Without an accountability mechanism, Decentralized Finance will continue to replay failures.

Original Title: DeFi Risks: Curators as new Brokers Original Author: @yq_acc Translated by: Peggy, BlockBeats

Original author: Rhythm BlockBeats

Original source:

Reprint: Mars Finance

Editor’s Note: Since 2020, DeFi has rapidly expanded, with locked assets once exceeding $100 billion, giving rise to the Curators model. However, in the absence of regulation, identity disclosure, and risk constraints, curators manage billions of dollars of user funds, leading to frequent systemic failures. In November 2025, the collapse of Stream Finance triggered a loss of $285 million, exposing the core issues of the curators model.

Based on this, this article deeply analyzes the root risks behind the current model and proposes technical improvement suggestions.

The following is the original text:

New financial intermediaries: “Risk Curators”

In the past eighteen months, a new type of financial intermediary has emerged in Decentralized Finance. These entities refer to themselves as risk planners, treasury managers, or strategy operators.

They manage billions of dollars in user deposits on protocols like Morpho (approximately $7.3 billion) and Euler (approximately $1.1 billion), responsible for setting risk parameters, selecting collateral types, and deploying funds into yield strategies. They charge a performance fee of 5% to 15%, yet operate without licenses, regulatory scrutiny, mandatory disclosure of qualifications or past performance, and often do not publicly disclose their true identities.

The collapse of Stream Finance in November 2025 revealed the results of this architecture under stress testing.

This infection wave affected the entire ecosystem, with losses reaching 285 million USD. Risk planners including TelosC (123.64 million USD), Elixir (68 million USD), MEV Capital (25.42 million USD), and Re7 Labs (a total of 27.4 million USD in two vaults) concentrated user deposits into a single counterparty, which used 7.6 times leverage with only 1.9 million USD in real collateral.

Warnings were publicly and clearly issued: CBB released the leverage ratio on October 28, and Schlagonia directly warned Stream 172 days before the collapse. However, these warnings were ignored, as the incentive structure encouraged the neglect of risks.

The risk planner model follows the familiar patterns of traditional finance, but strips away the accountability mechanisms that were established after expensive failures over hundreds of years.

When banks or brokers manage client funds, they must meet capital requirements, registration obligations, fulfill fiduciary duties, and undergo regulatory scrutiny. However, when DeFi risk orchestrators manage client funds, they only face market incentives, which reward asset accumulation and profit maximization rather than risk management. The protocols supporting risk orchestrators claim to be neutral infrastructure, earning fees from activities while denying responsibility for risks.

This position is unsustainable. Traditional finance abandoned this concept decades ago due to repeated disasters, and the profound lesson is that intermediaries who earn fees cannot be completely exempt from responsibility.

Inevitable failure

Stream Finance: Permissionless Architecture and Its Consequences

Morpho and Euler operate as permissionless lending infrastructures. Anyone can create vaults, set risk parameters, choose accepted collateral, and start attracting deposits.

The protocol provides smart contract infrastructure and earns fees from activities. This architecture does have advantages: permissionless systems promote innovation by removing gatekeepers that may hinder new approaches due to unfamiliarity or conflicting interests; it offers financial services to participants who may be excluded by traditional systems; it creates transparent and auditable transaction records on-chain.

However, this architecture also brought to light fundamental issues that were exposed in November 2025.

Without oversight, it is impossible to control who becomes a risk planner; without registration requirements, risk planners are not held accountable when they fail; without identity disclosure, risk planners can accumulate losses under one name and then change names to restart; without capital requirements, risk planners have no “interests binding” except for their reputation, which can be easily discarded.

Ernesto Boado, founder of BGD Labs and contributor to Aave, directly summarized the issue: risk planners are “selling your brand to gamblers for free.” The protocol earns transaction fees, risk planners earn performance shares, while users bear the losses when inevitable failures occur.

The permissionless architecture has created a specific failure mode, and Stream Finance is a typical example.

Since anyone can create a vault, risk planners will compete for deposits by offering higher yields. Higher yields either rely on real Alpha (which is scarce and not sustainable at scale) or depend on higher risks (which are common and can be catastrophic once exposed).

