Has an on-chain "subprime crisis" emerged? The road to maturity for DeFi structured products

Are deposits backed by real assets? To which protocols, venues, or counterparties are the assets exposed? Who controls the assets?

Written by: Chaos Labs

Translated by: AididiaoJP, Foresight News

The Rise of Risk Managers and Onchain Capital Allocators (OCCA)

DeFi has entered a new structured phase, where institutional trading strategies are being abstracted into composable and tokenizable assets.

It all began with the emergence of liquid staking tokens, and the tokenized basis trade launched by Ethena Labs became a key turning point for structured products in DeFi. This protocol packaged a delta-neutral hedging strategy—requiring 24-hour margin management—into a synthetic dollar token, allowing users to participate with a single click, thereby redefining their expectations of DeFi.

Yield products that were previously exclusive to trading desks and institutions have now gone mainstream. USDe became the fastest stablecoin to reach a total value locked (TVL) of 10 billions USD.

Ethena’s success has confirmed the market’s strong demand for “institutional strategy tokenization.” This shift is reshaping market structure and has given rise to a group of “risk managers” or “onchain capital allocators,” who package complex yield and risk strategies into simpler products for users.

What Are Risk Managers and Onchain Capital Allocators (OCCA)?

Currently, there is no unified definition in the industry for “risk managers” or “OCCA.” These labels cover a variety of designs, but their commonality lies in repackaging yield-generating strategies.

Translator’s note: OCCA stands for Onchain Capital Allocator, which can be understood as professional fund managers or asset managers in DeFi. They attract user funds by packaging complex strategies into simple products.

OCCAs typically launch branded strategy products, while risk managers more often utilize modular money markets (such as Morpho and Euler), providing yield through parameterized vaults. The total value locked in these two types of products surged from less than 2 millions USD in 2023 to 20 billions USD, an increase of about 10,000 times.

This also brings a series of fundamental questions:

• Where are the deposits being allocated?
• To which protocols or counterparties are the funds exposed?
• Can risk parameters be flexibly adjusted even in the face of extreme volatility? What assumptions are they based on?
• How liquid are the underlying assets?
• What is the exit path in the event of large-scale redemptions or a bank run?
• Where does the risk actually lie?

On October 10, the cryptocurrency market experienced the largest altcoin crash in history, impacting centralized exchanges and perpetual contract DEXs, triggering cross-market liquidations and automatic deleveraging.

However, delta-neutral tokenized products seemed largely unaffected.

Most of these products operate like black boxes, providing almost no information beyond highlighted APYs and marketing slogans. Only a very few OCCAs indirectly disclose protocol exposures and strategy details, but crucial information such as position-level data, hedging venues, margin buffers, real-time reserves, and stress-testing strategies is rarely made public; even when disclosed, it is often selective or delayed.

Lacking verifiable tags or traces on trading venues, users find it difficult to judge whether a product’s resilience comes from robust design, luck, or even delayed financial recognition. Most of the time, they cannot even tell if a loss has occurred.

We have observed four recurring weak points in the design: centralized control, rehypothecation, conflicts of interest, and lack of transparency.

Centralization

Most yield “black boxes” are managed by multisig wallets controlled by external accounts or operators, responsible for custody, transfer, and deployment of user funds. This concentration of control means that operational errors (such as private key leaks or signers being coerced) can easily lead to catastrophic losses. This also repeats a common pattern from the previous cycle’s bridge attacks: even without malicious intent, a single compromised workstation, phishing link, or insider abuse of emergency privileges can cause massive damage.

Rehypothecation

In some yield products, collateral is reused across multiple vaults. One vault deposits into or lends to another, which then cycles into a third. Investigations have found circular lending patterns: deposits are “washed” through multiple vaults, inflating TVL and forming recursive “mint-lend” or “borrow-supply” chains, continuously accumulating systemic risk.

