EtherFi weETH Risk Assessment | Credora A+ Rating

Table of Contents


weETH carries an A+ rating from Credora, with an annualised Probability of Default (PD) of 0.098%. It is the largest liquid restaking token by TVL: $3.08 billion, 78.1% of the liquid restaking market. It is also the first in its category to receive an independent Credora rating.

The rating is based on report REP-WEETH-20260616-V1, published June 2026.

What weETH is

Ether.fi describes its model as “safe staking.” weETH is the collateral layer that model runs on. The neobank products built on top of it are only as sound as the asset underneath. A+ is a rating of that layer.

A liquid restaking token is not a stablecoin and it is not a lending position. It is a claim on a pool of staked ETH, made fungible and cross-chain portable through a bridge architecture. That bridge architecture is exactly what failed in April 2026. How EtherFi rebuilt it is what the A+ reflects.

April 2026: The incident and the response

On April 18, 2026, KelpDAO’s rsETH bridge was exploited for $292 million. The cause was a 1-of-1 DVN (Decentralised Verifier Network) configuration on a LayerZero bridge: a single verifier node, a single point of failure.

EtherFi’s contracts were not directly affected. The team paused weETH bridging as a precaution and reopened it within 24 hours, with no user losses. Then they changed the architecture. The weETH bridge now requires unanimous agreement from four independent DVN providers: Canary, Horizen, Nethermind, and LayerZero Labs. All four must confirm before any bridging transaction proceeds.

The incident is documented in REP-WEETH-20260616-V1 (pages 4–6). It is not a footnote. It is part of how the A+ was derived.

Methodology

Credora’s rating for collateral assets starts with an anchor PD built from two inputs:

  • Protocol Security risk: 0.15% annually
  • Asset Quality (ETH): 0.01% annually

This produces an anchor PD of 0.16%.

The model then applies notch-based modifiers derived from protocol-specific data. Four modifiers adjusted weETH’s figure: Reserves Transparency, Peg Track Record, Market Adoption, and Governance. Two modifiers, Recent Incident and Operational Security, carried no adjustment. The April response resolved without residual penalty.

Final PD: 0.098%.

The model runs 100,000 Monte Carlo price path simulations. The output is a probability calculated across a distribution of market scenarios, not a qualitative assessment.

The rating updates daily.

What A+ means

A+ is the top tier on Credora’s A+ to D rating scale. 0.098% annualised PD means the model produces a default event in fewer than 1 in 1,000 simulated annual scenarios.

TVL measures how much capital is deposited. An audit documents the state of the code on the day the auditors reviewed it. Neither tells you what happens when the architecture breaks under stress. Credora’s model answers that question. It runs daily, on the same scale applied to every rated asset.

weETH’s A+ sits alongside stETH’s A+. The same methodology, the same scale. Two assets that together hold the majority of the combined LST and LRT market.

Key takeaway

weETH is rated A+ by Credora with an annualised PD of 0.098%. The rating reflects how Ether.fi handled the April 2026 bridge incident: 24-hour resolution, zero user losses, architecture hardened to a 4-of-4 unanimous DVN quorum. The Credora model runs 100,000 Monte Carlo simulations and updates the rating daily. A+ is not a verdict on the state of the code. It is a probability, recalculated each day.


FAQ

What is weETH’s Credora risk rating?

weETH carries an A+ rating from Credora with an annualised Probability of Default (PD) of 0.098%. A+ is the highest tier on Credora’s A+ to D rating scale. The rating is published in report REP-WEETH-20260616-V1 and updates daily.

How did the April 2026 KelpDAO exploit factor into the rating?

EtherFi’s contracts were not directly compromised in the April 18, 2026 rsETH exploit ($292M, 1-of-1 DVN misconfiguration). EtherFi paused weETH bridging, resolved it within 24 hours with no user losses, and upgraded the bridge to require 4-of-4 unanimous quorum from four independent DVN providers. The incident and the response are both factored into the A+ rating.

What is the difference between PD and PSL in Credora’s methodology?

Credora uses two separate metrics depending on what is being rated. Probability of Default (PD) applies to collateral assets like weETH. It measures the annualised probability of an adverse event causing the asset to fail its financial obligations. Probability of Significant Loss (PSL) applies to vault and market exposures, where the question is the probability that a depositor loses a large share of capital. weETH’s rating uses PD.


Links

EtherFi website: https://www.ether.fi/
Credora website: https://www.credora.network/
Credora weETH report: https://www.credora.network/reports/weETH/
Credora dashboard: https://app.credora.network/

Disclaimer

Ratings and data provided are for informational purposes only. Not investment advice or a solicitation to buy or sell assets. Always conduct your own due diligence. Credora does not guarantee the completeness or real-time accuracy of any information provided. A full disclaimer is included in each risk assessment report published at https://www.credora.network/reports/.

Discover more from Credora by RedStone

Subscribe now to keep reading and get access to the full archive.

Continue reading