Without accountability mechanisms, DeFi will continue to replay failures

Original Title: DeFi Risks: Curators as new Brokers
Original Author: @yq_acc
Translation: Peggy, BlockBeats

Editor's Note: Since 2020, DeFi has rapidly expanded, with TVL once surpassing $100 billion, giving rise to the Curator model. However, lacking regulation, identity disclosure, and risk constraints, Curators oversee billions of dollars in user funds, leading to frequent systemic failures. In November 2025, the collapse of Stream Finance caused a $285 million loss, exposing the core issues of the Curator model.

Based on this, this article provides an in-depth analysis of the risk origins behind the current model and proposes technical reform suggestions.

The following is the original text:

A New Financial Intermediary: "Curators"

Over the past eighteen months, a new type of financial intermediary has emerged in DeFi. These entities refer to themselves as Risk Curators, Treasury Managers, or Strategy Operators.

They manage billions of dollars in user deposits on protocols such as Morpho (approximately $73 billion) and Euler (approximately $11 billion), responsible for setting risk parameters, selecting collateral types, and deploying funds into yield strategies. They collect a 5% to 15% performance fee, yet have no license, no regulatory scrutiny, no mandatory qualification or past performance disclosure, and often do not even disclose their true identities.

The collapse of Stream Finance in November 2025 revealed the outcome of this structure under stress tests.

This contagion spread throughout the entire ecosystem, resulting in a $285 million loss. Risk Curators such as TelosC ($123.64 million), Elixir ($68 million), MEV Capital ($25.42 million), Re7 Labs (two vaults totaling $27.4 million), concentrated user deposits with a single counterparty who, with only $1.9 million in real collateral, used 7.6x leverage.

Warnings were publicly and explicitly given: CBB released the leverage ratio on October 28, and Schlagonia warned Stream directly 172 days before the collapse. However, these warnings were disregarded as the incentive structure encouraged risk ignorance.

The Risk Manager Model follows a familiar pattern from traditional finance but strips away the accountability mechanisms built over centuries of costly failures.

When banks or brokers manage client funds, they must meet capital requirements, regulatory obligations, fulfill fiduciary duties, and undergo regulatory scrutiny. In contrast, when a DeFi risk manager handles client funds, they only face market incentives, and these incentives reward asset accumulation and profit maximization, not risk management. Protocols supporting risk managers claim to be neutral infrastructure that earns fees from activities while denying responsibility for risks.

This stance is unsustainable, as traditional finance abandoned this concept decades ago after repeated disasters, with the profound lesson being: intermediaries earning fees cannot entirely absolve themselves of responsibility.

Inevitable Failure

Stream Finance: Permissionless Architecture and Its Consequences

Morpho and Euler operate as permissionless lending infrastructure. Anyone can create vaults, set risk parameters, choose accepted collateral, and start attracting deposits.

The protocol provides smart contract infrastructure and earns fees from activities. This architecture indeed has advantages: the permissionless system facilitates innovation by removing gatekeepers who might hinder novel approaches due to unfamiliarity or conflicting interests; it offers financial services to participants who may be excluded by traditional systems; and it creates transparent, auditable transaction records on-chain.

However, this architecture also revealed fundamental issues in November 2025.

Without gatekeepers, it's impossible to control who becomes a risk manager; without registration requirements, there's no accountability when risk managers fail; without identity disclosure, risk managers can accumulate losses under one name and then restart under a new alias; without capital requirements, risk managers have no "skin in the game" other than their reputation, which is easily discarded.

Ernesto Boado, the founder of BGD Labs and a contributor to Aave, directly summed up the problem: Risk managers are "selling your brand to gamblers for free." The protocol earns fees, risk managers earn performance fees, and users bear losses when inevitable failures occur.

The permissionless architecture has created a specific failure mode, with Stream Finance being a typical case.

Since anyone can create vaults, risk managers compete for deposits by offering higher yields. These higher yields either rely on true Alpha (scarce and unsustainable on a large scale) or depend on higher risks (common and catastrophic once exposed).