Users see “18% annual yield” but do not investigate the source. They assume that those with the title of “risk planner” have completed their due diligence. Meanwhile, the risk planners see the opportunity for fee income and accept risks that should have been rejected by prudent risk management. The protocol sees TVL growth and fee income and does not intervene, as permissionless systems should not inherently set thresholds.

This competitive dynamic leads to “race to the bottom.”

If risk planners manage risks conservatively, the yield is lower, and the deposits attracted are also fewer; while those who take excessive risks have higher yields, attract more deposits, earn more fees, and seem successful before a failure occurs.

The market cannot distinguish between sustainable returns and unsustainable high-risk behaviors before a failure occurs. Once a failure happens, the losses are distributed across the entire ecosystem, and the risk planners face no consequences other than damage to their reputation, which is almost irrelevant when they can change their names and restart.

RE7 Labs: Conflicts of Interest and Incentive Failure

The risk planner model embeds fundamental conflicts of interest, making failures similar to Stream Finance almost inevitable.

Risk planners earn fees by managing the scale and performance of assets, which directly incentivizes them to maximize deposits and returns, regardless of the level of risk required to achieve those numbers. Users seek safety and reasonable returns, while risk planners aim for fee income.

These incentives diverge at the most dangerous moments, especially when the opportunity for profit entails risks that users would reject if they were aware.

The case of RE7 Labs is enlightening because they documented their failure modes. Before launching the xUSD integration, their due diligence identified the issue of “centralized counterparty risk.” This analysis was correct.

Stream concentrates the risk on an anonymous external fund manager, whose positions or strategies are completely opaque. RE7 Labs is aware of this risk but still promotes the integration of xUSD, citing “significant user and network demand.” The opportunity for fee income outweighs the risk to user funds. When these funds ultimately incur losses, RE7 Labs only faces reputational damage without any financial consequences, while users bear 100% of the losses.

This incentive structure is not only a mismatch but also an active punishment for prudent behavior.

Risk-averse planners who reject high-yield opportunities due to excessive risk will lose deposits to competitors who accept the risk. Cautious planners earn lower fees and appear to perform poorly; reckless planners earn higher fees, attract more deposits, until failure occurs.

During this period, reckless planners accumulated a large amount of fee income, which would not be reclaimed due to users' subsequent losses. Multiple risk planners and vault managers redistributed user funds to xUSD positions without transparent disclosure, exposing depositors to Stream's recursive leverage and off-chain opacity without their knowledge. Users deposited into a vault marketed as a conservative yield strategy, only to find that funds were concentrated in a counterparty using 7.6 times leverage.

The fee structure of risk planners typically includes a performance share of 5% to 15% of the profits generated. This sounds reasonable, but a closer analysis reveals a serious asymmetry: risk planners share a portion of the profits but do not bear any losses. They have a strong incentive to maximize profits but almost no incentive to minimize risks.

For example, a treasury with a deposit of 100 million dollars and a return rate of 10% would allow the risk planner to earn 1 million dollars with a 10% performance share. If they take double the risk and increase the return rate to 20%, they could earn 2 million dollars. If there is a risk exposure where users lose 50% of their principal, the risk planner would only lose the future fee income from that treasury but retain all the fees earned previously. Users would lose 50 million dollars. This is an economic model of “you win, I earn; you lose, I compensate.”

The agreement itself also has conflicts of interest when dealing with the failure of risk planners.

Morpho and Euler earn fees from vault activities, and they have a financial incentive to maximize activity levels, which means maximizing deposits. This, in turn, means allowing high-yield vaults to attract deposits, even if those vaults take on excessive risk. The protocol claims to be neutral, believing that permissionless systems should not set thresholds. However, they are not truly neutral because they profit from the activities they facilitate.

Traditional financial regulation recognized this issue centuries ago: entities profiting from intermediary activities cannot be completely exempt from responsibility for risks. Brokers earning commissions have certain obligations to customer orders. DeFi protocols have yet to accept this principle.

