DeFi’s Contagion Loop: When Risk Curators Become the Risk

Permissionless finance has pushed capital allocation closer and closer to full automation, allowing for the collapse of the gap between signal and execution to near zero.

Alongside this growth, DeFi has seen the rise of the "risk curator," operators meant to intermediate capital allocation, select markets and apply judgment across a complex set of dependencies.

In practice, however, this role is often only partially fulfilled. As we noted in DeFi's Black Box, many curated products only "provide indirect hints about protocol exposure and strategy", shaping allocations around protocol relationships and yield maximization rather than real-time risk optimization.

This distinction matters, especially for the institutions entering DeFi for yield. Capital is allocated with the expectation that it is deployed into risk-aware systems with dynamic controls, 24/7 monitoring, and enforceable constraints (i.e., the job of a risk curator).

What recent incidents have shown is a very different reality: static risk assumptions, delayed intervention, non-existent risk oversight, and allocation frameworks that break precisely when underlying risk conditions break.

This repeated with the latest Resolv exploit.

For hours, risk curators allocated capital into markets that have already failed. Is this what professional risk curation looks like?

Investors and protocols deserve better.

1. Setting the scene

On March 22, an attacker minted tens of millions of unbacked USR, triggering a sharp depeg and forcing the protocol to halt operations. The exploit originated from compromised infrastructure and privileged signing assumptions, allowing minting authority to be exercised by the attacker.

Resolv’s assets were already deeply embedded across DeFi, with both the senior (wstUSR) and junior (RLP) tranches used as collateral in multiple lending markets. However, at the time of the exploit, the immediate impact on many lending markets was limited, with only a few thousand dollars at risk.

Within hours, that containment broke.

Several risk curators, including Gauntlet, routed over $6M in capital INTO the affected markets, effectively supplying liquidity to already-defaulted positions.

2. Why It Happened: A Headline-APY-First System

To understand why the fallout unfolded this way, it is necessary to examine what DeFi’s infrastructure is built to optimize for.

At its core, DeFi infrastructure is designed to move capital as quickly and efficiently as possible toward markets with the highest observable demand, a design objective that has gradually evolved into a singular focus on maximizing depositor returns and compressing market inefficiencies, with the curators’ use of Morpho’s Public Allocator serving as a direct expression of this philosophy.

An allocator routes liquidity automatically toward markets that meet pre-approved parameters, allowing capital to follow utilization in real time and capture higher rates without requiring continuous manual intervention. In practice, this logic reduces capital allocation to a small set of signals:

• Utilization: where capital is most in demand
• Pre-approved limits: i.e., borrow caps and other risk configs
• Yield differentials: venues with the highest returns

What it does not evaluate is the nature of that demand.

Curators evaluate and whitelist markets at a single point in time, implicitly underwriting the assumption that supplying capital within predefined limits will remain valid. That assumption holds only as long as market conditions remain stable, and it breaks the moment those conditions change.

When that happens, allocation does not stop.

Capital continues to be routed based on utilization signals even when those signals are driven by a system that has already failed, because nothing in the allocator forces a reassessment of the conditions that originally justified deployment. Morpho’s Public Allocator includes controls that allow curators to intervene, including by emptying (even automatically) the supply queue when a listed market’s oracle diverges materially from market price. However, these controls depend on the specific implementation by the individual risk curator.

This separation is what allowed capital to continue flowing into the impacted Resolv markets even after the underlying assumptions had broken. It reflects not a failure of a single feature but a broader design bias visible in teams like Gauntlet: capital allocation is fast and automated, risk management is slow and over-reliant on human intervention.

3. The Material Consequences of "Yield at Any Cost"

At the time of the first exploit transaction, the direct damage inside the affected Morpho markets was limited.

On the main wstUSR-collateralized market, less than $5K USDC was supplied before curator-driven auto-allocation materially increased available exit liquidity. Other venues had exposure, but a large part of the damage was caused by post-exploit allocations. As utilization surged, vaults using Morpho's Public Allocator began routing fresh USDC into those venues under pre-approved allocation logic.

