Stablecoins are not stable: The Stream collapse exposes the structural scam in DeFi.

Author: YQ Source: X, @yq_acc Translation: Shan Ouba, Jinse Finance

In the first two weeks of November 2025, decentralized finance (DeFi) exposed fundamental flaws that academia had been warning about for years. Following the collapse of Stream Finance's xUSD, Elixir's deUSD and numerous other synthetic stablecoins suffered successive losses. This was by no means an isolated incident caused by simple mismanagement. These events revealed structural problems in the DeFi ecosystem regarding risk management, transparency, and the construction of trust mechanisms.

What I observed in the Stream Finance collapse was not a traditional, complex smart contract vulnerability exploitation or oracle manipulation attack, but a more worrying situation: the lack of basic financial transparency packaged in decentralized rhetoric.

What I observed in the Stream Finance collapse was not a complex smart contract vulnerability exploitation or oracle manipulation attack in the traditional sense, but a more worrying situation: the lack of basic financial transparency packaged in decentralized rhetoric.

When an external fund manager loses $93 million without effective oversight, triggering a $285 million cross-protocol contagion; when the entire "stablecoin" ecosystem, while maintaining its pegged exchange rate, sees its total locked value evaporate by 40%-50% within a week, we must acknowledge a core fact about the current state of decentralized finance—the industry is making no progress. More precisely, the current incentive mechanism rewards those who ignore lessons and punishes those who act conservatively, yet forces the entire industry to share the losses when an inevitable collapse occurs. An old adage in finance is painfully proven here: if you don't know where the returns come from, you are the source of the returns. When some protocols promise 18% returns through undisclosed strategies, while mature lending markets only offer 3%-5% yields, the real source of this high return is actually the depositor's principal. Stream Finance's Operating Mechanism and Risk Contagion Stream Finance positions itself as a yield optimization protocol, offering USDC depositors an 18% annualized return through its interest-bearing stablecoin xUSD. Its claimed strategies include "delta-neutral trading" and "hedging market making," terms that sound complex and sophisticated, but reveal nothing about the actual operation. In comparison, mature protocols like Aave offer an annualized return of 4.8% on USDC deposits during the same period, and Compound only slightly above 3%. Faced with returns three times the market average, basic financial common sense should have raised suspicions, yet users still deposited hundreds of millions of dollars. Before the collapse, one xUSD traded at 1.23 USDC, reflecting the supposed compound interest returns. xUSD claimed a peak of $382 million in assets under management, but DeFiLlama data shows its peak TVL was only $200 million, meaning that over 60% of the claimed assets were in unverifiable off-chain positions. The actual mechanisms revealed by Yearn Finance developer Schlagonia after the collapse show that this was a systemic fraud disguised as financial engineering. Stream creates uncollateralized synthetic assets through recursive lending, with the following process: After a user deposits USDC, Stream converts it to USDT via CowSwap; then, these USDT are used to mint deUSD from Elixir (Elixir was chosen for its high-yield incentives); the deUSD is then transferred across chains to networks like Avalanche and deposited into lending markets to borrow USDC, completing one cycle. Up to this point, while the strategy presents concerning complexity and cross-chain dependence, it still resembles standard collateralized lending. However, Stream didn't stop there—it didn't just use the borrowed USDC for additional collateral cycles, but instead reminted xUSD through its StreamVault contract, resulting in an xUSD supply far exceeding the actual collateral support. With only $1.9 million in verifiable USDC collateral, Stream minted $14.5 million in xUSD, making the synthetic asset size 7.6 times the underlying reserves. This is equivalent to a fractional-reserve banking system with no reserves, no regulatory oversight, and no lender of last resort. The circular dependency with Elixir further exacerbated the structural instability. During the cycle that inflated the xUSD supply, Stream deposited $10 million USDT into Elixir, expanding the deUSD supply. Elixir then converted these USDT into USDC and deposited them into Morpho's lending market. As of early November, Morpho had over $70 million USDC in supply and over $65 million in borrowings, with Elixir and Stream being the two dominant players. Stream holds approximately 90% of the total deUSD supply (about $75 million), while Elixir's reserves consist primarily of Morpho loans to Stream. These stablecoins, mutually backed by each other, were destined to collapse together. This "financial inbreeding" created systemic vulnerability. Industry analyst CBB publicly pointed out these problems on October 28th: ​​"xUSD had approximately $170 million in on-chain backing, yet borrowed approximately $530 million from lending protocols, a leverage ratio of 4.1x, with most of it invested in illiquid positions. This isn't yield farming; it's reckless gambling." Schlagonia warned the Stream team 172 days before the collapse, stating that a five-minute analysis of their positions would reveal the inevitable crash. These warnings were public, specific, and accurate, yet they were ignored by yield-seeking users, platform administrators focused on fee revenue, and the protocols supporting the entire structure. On November 4th, after Stream announced that external fund managers had lost approximately $93 million in fund assets, the platform immediately suspended all withdrawals. Due to the lack of a redemption mechanism, panic spread rapidly, with holders scrambling to sell xUSD on the illiquid secondary market, causing its price to plummet 77% to approximately $0.23 within hours. This stablecoin, which promised stability and high yields, lost three-quarters of its value in a single trading session.