Morpho Incident: Accountability Vacuum

When traditional brokers or asset managers cause clients' financial losses, the consequences include regulatory investigations, potential license revocation, civil liability for breach of fiduciary duty, and criminal prosecution in cases of fraud or gross negligence. These consequences create incentives for prudent behavior in advance. Managers who take excessive risks for personal gain will realize that the personal consequences of failure are extremely serious. This does not prevent all failures, but compared to a system without accountability, it significantly reduces reckless behavior.

When DeFi risk planners cause customer fund losses, they only face reputational damage, and there are no other consequences. They have no licenses to revoke, no regulatory investigations, as no regulatory body has jurisdiction. They have no fiduciary duties, as the legal relationship between the risk planner and the depositor is undefined. They have no civil liability, as identities are often unknown, and the terms of service of most DeFi protocols explicitly state disclaimers. They can accumulate losses, shut down the vault, and then relaunch under the same protocol with a new name and new vault.

The events that took place on Morpho in March 2024 demonstrated how accountability vacuums operate in practice.

A Morpho vault using Chainlink oracles lost approximately $33,000 due to oracle price discrepancies. When users sought compensation, they encountered systematic evasion: Morpho claimed it was merely infrastructure and did not control vault parameters; the vault risk planners stated they operated only within the protocol guidelines; Chainlink asserted that the oracle performance was compliant. No entity took responsibility, and no users received compensation. The event was small in scale and did not trigger broader market consequences, but it established a precedent: when losses occur, no one is accountable.

This accountability vacuum is by design, not oversight. The protocol explicitly avoids liability through its structure: the terms of service state disclaimers, the documentation emphasizes that the protocol is a permissionless infrastructure that does not control user behavior, and the legal structure places governance of the protocol under a foundation or DAO, choosing jurisdictions with minimal regulation. From a protocol perspective, this is legally sound, but it creates a system where billions of dollars of user funds are managed by entities with no substantial accountability mechanisms.

Economics has a term for this: moral hazard. When entities do not bear the consequences of failure, they take on excessive risks because the potential gains belong to them, while the losses are borne by others.

Identity Disclosure and Accountability: Many risk planners operate under pseudonyms or anonymously. This is sometimes justified by personal safety or privacy, but it directly impacts accountability. When risk planners cannot be identified, they cannot be held legally liable for negligence or fraud; even with a cumulative record of failures, they cannot be excluded from operations; they cannot face professional sanctions or reputational penalties, as these penalties cannot follow their true identity. Anonymous operations eliminate the only existing accountability mechanism in the absence of regulation. In traditional finance, even without regulatory enforcement, managers who ruin client funds still face civil liabilities and reputational consequences, which follow their true identity. However, in Decentralized Finance, they face neither.

Black Box Strategies and Professional Illusions

Risk planners present themselves as risk management experts, claiming to select safe assets, set reasonable parameters, and deploy funds wisely. The marketing language emphasizes professionalism, complex analysis, and prudent risk management.

But the reality (as proven in November 2025) is that many risk planners lack the infrastructure, expertise, and even the intention to manage risks properly. Traditional financial institutions typically allocate 1%-5% of their employees to risk management functions, have independent risk committees, specialized oversight teams, stress testing capabilities, and scenario analysis as required by regulators. In contrast, DeFi risk planners are often small teams or individuals focused on returns and asset accumulation.

The strategies themselves rarely have meaningful disclosures. Risk planners use terms like “Delta neutral trading,” “hedged market making,” and “optimized yield farming,” which sound professional but provide no insights into actual positions, leverage ratios, counterparty risks, or risk parameters.

This opacity is sometimes justified as a means to protect proprietary strategies from front-running or competition, but users have a legitimate need to understand the risks they are undertaking. Opacity is not a feature, but a vulnerability that allows fraud and reckless behavior to persist until failure forces the truth to be revealed.

Stream Finance has taken the opacity issue to a catastrophic scale. They claim to have a TVL of $500 million, but only $200 million is verifiable on-chain, with the remaining $300 million allegedly existing in off-chain positions managed by “external fund managers,” whose identities, qualifications, strategies, and risk management processes have never been disclosed.

