Existing yield-bearing stablecoins share common limitations: difficulty in verifying the yield generation process, direct transfer of losses to depositors when operators fail, and absence of automated remediation mechanisms when defaults occur. Cap was designed to address these issues through a triangular structure of depositors, operators, and delegators, where each participant's incentives serve as checks on the others.
Cap utilizes restaking protocols for credit underwriting purposes. When delegators pre-deposit collateral and assign it to specific operators, this collateral is automatically slashed and redistributed to cUSD holders in case of operator default. This programmatic protection mechanism ensures that users are always safeguarded through smart contract execution, without requiring governance votes or legal proceedings.
Cap records key information on-chain, including reserve composition, operator borrowing status, and collateral ratios, allowing anyone to verify in real-time. Yield distribution also occurs transparently through Dutch auction-style fee auctions. When operators fail, delegator collateral absorbs losses first, and risks are isolated by operator so that one operator's failure does not affect delegators of other operators.
Cap currently has major traditional financial institutions such as Susquehanna and Flow Traders registered as operators. If these institutions begin using Cap as a core funding channel rather than a mere experiment, Cap could reach a significant turning point as a mechanism that complements the problems of traditional finance. Of course, this will require stress testing of various mechanisms designed to address the risks inherent in Cap’s current structure, as well as sufficient liquidity inflows.
1.1.1 Failure Cases in Web2
Source: New York Times
In March 2021, the collapse of UK supply chain finance company Greensill Capital led to the freezing of a $10 billion fund managed by Credit Suisse. Greensill operated a business model that purchased corporate receivables, securitized them, and sold them as funds. The problem was that they securitized and sold not only actual receivables but also "receivables expected to occur in the future." Credit Suisse delegated asset selection and due diligence for the fund to Greensill itself, and senior management ignored internal risk warnings. The Swiss Financial Market Supervisory Authority (FINMA) later concluded that Credit Suisse had "seriously violated its supervisory obligations to properly identify, limit, and monitor risks for years.”
Source: Bloomberg
Similar structural failures occurred in Korea. In October 2019, Lime Asset Management, then Korea's largest hedge fund operator, suspended redemptions on 1.6 trillion won worth of funds. After the situation concluded, total damages exceeded 5 trillion won, with 13,000 victims. What was even more shocking was that many victims were individual investors who had signed up at commercial bank branches expecting "stable returns of 5-7% annually."
The core of the Lime scandal lay in the opacity of its complex structure. Lime Asset Management invested in illiquid mezzanine securities and private bonds while selling products to investors as open-ended funds that could be redeemed at any time. They also leveraged several times the principal through Total Return Swap (TRS) agreements with securities firms. The classic maturity mismatch problem existed, where the maturity of underlying assets did not match the fund's redemption structure, but this risk was not properly disclosed to investors.
The role of financial institutions was problematic. Securities firms were involved from the fund design stage by providing Prime Brokerage Services (PBS), earning fee income while extending billions of won in credit through TRS. Commercial banks aggressively sold these funds at their branches. According to the investigation by the Financial Supervisory Service, Korea's top financial regulator, some distributors continued selling even after becoming aware of the fund's potential insolvency.
Source: Fortune
More recently, the private credit market has faced its own high-profile failures.
In October 2025, the collapse of Tricolor Holdings, a subprime auto lender, revealed allegations of fraud where the company allegedly pledged the same collateral to multiple banks. Shortly after, First Brands, an auto parts supplier, collapsed into bankruptcy owing $10 billion, with federal investigations into $2.3 billion in missing funds. Major institutions tallied significant losses; JPMorgan disclosed $170 million in losses from Tricolor, and UBS disclosed over $500 million in First Brands.
JPMorgan Chase CEO Jamie Dimon warned that problems in private credit could be just the beginning, drawing parallels to the 2008 subprime mortgage crisis and cautioning that mounting losses in the rapidly growing private credit market could amplify systemic stress.
The common threads between these cases are as follows:
First, the actual risks of underlying assets were not conveyed to investors. Lime concealed losses from distressed mezzanine securities, while Greensill used future receivables that did not even exist as collateral.