Users see "18% Annualized Yield" but do not investigate the source. They assume that someone holding the title of "risk strategist" has already conducted due diligence. However, the risk strategist sees it as a fee income opportunity and accepts risks that should have been prudently rejected by risk management. The protocol sees TVL growth and fee income and does not intervene because a permissionless system should not inherently set thresholds.

This competitive dynamic leads to "race to the bottom" competition.

If a risk strategist prudently manages risks, the yield is lower, attracting less deposited funds; while those who take on excessive risks as strategists enjoy a higher yield, attract more deposits, earn more fees, and appear successful until failure occurs.

The market cannot distinguish between sustainable yield and unsustainable high-risk behavior before failure occurs. Once failure happens, the loss is distributed across the entire ecosystem, and the risk strategist faces no consequences other than reputational damage, which is almost inconsequential as they can rebrand and restart without much concern.

RE7 Labs: Conflicts of Interest and Incentive Failures

The risk strategist model embeds fundamental conflicts of interest, making failures like Stream Finance's almost inevitable.

Risk strategists earn fees by managing assets under management and performance, directly incentivizing them to maximize deposits and returns regardless of the risks involved in achieving these figures. Users seek safety and reasonable returns, while risk strategists aim for fee income.

These incentives diverge at the most critical moments, especially when the revenue opportunity requires accepting risks that users would reject if they were aware of them.

The case of RE7 Labs is insightful because they have documented their own failure mode. Before launching the xUSD integration, their due diligence had identified the "centralized counterparty risk" issue. This analysis was correct.

Stream concentrated risk on an anonymous external fund manager, who had total opacity over positions or strategies. RE7 Labs was aware of this risk but still proceeded with the xUSD integration, citing "significant user and network demand" as the reason. The fee income opportunity outweighed the user fund risk. When these funds eventually incurred losses, RE7 Labs only faced reputational damage with no financial consequences, and users bore 100% of the loss.

This incentive structure is not only misaligned but actively penalizes prudent behavior.

The Risk Planner who rejects high-yield opportunities does so because of the high risk involved and opts for caution, missing out on deposits to those competitors who accept risk. The cautious planner earns lower fees, appearing to underperform; the reckless planner earns higher fees, attracting more deposits, until failure occurs.

During this time, the reckless planner accrues a significant amount of fee income, which will not be recovered due to subsequent user losses. Multiple Risk Planners and treasury managers, without transparent disclosure, reallocate user funds into xUSD exposure positions, unknowingly exposing depositors to Stream's recursive leverage and off-chain opacity. Users deposit into a treasury touted as a conservative yield strategy, only to find funds concentrated on a counterparty using 7.6x leverage.

The fee structure of Risk Planners typically includes a 5% to 15% performance fee on generated returns. This may sound reasonable, but a closer analysis reveals a severe asymmetry: Risk Planners share a portion of the profits but bear no losses. They are highly motivated to maximize returns but have almost no incentive to minimize risk.

For example, a treasury with $100 million in deposits, yielding 10%, with a Risk Planner earning a 10% performance fee could make $1 million. If they take on double the risk, increasing the yield to 20%, they could earn $2 million. If there is a risk exposure and users lose 50% of their principal, the Risk Planner would only lose future fee income from that treasury but retains all previously earned fees. Users would lose $50 million. This is a "heads I win, tails you lose" economic model.

The protocol itself has conflicts of interest when dealing with failing Risk Planners.

Morpho and Euler earn fees from treasury activities; they have a financial incentive to maximize activity, meaning maximizing deposits, which allows high-yield treasuries to attract deposits, even if these treasuries take on excessive risk. The protocol claims neutrality, arguing that permissionless systems should not set barriers. However, they are not truly neutral as they profit from the activities they facilitate.

Traditional financial regulation recognized this issue centuries ago: entities profiting from intermediary activities cannot fully absolve themselves of responsibility for risk. Brokers earning commissions have a defined duty to client orders. DeFi protocols have yet to embrace this principle.