Stream uses terms like “Delta neutral trading” and “hedged market making” without ever explaining the specific positions or actual leverage ratios involved in these strategies. When the analysis by Schlagonia revealed that the recursive borrowing structure synthesized $1.9 million in real collateral into a 7.6 times expansion after the collapse, the depositors were completely shocked. They had no way of knowing that their “stablecoin” was actually supported by infinitely recursive borrowed assets rather than real reserves.

Professional illusions are especially dangerous because they lead users to relinquish their judgment.

When a person with the title of “risk planner” accepts high-yield opportunities, users assume that due diligence has been completed. The reality is that the RE7 Labs case shows that due diligence often identifies risks but is then ignored. Their own analysis flagged the centralized counterparty risk of Stream before integrating xUSD, yet they still proceeded because user demand and fee revenue outweighed the identified risks.

Professional capabilities exist, analysis has been applied, conclusions are correct, but ultimately overturned by commercial incentives. This is worse than incompetence because it reveals that even risk planners, who have the ability to identify risks, will still overlook discoveries due to incentive structures.

Proof of Reserve: Technically feasible, but rarely implemented

Cryptographic techniques for verifiable reserve proofs have existed for decades. Merkle trees can prove solvency without exposing account details; zero-knowledge proofs can demonstrate reserve ratios without disclosing trading strategies.

These technologies are mature, easy to understand, and computationally efficient. Stream Finance has not implemented any form of proof of reserves, not due to technical limitations, but as a deliberate choice for opacity, allowing them to maintain fraud for months despite multiple public warnings. The protocol should require all risk planners managing deposits above a threshold to provide proof of reserves. The lack of proof of reserves should be considered equivalent to a bank refusing external audits.

Evidence: The Collapse of Stream Finance

Stream Finance's collapse provides a complete case study demonstrating how the risk planner model can fail. The sequence of events reflects all the issues with the current framework: insufficient due diligence, conflicts of interest, ignoring warnings, lack of transparency, and absence of accountability. A deep understanding of this case is a prerequisite for understanding why systemic change is needed.

Failure Timeline

172 days before the collapse, Yearn Finance developer Schlagonia checked the positions of Stream and directly warned the team that the structure was bound to fail. A quick 5-minute analysis was enough to identify the fatal problem: Stream was supporting $530 million in loans across multiple DeFi protocols with $170 million in on-chain verifiable collateral, resulting in a leverage ratio of 4.1. The strategy involved recursive borrowing, where Stream used deUSD collateral to mint more xUSD, creating a circular dependency that guaranteed both assets would crash simultaneously. The remaining $330 million of TVL was entirely held in off-chain positions managed by anonymous external managers.

On October 28, 2025, industry analyst CBB issued a specific warning along with on-chain data: “xUSD has only about $170 million in support on-chain. They have borrowed approximately $530 million from lending protocols. This is a 4.1 times leverage, and the position is highly illiquid. This is not yield farming, but extreme gambling.” These warnings are public, specific, and accurate, identifying the leverage ratio, liquidity risks, and the fundamental recklessness of the structure. In the following week, several analysts amplified these warnings.

Despite the ongoing warnings, risk planners continue to hold positions and attract new deposits. TelosC maintains an exposure of $123.64 million, MEV Capital holds $25.42 million, and Re7 Labs has $27.4 million across two vaults. The warnings are ignored as taking action means reducing positions and cutting fee income, making risk planners appear to perform worse than those who continue to hold.

On November 4, 2025, Stream announced that an external fund manager had lost approximately $93 million in funds, subsequently suspending withdrawals. Within hours, xUSD plummeted from $1.00 to $0.23 in the secondary market, a drop of 77%. Elixir's deUSD (65% of reserves concentrated lent to Stream) collapsed from $1.00 to $0.015 within 48 hours, a drop of 98%. The total contagion exposure reached $285 million, with Euler facing approximately $137 million in bad debts and over $160 million frozen across multiple protocols.

Risk Planner vs. Traditional Broker

Comparing DeFi risk planners with traditional brokers is enlightening, as it reveals the lack of accountability mechanisms in the planner model. This is not to argue that traditional finance is the ideal model or that its regulatory structure should be directly replicated.

