Original Title: DeFi Risks: Curators as new Brokers
Original Author: @yq_acc
Translated by: Peggy, BlockBeats
Editor's Note: Since 2020, DeFi has rapidly expanded, with the total locked value once exceeding $100 billion, giving rise to the model of risk curators. However, in the absence of regulation, identity disclosure, and risk constraints, risk curators manage billions of dollars of user funds, leading to frequent systemic failures. In November 2025, the collapse of Stream Finance resulted in a loss of $285 million, exposing the core issues of the risk curator model.
Based on this, this article deeply analyzes the root causes of risks behind the current model and proposes technical improvement suggestions.
The following is the original text:
New Financial Intermediaries: "Risk Curators"
In the past eighteen months, a new type of financial intermediary has emerged in DeFi. These entities call themselves risk curators, treasury managers, or strategy operators.
They manage billions of dollars in user deposits on protocols like Morpho (approximately $7.3 billion) and Euler (approximately $1.1 billion), responsible for setting risk parameters, selecting collateral types, and deploying funds into yield strategies. They charge a performance fee of 5% to 15%, yet operate without licenses, regulatory scrutiny, mandatory disclosure of qualifications or past performance, and often do not disclose their true identities.
The collapse of Stream Finance in November 2025 revealed the consequences of this structure under stress testing.
This contagion affected the entire ecosystem, resulting in losses of $285 million. Risk curators, including TelosC ($123.64 million), Elixir ($68 million), MEV Capital ($25.42 million), and Re7 Labs (two treasuries totaling $27.4 million), concentrated user deposits with a single counterparty, which used 7.6 times leverage with only $1.9 million in real collateral.
Warnings were public and clear: CBB released leverage ratios on October 28, and Schlagonia directly warned Stream 172 days before the collapse. However, these warnings were ignored, as the incentive structure encouraged the neglect of risk.
The risk curator model follows a familiar pattern from traditional finance but strips away the accountability mechanisms established after centuries of costly failures.
When banks or brokers manage client funds, they must meet capital requirements, registration obligations, fulfill fiduciary duties, and undergo regulatory scrutiny. In contrast, when DeFi risk curators manage client funds, they face only market incentives, which reward asset accumulation and yield maximization rather than risk management. The protocols supporting risk curators claim to be neutral infrastructure, earning fees from activities while denying responsibility for risks.
This position is unsustainable; traditional finance abandoned this notion decades ago due to repeated disasters, with the profound lesson being that fee-earning intermediaries cannot be completely absolved of responsibility.
Inevitable Failures
Stream Finance: A Permissionless Structure and Its Consequences
Morpho and Euler operate as permissionless lending infrastructures. Anyone can create a treasury, set risk parameters, choose acceptable collateral, and start attracting deposits.
The protocols provide smart contract infrastructure and earn fees from activities. This structure does have advantages: permissionless systems promote innovation by removing gatekeepers that may hinder new approaches due to unfamiliarity or competing interests; they provide financial services to participants who may be excluded by traditional systems; and they create transparent, auditable transaction records on-chain.
However, this structure also brought to light the fundamental issues exposed in November 2025.
Without gatekeeping, there is no control over who becomes a risk curator; without registration requirements, there is no accountability when risk curators fail; without identity disclosure, risk curators can accumulate losses under one name and then restart under another; without capital requirements, risk curators have no "stake" other than their reputation, which can be easily discarded.
Ernesto Boado, founder of BGD Labs and contributor to Aave, succinctly summarized the problem: risk curators are "selling your brand for free to gamblers." The protocols earn transaction fees, risk curators earn performance fees, and users bear the losses when inevitable failures occur.
The permissionless structure creates a specific failure mode, with Stream Finance being a typical case.
Since anyone can create a treasury, risk curators compete for deposits by offering higher yields. Higher yields either rely on genuine alpha (scarce and unsustainable at scale) or on higher risks (common and catastrophic once exposed).