Morpho Incident: Accountability Void

When traditional brokers or asset managers cause customer fund losses, the consequences include regulatory investigations, possible license revocation, civil liability for breaching fiduciary duties, and criminal prosecution in cases of fraud or gross negligence. These consequences create incentives for prudent behavior beforehand. Managers who take on excessive risk for personal gain would realize the severe personal consequences of failure. While it doesn't prevent all failures, it significantly reduces reckless behavior compared to systems without accountability.

When a DeFi rug pull results in customer fund loss, they only face reputational damage with no other consequences. They have no license to revoke, no regulatory investigation because no regulatory body has jurisdiction. They have no fiduciary duty as the legal relationship between rug pullers and depositors is undefined. They have no civil liability as their identities are often unknown, and most DeFi protocol terms of service explicitly disclaim liability. They can rack up losses, shut down the treasury, and then relaunch under a new name, with a new treasury on the same protocol.

The events in March 2024 on Morpho demonstrated how the accountability void operates in practice.

A Morpho treasury using a Chainlink oracle suffered approximately $33,000 in losses due to an oracle price deviation. When users sought compensation, they encountered systemic buck-passing: Morpho claimed to be merely infrastructure and not in control of treasury parameters; the treasury rug pullers claimed they only operated within the protocol guidelines; Chainlink claimed the oracle performance was in line with specifications. No entity took responsibility, and no users received compensation. While this event was relatively small in scale and did not trigger broader market repercussions, it set a precedent: when losses occur, no one is held responsible.

This accountability void is by design, not negligence. Protocols deliberately structure away responsibility: terms of service disclaim liability, documentation emphasizes the protocol as permissionless infrastructure not controlling user actions, legal structures place protocol governance in a foundation or DAO, and opt for jurisdictions with regulatory distance. From a protocol perspective, this is legally sound, but it creates a system where billions of user funds are managed by entities with no substantive accountability mechanism.

Economics has a term for this: moral hazard. When entities face no consequences for failure, they take on excessive risk as potential gains accrue to them while losses are socialized.

Identity Disclosure and Accountability: Many rug pullers operate under pseudonyms or anonymously. This is sometimes for personal safety or privacy reasons but has a direct impact on accountability. When rug pullers cannot be identified, they cannot be held legally liable for negligence or fraud; even with a track record of failures, they cannot be excluded from operations; they are immune to professional sanctions or reputational penalties as these penalties cannot follow their true identity. Anonymous operations eliminate the only accountability mechanism that exists in the absence of regulation. In traditional finance, even without regulatory enforcement, a manager who loses client funds faces civil liability and reputational consequences that follow their true identity. In DeFi, they face neither.

Black-Box Strategy and Professional Illusion

A risk strategist presents themselves as a risk management expert, claiming to be able to select secure assets, set reasonable parameters, and prudently deploy funds. The marketing language emphasizes professionalism, sophisticated analysis, and cautious risk management.

However, the reality (as of November 2025) is that many risk strategists lack infrastructure, expertise, and even the intention to manage risk properly. Traditional financial institutions usually allocate 1%-5% of their staff to risk management functions, with an independent risk committee, dedicated oversight teams, stress-testing capabilities, and regulatory-required scenario analysis. In contrast, DeFi risk strategists are often small teams or individuals focused on yield and asset accumulation.

The strategies themselves rarely have meaningful disclosure. Risk strategists use terms such as "Delta-Neutral Trading," "Hedged Liquidity Providing," "Yield Farming Optimization," and other terms that sound professional but fail to provide insights into actual positions, leverage ratios, counterparty risk, or risk parameters.

This opacity is sometimes justified as protecting proprietary strategies from front-running or competition, but users have a legitimate need to understand the risks they are taking. Opacity is not a feature but a vulnerability that enables fraud and reckless behavior to continue until failure exposes the truth.

Stream Finance takes opacity to a catastrophic scale. They claim to have a $5 billion TVL, but only $2 billion is verifiable on-chain, with the remaining $3 billion purportedly held in off-chain positions managed by "external fund managers" whose identities, qualifications, strategies, and risk management processes have never been disclosed.

