ISOLATE RISK

“Now generally about censorship resistance and and, you know, ability to, like, you know, freeze funds on behalf of users, etcetera. I think it it comes down to personal personally, it comes down to if you can do it, then not doing it feels a little bit immoral. Again, every situation has all its context. And it's interesting because as soon as you can't do it anymore, it's not immoral at all because you just can't do it. It's like little bit like the control decentralized Internet versus controlled Internet.”

“The production framing is very weird to me. I think it's much closer to like, I don't I don't see how that would be close to to a potential, especially as we move towards more and more under collateralized loans in the MorpherStack. To me, like, the analogy and how we explain this to traditional finance, etcetera, is that it's much closer to a repo agreement, and and this is the lens through which they understand and think themselves about pricing. And when you think about the the risk of such a repo like structure, you have, obviously, the market structure, which is the more for protocol contract where you have a risk of smart contracts, which, you know, I like to believe as a very, very low, premium.”

“What I'm worried about generally for DeFi is also is, like, all the off chain stack of things. And this is where we've been spending a lot of time, internally of upgrading all of this. So in Morpher, you don't need to rely on the the off chain stack of Morpher to to do stuff. But the reality is, like, we have a front end. So if you go to morpher.org, it's actually a phishing scam. We've seen so many DNS attacks of, like, other other players, so we need to double down and be very careful, about this.”

“And so I picked the phone, and I started to call them. And I was like, hey. You know, explaining what's going on and so that, you know, making sure they understand, the, what what what is happening. They understand, like, having an open global financial system is a prom promise that is way too big to fail. What they're not convinced by is the current way we're doing underwriting. And they're base they're basically their reaction is like, oh, yeah. DeFi, you guys are are jokers. Like, the way you underwrite is not serious at all.”

“So I think if we can fairly say that we've lost three to six months of institutional adoption, for, I'd say, an average. Some people I've seen are not slowing down at all. They get the difference between, like, a morphe and an Ave, for example. And did they understand that things can be isolated and etcetera. But for the most conservative ones, you know, it's probably delaying them even in years.”

“How can you get in front of these agents? And, like, potentially, there's a lot of value to be captured there in terms of owning that distribution channel. And so they're not really like money Lagos anymore. It's just more like a back end as opposed to, like, composable primitives that developers use in their own smart contracts. So I think the Lego sort of conversation is changing more to, like, a direct to smart contract back end kind of conversation. Like, do you need to compose anymore? Yeah. Maybe maybe you do.”

“The risk was not that Aave had a, you know, a bad multisig or Oracle configuration or anything like that, but, another type of risk, which is the type of collateral that's been onboarded into one mixed pool, it caused these knock on effects. And you're you're essentially looking at a bunch of people right now. This is sort of without precedent. You know, I I I don't think in any of these, maybe, analogs that you could point to and TradFi, you've seen something like this, which is one, everything is a 100% transparent, and you have some folks who are locked a little bit or unable to, you know, unable to to move stuff on the wrapped east side of things.”

“I think someone resurfaced a tweet from Carl Samani this week about him saying that, you know, security doesn't matter. Like, all all that matters is speed. I think for a while, the last few years, the industry has optimized for scalability and speed and whereas in the early days of blockchain, we really optimized for security. And I think that pendulum is swinging back. Now we know that we can have fast chains. I think we now need to work out how we have secure chains, including smart contracts, and that, of course, is under the same umbrella as DeFi.”

“Morpho does not manage assets or does not choose which collateral assets are being underwritten. Morpho provides a modular stack of isolated lending markets that anyone can deploy and build their own lending products in the form of vaults for people to earn yield on. So what that means is that in Morfo, you can have the safest as well as the riskiest products. But it's they they are isolated to the extent that, you know, the vault's curator is is configuring them to to to be like that. And and in that case, you know, it turns out that some curators had underwritten kelp in vaults that were, you know, meant to be more, riskier. And in total, I think the ETH exposure on is like a a $1,000,000 as as you pointed out.”