Users see "18% annualized yield" but do not investigate the source. They assume that those with the title of "risk curator" have conducted due diligence. Meanwhile, risk curators see an opportunity for fee income and accept risks that should have been prudently managed. The protocols see TVL growth and fee income and do not intervene, as permissionless systems inherently should not set thresholds.
This competitive dynamic leads to "race to the bottom."
If risk curators conservatively manage risks, they attract fewer deposits due to lower yields; whereas those who take excessive risks achieve higher yields, attract more deposits, earn more fees, and appear successful until failure occurs.
The market cannot distinguish between sustainable yields and unsustainable high-risk behaviors before failure occurs. Once failure happens, losses are distributed across the entire ecosystem, and risk curators face no consequences other than reputational damage, which is almost irrelevant when they can restart under a new name.
RE7 Labs: Conflicts of Interest and Incentive Failures
The risk curator model embeds fundamental conflicts of interest, making failures like Stream Finance's almost inevitable.
Risk curators earn fees by managing asset scale and performance, which directly incentivizes them to maximize deposits and yields, regardless of the risks involved in achieving those numbers. Users seek safety and reasonable returns, while risk curators seek fee income.
These incentives diverge at the most dangerous moments, especially when yield opportunities require accepting risks that users would reject if they were aware.
The case of RE7 Labs is illustrative, as they documented their failure mode. Before launching the xUSD integration, their due diligence identified "centralized counterparty risk" as an issue. This analysis was correct.
Stream concentrated risk on an anonymous external fund manager, who was completely opaque regarding positions or strategies. RE7 Labs, aware of this risk, still pushed forward with the xUSD integration, citing "significant user and network demand." The opportunity for fee income outweighed the risk to user funds. When these funds ultimately incurred losses, RE7 Labs faced only reputational damage, with no financial consequences, while users bore 100% of the losses.
This incentive structure is not only misaligned but actively punishes prudent behavior.
Risk curators who reject high-yield opportunities due to excessive risk will lose deposits to competitors who accept the risks. Prudent curators earn lower fees and appear to perform poorly; reckless curators earn higher fees, attract more deposits, and seem successful until failure occurs.
During this time, reckless curators accumulate substantial fee income, which is not recoverable due to subsequent user losses. Multiple risk curators and treasury managers, without transparent disclosures, reallocated user funds to xUSD positions, exposing depositors unknowingly to Stream's recursive leverage and off-chain opacity. Users deposited into what was marketed as a conservative yield strategy treasury, only to find their funds concentrated with a counterparty using 7.6 times leverage.
The fee structure for risk curators typically includes a performance fee of 5% to 15% on generated yields. This sounds reasonable, but a closer analysis reveals severe asymmetry: risk curators share a portion of the profits but bear no losses. They have a strong incentive to maximize yields but almost no incentive to minimize risks.
For example, a treasury with $100 million in deposits and a yield of 10% would allow the risk curator to earn $1 million with a 10% performance fee. If they take double the risk and increase the yield to 20%, they could earn $2 million. If the risk materializes and users lose 50% of their principal, the risk curator would only lose future fee income from that treasury but retain all fees earned previously. Users would lose $50 million. This is a "win for me, lose for you" economic model.
The protocols themselves also have conflicts of interest when dealing with risk curator failures.
Morpho and Euler earn fees from treasury activities, creating a financial incentive to maximize activity levels, which means maximizing deposits, which in turn means allowing high-yield treasuries to attract deposits, even if those treasuries take excessive risks. The protocols claim to be neutral, believing that permissionless systems should not set thresholds. However, they are not truly neutral, as they profit from the activities they facilitate.
Traditional financial regulation recognized this issue centuries ago: entities profiting from intermediary activities cannot be completely absolved of risk responsibility. Brokers earning commissions have certain obligations to client orders. DeFi protocols have yet to accept this principle.
The Morpho Incident: An Accountability Vacuum
When traditional brokers or asset managers cause client fund losses, consequences include regulatory investigations, possible license revocation, civil liability for breaching fiduciary duties, and criminal prosecution in cases of fraud or gross negligence. These consequences create incentives for prudent behavior in advance. Managers who take excessive risks for personal gain realize that the personal consequences of failure are severe. While this does not prevent all failures, it significantly reduces reckless behavior compared to a system without accountability.