Traditional finance also has its own failures, costs, and exclusivity. However, after hundreds of years of expensive lessons, it has gradually established accountability mechanisms, while the orchestrator model explicitly abandons these mechanisms.

Technical Advice

The risk planner model does have its advantages: it achieves capital efficiency by allowing professionals to set risk parameters instead of using a “one-size-fits-all” protocol default; it promotes innovation by allowing experimentation with different strategies and risk frameworks; and it enhances accessibility by removing gatekeepers that may exclude participants based on scale, geography, or unfamiliarity.

These advantages can be retained while addressing the accountability issues exposed in November 2025. The following suggestions are based on empirical evidence of DeFi failures over the past five years:

1. Mandatory Identity Disclosure

Risk planners managing deposits exceeding the threshold (suggested $1000 ten thousand) should be required to disclose their true identity to a registry maintained by the protocol or an independent organization. This does not require the public disclosure of home addresses or personal details, but it must ensure that risk planners can be identified and held accountable in the event of fraud or gross negligence. Anonymous operations are incompatible with large-scale management of others' funds. Privacy reasons are often used as a defense in DeFi, but they do not apply to entities earning fees for managing client funds.

2. Capital Requirements

Risk planners should be required to maintain a certain amount of risk capital, which will be deducted when their treasury losses exceed a specified threshold. This aligns incentives through “interest binding.” The specific structure may include: planners needing to stake collateral, which will be reduced when treasury losses exceed 5% of the deposits, or requiring planners to hold a junior tier of their own treasury to absorb first-round losses. Currently, the structure where planners earn fees without risk capital creates moral hazard, and capital requirements can address this issue.

3. Mandatory Information Disclosure

Risk planners should be required to disclose strategies, leverage ratios, counterparty risks, and risk parameters in a standardized format for comparison and analysis. The claims that disclosure would harm proprietary strategies are mostly excuses. Most planner strategies are merely variants of known yield farming techniques. Real-time disclosure of leverage ratios and concentration will not harm Alpha, but will enable users to understand the risks they are taking.

4. Proof of Reserves

The agreement should require all risk planners managing deposits above the threshold to provide proof of reserves. The cryptographic techniques used for verifiable proof of reserves are mature and efficient. Merkle trees can prove solvency without exposing individual positions, and zero-knowledge proofs can verify reserve ratios without disclosing trading strategies. The lack of proof of reserves should disqualify planners from managing deposits. This measure could have prevented Stream Finance from maintaining $300 million in unverifiable positions off-chain.

5. Concentration Limit

The agreement should enforce concentration limits to prevent risk planners from allocating an excessively high proportion of the reserve deposits to a single counterparty. Elixir lends 65% of its deUSD reserves ($68 million out of $105 million) to Stream through a private Morpho vault. This concentration ensures that Stream's failure would destroy Elixir. The concentration limit should be set at a maximum exposure of 10%-20% to a single counterparty and enforced at the smart contract level to avoid circumvention.

6. Protocol Accountability

Protocols that earn fees from risk planners' activities should bear some responsibility. This may include: extracting insurance funds from protocol fees to compensate users for losses caused by planner failures, or maintaining a list of planners and excluding entities with poor records or insufficient disclosures. Currently, the model where protocols earn fees while completely denying responsibility is economically unreasonable. Fee-earning intermediaries must bear accountability obligations.

Conclusion

The currently implemented risk planner model represents an accountability vacuum, with billions of dollars of user funds managed by entities that have no substantive constraints on their behavior and no substantial consequences for failure.

This does not negate the model itself. Capital efficiency and specialized risk management do have advantages. However, this model must introduce accountability mechanisms, just as traditional finance has developed over hundreds of years through costly lessons. DeFi can develop mechanisms suited to its own characteristics, but it cannot completely abandon accountability and expect different outcomes from traditional finance in the absence of accountability mechanisms.

The current structure guarantees the repeated occurrence of failures until the industry accepts a fact: intermediaries that charge fees must be held accountable for the risks they cause.