestones.

  • T0 (signing) — 18,750 USDC. Triggered by application approval and signed agreement.

  • T1 (month 3) — 18,750 USDC. Triggered by: lending sector security tag live on hub.rekt.news with at least 4 indexed pieces; first long-form published; 2 distribution features published.

  • T2 (month 6) — 18,750 USDC. Triggered by: 3 long-forms total published; podcast panel published; 5 distribution features total.

  • T3 (month 12) — 18,750 USDC. Triggered by: 6 long-forms total complete; video documentary published; State of Lending Protocols report published; 8 distribution features total.

Disbursement contingent on deliverables being publicly published. An Aave Grants DAO multisig signer verifies existence at each tranche. No editorial review.

Funds transferred to a wallet controlled by Stake Capital Group, Switzerland.

Why USDC

USDC keeps the funding politically neutral. No implicit ties to AAVE token price during the work period, no perceived conflict in coverage of AAVE-token-related events.

Reporting and accountability

  • Quarterly public reports on rekt.news listing all deliverables shipped against the milestones, with public URLs.

  • On-chain transparency: every tranche reported with receiving address and tx id.

  • Community accountability: if a substantive objection to a tranche is raised in Aave governance channels or directly to the Aave Grants DAO multisig signers, release is paused pending review by the multisig.

  • End-of-partnership retrospective at month 12: public write-up of what worked, what didn’t and what we recommend Aave (and other DAOs) do differently in similar future partnerships.

What this is not

This proposal funds educational content, not promotion. This is not paid for favorable coverage. This is not a content partnership where Aave has approval rights over framing, conclusions or coverage of security incidents. This is not a retainer for media access.

Additional info

We are open to scope adjustment if Aave Grants DAO reviewers want different emphasis. Scope can be reduced to $20K under the Rapid track if reviewers prefer to start smaller (would scope down to 3 long-forms + 4 distribution features + tag + no State of Lending report, no video, no podcast).

Submitted by: Stake Capital Group. Julien Bouteloup, Founder of Rekt News and CEO of Stake Capital Group. Working contact for clarifications: Diogo Patão, Operations, diogo@rekt.news. Institutional contact: governance@stake.capital.