When DeFi risk curators cause client fund losses, they face only reputational damage, with no other consequences. They have no licenses to revoke, no regulatory investigations because no regulatory body has jurisdiction. They have no fiduciary duties, as the legal relationship between risk curators and depositors is undefined. They have no civil liability, as identities are often unknown, and the terms of service of most DeFi protocols explicitly state disclaimers. They can accumulate losses, close the treasury, and then restart on the same protocol under a new name and new treasury.
In March 2024, an incident on Morpho demonstrated how the accountability vacuum operates in practice.
A Morpho treasury using Chainlink oracles suffered a loss of approximately $33,000 due to oracle price discrepancies. When users sought compensation, they encountered systemic deflection: Morpho claimed to be merely infrastructure and did not control treasury parameters; the treasury risk curators asserted they operated only within the protocol's guidelines; Chainlink stated that the oracle's performance was compliant. No entity took responsibility, and no users received compensation. The scale of the incident was small and did not trigger broader market consequences, but it established a precedent: when losses occur, no one is accountable.
This accountability vacuum is by design, not oversight. The protocols explicitly avoid responsibility through their structure: terms of service include disclaimers, documentation emphasizes that the protocol is permissionless infrastructure that does not control user behavior, and the legal structure places protocol governance under a foundation or DAO, choosing jurisdictions with minimal regulatory oversight. From a protocol perspective, this is legally sound, but it creates a system where billions of dollars of user funds are managed by entities with no substantive accountability mechanisms.
There is a term in economics for this: moral hazard. When entities do not bear the consequences of failure, they take on excessive risks because the potential gains belong to them while the losses are borne by others.
Identity Disclosure and Accountability: Many risk curators operate under pseudonyms or anonymously. This is sometimes justified by personal safety or privacy, but it directly impacts accountability. When risk curators cannot be identified, they cannot be held legally responsible for negligence or fraud; even if they accumulate a record of failures, they cannot be excluded from operations; they cannot face professional sanctions or reputational penalties because these penalties cannot follow their true identities. Anonymous operations eliminate the only existing accountability mechanism in the absence of regulation. In traditional finance, even without regulatory enforcement, managers who destroy client funds still face civil liability and reputational consequences that follow their true identities. In DeFi, they face neither.
Black Box Strategies and Professional Illusions
Risk curators package themselves as risk management experts, claiming to select safe assets, set reasonable parameters, and deploy funds wisely. Marketing language emphasizes professionalism, complex analysis, and prudent risk management.
But the reality (as proven in November 2025) is that many risk curators lack the infrastructure, expertise, and even the intent to manage risks properly. Traditional financial institutions typically allocate 1%-5% of their staff to risk management functions, with independent risk committees, dedicated oversight teams, stress testing capabilities, and scenario analysis required by regulators. In contrast, DeFi risk curators are often small teams or individuals focused on yield and asset accumulation.
The strategies themselves rarely have meaningful disclosures. Risk curators use terms like "Delta-neutral trading," "hedged market making," and "optimized yield farming," which sound professional but provide no insight into actual positions, leverage ratios, counterparty risks, or risk parameters.
This opacity is sometimes justified as protecting proprietary strategies from front-running or competition, but users have a legitimate need to understand the risks they are taking on. Opacity is not a feature but a flaw that allows fraud and recklessness to persist until failure forces the truth to emerge.
Stream Finance took the opacity issue to catastrophic levels. They claimed to have $500 million in TVL, but only $200 million was verifiable on-chain, with the remaining $300 million allegedly existing in off-chain positions managed by "external fund managers," whose identities, qualifications, strategies, and risk management processes were never disclosed.