Stream uses terms like "Delta-Neutral Trading" and "Hedged Liquidity Providing" without ever explaining the specific positions or actual leverage ratios involved in these strategies. When Schlagonia's post-mortem analysis of the collapse revealed a recursive borrowing structure synthesizing 7.6x expansion from $1.9 million in actual collateral, depositors were completely shocked. They had no way of knowing that their "stablecoins" were actually backed by infinitely recursive borrowed assets, not a real reserve.

The professional illusion is particularly dangerous as it leads users to abandon their own judgment.

When someone with the title of "risk strategist" accepts a high-yield opportunity, users assume that due diligence has been conducted. The reality is that the RE7 Labs case demonstrated that due diligence often identifies risks but is subsequently overlooked. Their analysis flagged Stream's centralization counterparty risk before integrating xUSD, yet it proceeded because user demand and fee revenue outweighed the identified risks.

Professional competence was present, analysis was applied, conclusions were correct, but ultimately overturned by commercial incentives. This is worse than incompetence because it reveals that even when the risk planners have the capacity to identify risks, incentive structures can still cause them to overlook discoveries.

Proof of Reserves: Technically Feasible but Rarely Implemented

The cryptography for verifiable proof of reserves has existed for decades. Merkle trees can prove solvency without revealing account details; zero-knowledge proofs can demonstrate reserve ratios without disclosing transaction strategies.

These technologies are mature, easy to understand, and computationally efficient. Stream Finance has not implemented any form of proof of reserves not due to technical limitations but as a deliberate choice for opacity, allowing them to sustain deception for months despite multiple public warnings. The protocol should require all risk planners managing deposits above a threshold to provide proof of reserves. The absence of proof of reserves should be considered equivalent to a bank refusing an external audit.

Evidence: The Collapse of Stream Finance

The collapse of Stream Finance provides a complete case study showing how the risk planner model failed. The sequence of events highlights all the issues with the current architecture: inadequate due diligence, conflicts of interest, disregarding warnings, opacity, and lack of accountability. An in-depth understanding of this case is a prerequisite for understanding why systemic change is needed.

Failure Timeline

172 days before the collapse, Yearn Finance developer Schlagonia examined Stream's position and directly warned the team that the structure was bound to fail. It took only 5 minutes of analysis to identify the fatal issue: Stream had $170 million on-chain collateral supporting $530 million in borrowing across multiple DeFi protocols, resulting in a leverage ratio of 4.1x. The strategy involved recursive borrowing, with Stream using deUSD as collateral to borrow xUSD, creating a loop of dependency guaranteeing a simultaneous collapse of both assets. The remaining $330 million TVL was entirely in the off-chain positions of an anonymous external manager.

On October 28, 2025, industry analyst CBB issued a specific warning accompanied by on-chain data: "There is only about $170 million in collateral supporting xUSD on-chain. They have borrowed about $530 million from lending protocols. This is 4.1x leverage and the position is extremely illiquid. This is not a yield farm; this is extreme gambling." These warnings were public, specific, and accurate, identifying the leverage ratio, liquidity risk, and the fundamental recklessness of the structure. In the following week, multiple analysts echoed these warnings.

Despite continuous warnings, risk orchestrators continue to hold their positions and attract new deposits. Telos Capital maintains a $12.364 billion exposure, MEV Capital holds $25.42 million, and Re7 Labs holds $27.40 million across two treasuries. Warnings are being ignored because taking action would mean reducing positions, cutting fee income, making risk orchestrators look worse relative to holders who continue to hold.

On November 4, 2025, Stream announced that an external fund manager lost approximately $93 million in funds, leading to withdrawal suspensions. Within hours, xUSD plummeted from $1.00 to $0.23 on the secondary market, a 77% drop. Elixir's deUSD (65% reserve concentration lent to Stream) crashed from $1.00 to $0.015 in 48 hours, a 98% decline. The total contagion exposure reached $285 million, Euler faced around $137 million in losses, with over $160 million frozen across multiple protocols.

Risk Orchestrators vs. Traditional Brokers

Comparing DeFi risk orchestrators to traditional brokers is enlightening as it reveals the lack of accountability mechanisms in the orchestrator model. This is not to argue that traditional finance is the ideal model or that its regulatory structure should be directly replicated.