Conflicts of Interest

Even if all parties act in good faith, setting optimal supply/borrow caps, interest rate curves, or choosing the right oracles for a product is not easy. All these decisions involve trade-offs. Markets that are too large or uncapped may drain exit liquidity, making liquidations impossible and inviting manipulation. Conversely, caps that are too low may restrict normal activity. Interest rate curves that ignore liquidity depth may trap lender funds. When curators are evaluated based on growth, the problem is exacerbated, as their interests may diverge from those of depositors.

Transparency

The market shakeout in October exposed a simple fact: users lack effective data to judge risk locations, risk marking methods, and whether supporting assets are always sufficient. While it may not be realistic to disclose all positions in real time due to risks of frontrunning or short squeezes, a certain degree of transparency is still compatible with the business model. For example, portfolio-level visibility, disclosure of reserve asset composition, and aggregated asset-level hedge coverage can all be verified by third-party audits. Systems can also introduce dashboards and proofs to reconcile custodial balances, custodial or locked positions, and outstanding liabilities, providing proof of reserves and permission governance, all without exposing trading details.

A Viable Path Forward

The current wave of packaged yield products is pushing DeFi away from its original “non-custodial, verifiable, transparent” ethos and towards an operational model more akin to traditional institutions.

This shift is not inherently wrong. The maturation of DeFi has created space for structured strategies, which indeed require a certain degree of operational flexibility and centralized operations.

But accepting complexity does not mean accepting opacity.

Our goal is to preserve transparency for users while allowing operators to run complex strategies, finding a workable middle ground for both sides.

To this end, the industry should move in the following directions:

• Proof of Reserves: Don’t just advertise APYs—disclose underlying strategies, conduct regular third-party audits, and implement PoR systems so users can verify asset backing at any time.
• Modern Risk Management: Existing solutions can price and manage risk for structured yield products. Mainstream protocols such as Aave have already adopted risk oracles, optimizing parameters through decentralized frameworks to maintain the health and safety of money markets.
• Reduce Centralization: This is not a new issue. Bridge attacks have forced the industry to confront problems such as upgrade privileges, signer collusion, and opaque emergency permissions. We should learn from this by adopting threshold signatures, key responsibility separation, role separation (propose/approve/execute), instant funding with minimal hot wallet balances, withdrawal whitelists for custodial paths, timelocked upgrades in public queues, and strictly scoped, revocable emergency permissions.
• Limit Systemic Risk: Reuse of collateral is inherent in insurance or re-staking products, but rehypothecation should be limited and clearly disclosed to avoid recursive mint-lend loops among related products.
• Transparency of Alignment Mechanisms: Incentives should be as public as possible. Users need to know where the risk manager’s interests lie, whether there are related party relationships, and how changes are approved, so that black boxes can be transformed into assessable contracts.
• Standardization: Onchain packaged yield assets have become a 20 billions USD industry. The DeFi sector should establish minimum standards for general classification, disclosure requirements, and event tracking mechanisms.

Through these efforts, the onchain packaged yield market can retain the advantages of professional structuring while protecting users with transparency and verifiable data.

Conclusion

The rise of OCCAs and risk managers is an inevitable result of DeFi entering the structured product stage. Since Ethena proved that institutional-grade strategies can be tokenized and distributed, the formation of a professional allocation layer around money markets has become a foregone conclusion. This layer itself is not the problem; the problem lies in the degree of operational freedom it relies on, which should not replace verifiability.

The solution is not complicated: publish proof of reserves corresponding to liabilities, disclose incentives and related parties, limit rehypothecation, reduce single-point control through modern key management and change control, and incorporate risk signals into parameter management.

Ultimately, success depends on the ability to answer three key questions at any time:

• Are my deposits backed by real assets?
• To which protocols, venues, or counterparties are the assets exposed?
• Who controls the assets?

DeFi does not need to choose between complexity and fundamental principles. Both can coexist, and transparency should expand in step with complexity.