“When you have, like, a a pool model or a hub model that is underwriting, like, 50 different assets. Even though the caps are small. We're talking, like, in the case of Aave. Aave used to be a very big, like, you know, 2 or $30,000,000,000, like, protocol. And the cap for Kelp was, like, I don't know, but maybe 200,000,000 top of mind. So, you know, one looking at this would be, oh, actually, that sounds like a very minimal exposure compared to the size of, of AVI. But the but the reality is that even the smaller exposure or relative exposure can trigger panic, which turns into a very big relative exposure, as as as we've seen. And I think this is really fundamentally, like, duplicating the number of asset underwriting into a single pool model that aggregates the liquidity for everybody. Like, you multiply the black swan risk by you know, even though at the high level, those assets individually look safe.”

“WAP is, like, emerging competitor to Stripe. 2,000,000 businesses and, like, 20,000,000 creators hold assets on WAP. They had a partnership with Aave and Plasma and Tether, right, to just if you're holding money on their platform, hey, you wanna earn some yield? They're gonna deposit that into AVE on plasma in the background. And so so it's defi mullet cases, which I think could have gotten big, big chunks of depositors just because, you know, it's all abstracted away. Now that's gonna be kinda hard. Right? Because those risks and, you know, if I was just talking about an ETH depositor that didn't know about kelp kelp DAO.”

“North Korea is actually playing a really big part of this story. So Lazarus Group obtained about $2,000,000,000, in hack proceeds last year from DeFi and crypto. That is a non trivial amount, and the exploits here are getting far, far more sophisticated. So a part of this story is we could be doing better in terms of multisigs. Like, at least on the Kelp DAO side of things, there was a layer zero DBN, which was operated by them, and it was one of one, which was a central point of failure.”

“I would just say that if you look at the composition of deposits and lending activity on these borrow lend protocols, people are interested in RWAs much more so than crypto native assets. I think it's pretty clear that the driver of the let the next cycle or at least a big part of the story is gonna be different types of actual real world assets and people using it, like, RWA looping, this broader, trend. Shout out three f, small but proud bag holder there. But, yeah, I think that that's gonna be a big part of the story.”

“But I think it's it's important to understand it's not comparable to the exposure of Aave because we're not asset manager. Aave you one should think of the Aave DAO as like a a vault curator. It's like like oh, also some people, like, compare more for Aave and try to, you know, put one against the other. But the reality is that we're not really competing with Aave. We're just infrastructure for asset managers like Aave, but also others. So our builders are the one competing, with Aave in some way.”

“I think on the flip side, we have one tool that I think is extremely powerful to reestablish balance between the two, which is formal verification. AI can break a lot of things. But it's still, until today, can't break math. And so if you build a protocol like we did, which is extremely simple with, specifications that are formally verified, but it doesn't matter if you're Mitos, like, v five or or if you're, like, a junior security researcher, you won't break this bank. Because it's math.”

“Nothing we can really do about that apart from, you know, clean up our act as it relates to some of these things we've just kind of brushed under the rug, like, having one of one multisigs for, you know, securing nine figures. I think, like, 97% of layer zero DBN setups were one of one or two of two. So, like, that's a problem. That should be addressed. Yeah. Can I can I just add one small thing? You know, back in the day at Chorus one, we looked at a lot of these interop networks, and we used to optimize as both investors and users sort of the most secure bridge.”

“Aave as evidenced by the launch of v four, is what is the model of lending here? And you have, like, the Cominos and the Morphos of the world who maybe started with a more, isolated markets or, modular approach to lending as opposed to, the more, you know, structured product of of a core. And there are trade offs to both. Right? But I think that's also something that people are thinking about here too. Yeah. Definitely. And, Mike, I know you spent a bit of time in this space, but I also think it's worth pointing out, you know, Aave, you mentioned the asset itself is was the thing that created risk.”