Each new allocation increased the amount of USDC available to be borrowed against impaired collateral, effectively extending fresh exit liquidity to an attacker draining the system. Here’s an ongoing tally of exposures as of 1pm EST, March 23rd:

• Fluid: ~$18.0M
• Venus Flux: ~$24.5M
• Gauntlet Morpho USDC Mainnet (Core + Frontier): ~$6.05M
• Yield yoUSD: ~$1.23M
• Resolv Morpho USDC Mainnet: ~$1.02M
• Clearstar Morpho USDC Mainnet (Yield + Reactor): ~$1.00M
• Gauntlet ExtraFi Morpho USDC Base: ~$433K
• Re7 Labs Morpho USDC Mainnet: ~$428K
• Everstone Morpho USDC Mainnet: ~$392K
• Gauntlet Morpho Seamless USDC Base: ~$382K
• Inverse Finance: ~$340K
• August AUSD V2 Mainnet: ~$316K
• Upshift earnAUSD: ~$316K
• kpk Morpho USDC Yield Mainnet: ~$222K
• MEV Capital Morpho USDC Mainnet: ~$53K
• 9Summits Morpho USDC Mainnet: ~$41K
• Keyrock Morpho USDC Mainnet: ~$36K
• Apostro Resolv Morpho USDC (Base + Mainnet): ~$20K

Estimated total (known amounts): ~$54.8M+

This excludes Lista USD1 Vault and August Upshift coreUSDC + upUSDC (no specific amount disclosed yet).

4. Closing the Gap Between Allocation and Risk

The lesson here is not to slow down or abandon capital automation.

Rather we need to recognize that the limitation lies not in speed itself, but in what that speed is applied to and whether it reflects the state of the market it is operating in.

In most current designs, allocation and risk management operate on different timelines, with capital moving continuously in response to utilization, demand, and yield, while risk management remains slower, dependent on point-in-time assumptions made at onboarding and on delayed intervention once those assumptions no longer hold, creating a structural gap where capital continues to move under conditions that have already invalidated the logic behind those movements.

This gap is what defines the last mile problem in financial AI, where systems are able to process signals and optimize execution efficiently, but fail at translating those signals into state-aware decisions once the environment changes, effectively optimizing for movement rather than correctness under shifting conditions.

The pattern exposed by Resolv is not new. Stream, Elixir, USDX, and Moonwell each followed a similar trajectory of complex risk containers with limited risk management, where failures in one layer cascaded through dependencies that curators failed to contain. The difference is that in the case of Stream, the underlying risk was opaque by design, while with Resolv, the information was public, the signals were visible, and what failed was the speed and willingness of curators to act on them.

Closing this gap requires both tooling and a shift in how risk is conceptualized. Here are some of our guiding principles:

• Due diligence. Every protocol, asset, parameter, and oracle is reviewed before deployment. Each dependency is mapped as an exposure vector, analyzed for how it could affect solvency, liquidity, and yield, and constrained with explicit limits. This is not a one-time onboarding exercise and is the baseline that all subsequent automation enforces.
• Automated risk monitoring. Live conditions diverge from launch assumptions. When they do, the system must respond without waiting for a human to notice. We’ve built AI-powered automation to surface the signals that trigger actions: limiting new inflows, tightening or pausing markets, adjusting collateral parameters, or applying allocation constraints to preserve solvency and liquidity. The goal is consistent adherence to the vault's mandate without reliance on manual oversight.
• Optimized allocation within defined constraints. We model vault allocations to balance yield, liquidity, and stability rather than chasing the highest APY. A core principle is that curators should not rely on solvency risk as a hidden source of returns. If a strategy only appears attractive because it shifts unbounded tail risk onto depositors, it does not belong in the vault.

Risk management cannot remain a static function tied to onboarding decisions or treated as a byproduct of yield optimization. As seen with wstUSR and RLP, an asset can move from acceptable collateral to systemic hazard within hours. Curation must be continuous, risk-first, and responsive to changing conditions rather than anchored to initial assumptions.

Allocation and capital safety should not operate on separate speed lanes and sequenced; they should be coupled in real time.

5. DeFi Needs Containment + Allocation Systems

The Resolv incident showed that DeFi is no longer constrained by its ability to route capital: curators have become increasingly effective at optimizing utilization, yield, and capital efficiency, but without an equivalent evolution in how risk is contained when market reality changes.

In the pursuit of higher returns, resilience has been implicitly deprioritized, allowing the same mechanisms designed to improve performance to also function as pathways for contagion whenever they are not matched by equally responsive safety systems.

DeFi's next phase cannot be built solely around better allocation, because allocation without containment simply increases the speed at which capital is exposed. We must all incorporate infrastructure that can recognize failure points, adapt to changing conditions, and enforce risk constraints in real time, alongside curation practices that treat incident response as a core function rather than a reactive afterthought.

A more effective response to incidents is not in tension with efficiency, but a prerequisite for it, as gaps in risk management quickly become entry points for adversarial flows that will treat depositors as exit liquidity if given the chance.

We believe this dynamic will only intensify as DeFi continues to onboard even more complex asset structures that are less familiar but yield-bearing. This includes RWAs, where underlying risks are harder to observe, slower to price, and more dependent on external assumptions.

In that context, it is not enough for capital to know where to go and how to get there; it must also be governed by systems that can determine when movement should stop, because without that constraint, efficiency does not just accelerate opportunity, it accelerates failure.