Specific Impacts of Risk Contagion

According to data from DeFi research firm Yields and More (YAM), the entire ecosystem has a total direct debt exposure of $285 million related to Stream, including: TelosC with $123.64 million in loans secured by Stream assets (the largest single platform exposure); Elixir Network lending $68 million through the private Morpho vault (representing 65% of deUSD reserves); MEV Capital facing $25.42 million in exposure, of which approximately $650,000 is bad debt due to oracles freezing the xUSD price at $1.26 (while the actual market price fell to $0.23); Varlamore with $19.17 million in exposure; Re7 Labs with $14.65 million and $12.75 million in exposure in two vaults respectively; Enclabs, Mithras, and TiD Euler also has smaller exposures to Invariant Group. Euler faces approximately $137 million in bad debt, with over $160 million frozen across multiple agreements. Researchers point out that this list is incomplete, warning that "more stablecoins/vaults may be affected" because the full picture of interconnected exposures remains unclear weeks after the initial crash. Elixir's deUSD, with 65% of its reserves concentrated in loans issued to Stream through the private Morpho vault, plummeted 98% from $1 to $0.015 in 48 hours, becoming the fastest-falling mainstream stablecoin since Terra UST in 2022. Elixir provided redemption services for approximately 80% of deUSD holders not affiliated with Stream, allowing them to exchange $1 for USDC, protecting the majority of its community users. However, the significant cost of this protection was shared by Euler, Morpho, and Compound. Elixir subsequently announced the complete termination of all stablecoin products, acknowledging that trust had been irreparably damaged. The broader market reaction revealed a systemic loss of confidence: according to Stablewatch data, while most interest-bearing stablecoins maintained their peg to the US dollar, Stream's TVL dropped by 40%-50% in the week following the collapse, equivalent to $1 billion flowing out of protocols that had not yet collapsed and had no technical issues. Users were unable to distinguish between quality projects and fraudulent ones, thus choosing to withdraw across the board. By early November, the total TVL of DeFi had dropped by $20 billion, with the market pricing in widespread risk contagion rather than reacting to the collapse of specific protocols. October 2025: A $60 Million Chain Liquidation Less than a month before the Stream Finance collapse, on-chain forensic analysis revealed that the cryptocurrency market was not experiencing a typical crash, but rather an institutional-level precision attack exploiting known vulnerabilities. On October 10-11, 2025, a carefully timed $60 million market sell-off triggered an oracle malfunction, leading to a massive chain of liquidations across the DeFi ecosystem. This was not a problem of excessive leverage in legitimately damaged positions, but rather a design flaw in an institutional-level oracle, replaying an attack pattern that had been documented and publicly reported since February 2020. The attack began at 5:43 AM UTC on October 10th, when a concentrated sell-off of $60 million in USDe occurred in the spot market of an exchange. In a well-designed oracle system, the impact of this action should have been negligible—multiple independent price sources combined with a time-weighted mechanism could effectively prevent manipulation. However, in reality, the oracle system, based on the spot price of the manipulated trading platform, real-time downgraded the valuation of the collateralized assets (wBETH, BNSOL, and USDe), immediately triggering a massive liquidation. Millions of simultaneous liquidation requests overwhelmed the system's processing capacity, causing infrastructure paralysis. Market makers, hampered by API outages and withdrawal queues, were unable to place orders in time, leading to a sudden liquidity crunch and a self-reinforcing chain reaction of liquidations. The oracle faithfully reported the manipulated price on a single platform, while prices remained stable across all other markets. The main exchange showed USDe at $0.6567 and wBETH at $430, while prices on other platforms deviated from normal levels by less than 30 basis points, with minimal impact on on-chain liquidity pools. As Ethena founder Guy Young pointed out, "Over $9 billion of on-demand stablecoin collateral was immediately redeemable throughout the event," proving that the underlying assets were not damaged. However, the oracle still reported the manipulated price, and the system executed liquidations based on these prices, forcibly closing positions due to valuations that did not exist in any other market. This is strikingly similar to the Compound incident in November 2020—when DAI surged to $1.30 on Coinbase Pro within an hour, while the price remained at $1.00 on all other platforms, resulting in $89 million in liquidations. The trading platforms have changed, but the vulnerability persists. This attack method is identical to the bZx incident in February 2020 (which stole $980,000 through Uniswap oracle manipulation), the Harvest Finance incident in October 2020 (which stole $24 million through Curve manipulation and triggered a $570 million run), and the Mango Markets incident in October 2022 (which extracted $117 million through multi-platform manipulation). From 2020 to 2022, 41 oracle manipulation attacks stole a total of $403.2 million. The industry's response has been slow and fragmented, with most platforms continuing to use oracles that rely too heavily on spot trading and lack sufficient redundancy. The amplification effect demonstrates that these lessons become increasingly important as the market grows: in the 2022 Mango Markets incident, a $5 million manipulation resulted in a $117 million loss, a 23-fold amplification; in October 2025, a $60 million manipulation triggered a chain reaction with an even larger amplification effect. The attack patterns haven't become more sophisticated; rather, the underlying systems have scaled up while retaining the same fundamental vulnerabilities.