Stream used terms like "Delta-neutral trading" and "hedged market making" but never explained the specific positions or actual leverage ratios involved in these strategies. When Schlagonia analyzed the situation post-collapse and revealed that the recursive lending structure synthesized a 7.6x expansion from $1.9 million in real collateral, depositors were completely shocked. They had no way of knowing that their "stablecoin" was actually supported by infinitely recursive borrowed assets rather than real reserves.
The illusion of professionalism is particularly dangerous because it leads users to abandon their judgment.
When someone with the title of "risk curator" accepts a high-yield opportunity, users assume due diligence has been completed. The reality, as shown in the RE7 Labs case, is that due diligence often identifies risks but is subsequently ignored. Their own analysis flagged Stream's centralized counterparty risk before integrating xUSD, yet they proceeded because user demand and fee income outweighed the identified risks.
Professional capability exists, analysis has been applied, conclusions are correct, but ultimately they are overturned by commercial incentives. This is worse than incompetence because it reveals that even when risk curators have the ability to identify risks, the incentive structure still leads them to ignore their findings.
Proof of Reserves: Technically Feasible, Yet Rarely Implemented
Cryptographic techniques for verifiable proof of reserves have existed for decades. Merkle trees can prove solvency without exposing account details; zero-knowledge proofs can demonstrate reserve ratios without disclosing trading strategies.
These technologies are mature, easy to understand, and computationally efficient. Stream Finance's failure to implement any form of proof of reserves is not due to technical limitations but a deliberate choice for opacity, allowing them to maintain fraud for months despite multiple public warnings. Protocols should require all risk curators managing deposits above a threshold (suggested at $10 million) to provide proof of reserves. The lack of proof of reserves should be treated as equivalent to a bank refusing an external audit.
Evidence: The Collapse of Stream Finance
The collapse of Stream Finance provides a complete case study demonstrating how the risk curator model fails. The sequence of events embodies all the issues of the current structure: insufficient due diligence, conflicts of interest, ignored warnings, opacity, and lack of accountability. A deep understanding of this case is essential to grasp why systemic change is necessary.
Failure Timeline
172 days before the collapse, Yearn Finance developer Schlagonia examined Stream's positions and directly warned the team that the structure was bound to fail. A mere 5 minutes of analysis was enough to identify the fatal flaw: Stream's on-chain verifiable $170 million in collateral supported $530 million in borrowings across multiple DeFi protocols, resulting in a leverage ratio of 4.1x. The strategy involved recursive lending, where Stream borrowed against deUSD collateral to mint more xUSD, creating a circular dependency that guaranteed both assets would collapse simultaneously. The remaining $330 million in TVL was entirely in off-chain positions managed by anonymous external managers.
On October 28, 2025, industry analyst CBB issued a specific warning with on-chain data: "Only about $170 million supports xUSD on-chain. They borrowed about $530 million from lending protocols. This is 4.1x leverage, and the positions are highly illiquid. This is not yield farming; it is extreme gambling." These warnings were public, specific, and accurate, identifying the leverage ratio, liquidity risks, and the fundamental recklessness of the structure. In the following week, multiple analysts amplified these warnings.
Despite the ongoing warnings, risk curators continued to hold positions and attract new deposits. TelosC maintained a $123.64 million exposure, MEV Capital held $25.42 million, and Re7 Labs kept $27.4 million across two treasuries. The warnings were ignored because taking action would mean reducing positions, decreasing fee income, and making risk curators appear to perform worse than those who continued to hold.
On November 4, 2025, Stream announced that an external fund manager had lost approximately $93 million in funds, subsequently pausing withdrawals. Within hours, xUSD plummeted from $1.00 to $0.23 in the secondary market, a drop of 77%. Elixir's deUSD (65% of reserves lent to Stream) collapsed from $1.00 to $0.015 within 48 hours, a drop of 98%. The total contagion exposure reached $285 million, with Euler facing approximately $137 million in bad debt, and over $160 million frozen across multiple protocols.
Risk Curators vs. Traditional Brokers
Comparing DeFi risk curators with traditional brokers is enlightening because it reveals the lack of accountability mechanisms in the curator model. This is not an argument that traditional finance is an ideal model or that its regulatory structure should be directly replicated.