Traditional finance also has its own failures, costs, and exclusivity. However, after centuries of expensive lessons, it has gradually built accountability mechanisms, while the orchestrator model explicitly eschews these mechanisms.

Technical Recommendations

The risk orchestrator model does have its advantages: it achieves capital efficiency by allowing specialized parties to set risk parameters instead of using a "one-size-fits-all" protocol default; it fosters innovation by permitting experimentation with different strategies and risk frameworks; and it enhances accessibility by removing gatekeepers who may exclude participants based on scale, geography, or unfamiliarity.

These advantages can be retained while addressing the accountability issues exposed in November 2025. The following recommendations are based on empirical evidence from the DeFi failures over the past five years:

1. Mandatory Identity Disclosure

Risk orchestrators managing deposits above a threshold (suggested at $10 million) should be required to disclose their true identities to a registry maintained by the protocol or an independent entity. This does not require the public disclosure of home addresses or personal details but must ensure that the risk orchestrator can be identified and held accountable in cases of fraud or major negligence. Anonymous operations and large-scale management of others' funds are incompatible. Privacy arguments commonly used in DeFi do not apply to entities earning fees for managing client funds.

2. Capital Requirement

A Risk Planner should be required to maintain a certain risk capital that will be slashed if their treasury losses exceed a specified threshold. This is achieved through "loss binding" to align incentives. Specific structures could include: Planners needing to pledge collateral that is slashed when treasury losses exceed 5% of deposits, or requiring Planners to hold a junior tranche of their own treasury to absorb initial losses. The current structure where Planners earn fees without any risk capital creates a moral hazard, and a capital requirement can address this issue.

3. Mandatory Disclosure

Risk Planners should be required to disclose their strategies, leverage ratios, counterparty risk, and risk parameters in a standardized format for comparison and analysis. Claims that disclosure would harm proprietary strategies are mostly excuses. Most Planner strategies are just variations of known yield farming techniques. Real-time disclosure of leverage ratios and concentration does not harm Alpha but allows users to understand the risks they are taking.

4. Reserve Proof

The protocol should require all Risk Planners managing deposits above a threshold to provide reserve proof. Cryptographic technologies for verifiable reserve proof are mature and efficient. Merkle trees can prove solvency without revealing individual positions, zero-knowledge proofs can verify reserve ratios without disclosing trading strategies. A lack of reserve proof should disqualify Planners from managing deposits. This measure could have prevented Stream Finance from maintaining $300 million in unverifiable off-chain positions.

5. Concentration Limit

The protocol should enforce concentration limits to prevent Risk Planners from allocating an overly high percentage of treasury deposits to a single counterparty. Elixir lent 65% of its deUSD reserve ($68 million out of $105 million) to Stream through a private Morpho treasury. This concentration ensures that a failure by Stream would devastate Elixir. Concentration limits should be set at a maximum exposure of 10%-20% to a single counterparty and enforced at the smart contract level to prevent circumvention.

6. Protocol Accountability

Protocols that earn fees from Risk Planner activities should bear some responsibility. This could include: extracting from protocol fees an insurance fund to compensate users for losses due to Planner failures, or maintaining a Planner whitelist to exclude entities with poor records or inadequate disclosures. The current model of earning fees from protocols while completely disavowing responsibility is economically unsound. Intermediaries earning fees must have accountability.

Conclusion

The current Risk Planner model in place represents an accountability vacuum, with billions of dollars of user funds being managed by entities with no substantive constraints on their behavior and no substantive consequences for failure.

This is not to deny the model itself. Capital efficiency and specialized risk management do have advantages. However, this model must introduce accountability mechanisms, as mechanisms developed in the traditional finance sector over centuries of expensive lessons. DeFi can develop mechanisms suitable for its own characteristics, but it cannot completely abandon accountability while expecting different results from the traditional finance sector's outcomes when lacking accountability mechanisms.

The current structure ensures the repeated occurrence of failures until the industry accepts a fact: the fee-charging intermediary must bear responsibility for the risks it triggers.