Historical Patterns: Crashes from 2020-2025

The collapse of Stream Finance is neither new nor unprecedented. The DeFi ecosystem has experienced stablecoin collapses multiple times, each exposing similar structural vulnerabilities, yet the industry continues to repeat the same mistakes, and on an ever-growing scale.

Oracle failures and infrastructure collapse

The oracle problem immediately became apparent at the beginning of the Stream crash. When the actual market price of xUSD fell to $0.23, many lending protocols hardcoded their oracle prices to $1.00 or higher to prevent cascading liquidations. This decision, intended to maintain stability, resulted in a fundamental disconnect between market reality and protocol behavior. This hardcoding was a deliberate policy choice, not a technical glitch. Many protocols manually update their oracles to avoid liquidations triggered by temporary volatility, but this approach leads to catastrophic failures when price declines reflect actual insolvency rather than temporary market stress. The protocol faces a dilemma: using real-time prices risks manipulation and cascading liquidations during periods of volatility (the October 2025 event already caused massive losses); using delayed prices or time-weighted average prices (TWAP) fails to reflect true insolvency, leading to accumulated bad debts (in the Stream Finance incident, the oracle showed a price of $1.26 while the actual price was $0.23, resulting in $650,000 in bad debts for MEV Capital alone); and using manual updates introduces centralized, discretionary intervention and could potentially mask insolvency by freezing oracles. All three methods have already resulted in losses of hundreds of millions or even billions of dollars.

Infrastructure Capacity Under Stress

In October 2020, Harvest Finance suffered an infrastructure collapse—following a $24 million attack, users fled, and TVL dropped from $1 billion to $599 million. The lessons learned were clear: oracle systems must consider infrastructure capacity under stress events; liquidation mechanisms must have rate limits and circuit breakers; exchanges must maintain 10 times the redundancy capacity of normal load. However, the events of October 2025 proved that institutions had not learned this lesson. When millions of accounts faced simultaneous liquidation, billions of dollars in positions were liquidated within an hour, and the order book was empty because all buy orders were consumed and the system was overloaded and unable to generate new buy orders, the extent of infrastructure collapse was comparable to that of oracles. Technical solutions have long existed, but have been delayed—because these solutions would reduce efficiency under normal conditions and require investment of funds that could have been converted into profits.

If you can't clearly identify the source of your earnings, you're not earning them; you're paying the price for someone else's gains. This isn't complicated, yet hundreds of millions of dollars are still deposited into black-box strategies—because people prefer reassuring lies to unsettling truths. The next Stream Finance is operating right now. Stablecoins are not stable. Decentralized finance is neither decentralized nor secure. Earnings from unknown sources are not profits, but theft with a countdown. These aren't subjective opinions, but empirical facts proven at a huge cost.