Traditional finance also has its own failures, costs, and exclusivity. However, after experiencing centuries of costly lessons, it has gradually established accountability mechanisms, while the curator model explicitly abandons these mechanisms.
Technical Recommendations
The risk curator model does have its advantages: it achieves capital efficiency by allowing professionals to set risk parameters rather than using a "one-size-fits-all" protocol default; it promotes innovation by allowing experimentation with different strategies and risk frameworks; and it enhances accessibility by removing gatekeepers that may exclude participants based on scale, geography, or unfamiliarity.
These advantages can be retained while addressing the accountability issues exposed in November 2025. The following recommendations are based on empirical evidence from DeFi failures over the past five years:
- Mandatory Identity Disclosure
Risk curators managing deposits above a threshold (suggested at $10 million) should be required to disclose their true identities to a registry maintained by the protocol or an independent entity. This does not require public disclosure of home addresses or personal details, but it must ensure that risk curators can be identified and held accountable in cases of fraud or gross negligence. Anonymous operations are incompatible with managing others' funds on a large scale. Privacy reasons are often used as a defense in DeFi, but this does not apply to entities earning fees for managing client funds.
- Capital Requirements
Risk curators should be required to maintain a certain amount of risk capital, which would be deducted when their treasury losses exceed a specified threshold. This aligns incentives through "skin in the game." Specific structures could include: curators needing to stake collateral that would be deducted when treasury losses exceed 5% of deposits, or requiring curators to hold subordinated tranches of their own treasury to absorb first-round losses. The current structure allows curators to earn fees without risk capital, creating moral hazard, while capital requirements can address this issue.
- Mandatory Information Disclosure
Risk curators should be required to disclose strategies, leverage ratios, counterparty risks, and risk parameters in a standardized format for comparison and analysis. The argument that disclosure would harm proprietary strategies is mostly an excuse. Most curator strategies are merely variations of known yield farming techniques. Real-time disclosure of leverage ratios and concentration will not harm alpha but will allow users to understand the risks they are taking on.
- Proof of Reserves
Protocols should require all risk curators managing deposits above a threshold to provide proof of reserves. The cryptographic techniques for verifiable proof of reserves are mature and efficient. Merkle trees can prove solvency without exposing individual positions, and zero-knowledge proofs can verify reserve ratios without disclosing trading strategies. The lack of proof of reserves should disqualify curators from managing deposits. This measure could have prevented Stream Finance from maintaining $300 million in unverifiable off-chain positions.
- Concentration Limits
Protocols should enforce concentration limits to prevent risk curators from allocating an excessive proportion of treasury deposits to a single counterparty. Elixir lent 65% of its deUSD reserves ($68 million out of $105 million) to Stream through a private Morpho treasury. This concentration ensured that Stream's failure would destroy Elixir. Concentration limits should be set at a maximum exposure of 10%-20% to a single counterparty and enforced at the smart contract level to avoid circumvention.
- Protocol Accountability
Protocols that earn fees from risk curator activities should bear some responsibility. This could include: extracting an insurance fund from protocol fees to compensate users for losses caused by curator failures, or maintaining a list of curators that excludes entities with poor records or insufficient disclosures. The current model, where protocols earn fees while completely denying responsibility, is economically unreasonable. Fee-earning intermediaries must bear accountability obligations.
Conclusion
The currently implemented risk curator model represents an accountability vacuum, with billions of dollars of user funds managed by entities with no substantive constraints on behavior and no real consequences for failure.
This is not to deny the model itself. Capital efficiency and specialized risk management do have advantages. However, the model must introduce accountability mechanisms, just as traditional finance has developed mechanisms through centuries of costly lessons. DeFi can develop mechanisms suited to its characteristics, but it cannot completely abandon accountability while expecting different outcomes from traditional finance in the absence of accountability mechanisms.
The current structure guarantees repeated failures until the industry accepts the fact that fee-earning intermediaries must be held accountable for the risks they create.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