Second, complex structures obscured accountability. With multiple players involved, including operators, distributors, credit providers, and insurers, each denied their own responsibility.
Third, ultimate damages were concentrated on retail investors with the least access to information.
Even under regulated markets, opaque structures create problems. Products where yield sources cannot be verified, where risk concentrations cannot be identified, and where responsibility is unclear when problems arise inevitably transfer losses to the most vulnerable participants.
1.1.2 DeFi Failure Cases
Did DeFi, which claims to be "decentralized" and "transparent," solve this problem?
Early DeFi appeared to offer a fundamental solution to the opacity problem. Lending protocols like Aave operated on relatively clear rules of overcollateralization and automated liquidation. Borrowers could not borrow beyond a certain percentage of their collateral value, and smart contracts automatically executed liquidations when collateral values fell. Since there was no need to evaluate or trust anyone's credit, this was called "Trustless Lending."
However, overcollateralized structures had inherent limitations. To borrow $100, you needed to deposit more than $150 in collateral, resulting in low capital efficiency. To overcome this limitation, uncollateralized or undercollateralized credit products emerged, and DeFi began relying again on borrower reputation and external credit assessments. This ultimately reproduced the problems experienced in traditional finance. Goldfinch experienced three defaults, and TrueFi suffered $1 million in losses from repayment failures by Blockwater and Invictus Capital.
The case of Maple Finance most clearly demonstrates this structural flaw. Maple approved a $36 million loan to Orthogonal Trading after credit rating agency M11 Credit's review. However, Orthogonal did not properly disclose its FTX exposure to M11, and when FTX collapsed, it went bankrupt as well. It was merely built on smart contracts; the fundamental problem of information asymmetry was no different from traditional finance.
Ultimately, whether traditional finance or DeFi, the common causes of failure were identical. Opacity that prevents verification of yield sources, and trust-based structures that depend on intermediaries' or borrowers' honesty are at the core of the problem. Additionally, DeFi carries technical risks such as smart contract vulnerabilities and external protocol hacks. Completely eliminating all these risks is realistically impossible.
So the question must be reframed. If a completely flawless financial product cannot exist, what constitutes the best possible financial product?
To answer this question, Cap (Covered Agent Protocol) classified current yield-bearing stablecoins into two types and analyzed their limitations.
One is the Authoritarian model, which includes Ethena, Ondo, and Usual. A single team directly generates yield with depositors' capital, functioning essentially like a hedge fund. While it has advantages of low development costs and optimization for specific strategies, most are established as bankruptcy-remote entities, leaving users with no means to recover funds in case of strategy losses or custodian collapse. Also, since no strategy can outperform market returns forever, yield decline is inevitable when market conditions change.
It is worth noting that many of today's "stablecoins" essentially follow this model, or "tokenized hedge funds" where the reserve assets are lent out to risky strategies. Stream Finance and Elixir serve as direct examples of this model's risks. In November 2025, Stream Finance, a tokenized yield fund that offered users above-market return, disclosed that an external fund manager had lost approximately $93 million in fund assets. The collapse triggered a chain reaction that led to the implosion of Elixir's deUSD stablecoin, which had lent roughly $68 million to Stream. deUSD lost over 98% of its value, marking one of the most aggressive stablecoin collapses since Terra/Luna. These events erased nearly $380 million in value across interconnected protocols and demonstrated how the "tokenized hedge fund" model, lacking transparency and proper risk controls, can cascade through the ecosystem with devastating speed.
The other is the Committee-based model, with Maple and Sky (formerly MakerDAO) as representatives. A DAO or committee allocates user deposits across various strategies. This offers more flexibility than the authoritarian model as strategy pivoting is possible. However, the problem remains that if third-party teams lose funds, there is no guaranteed remedy for end users. There is also the risk of decision-makers within the DAO colluding to select strategies favorable to themselves.
The Committee-based model is essentially today's consortium-based private credit model, where the lenders, such as pension funds, take the first loss. This structure places depositors in a subordinate position relative to the decision-makers, with limited recourse when strategies underperform or fail.
While these two models appear different on the surface, they share the same structural limitations:
Lack of verifiability in yield generation: "Who is earning how much with what strategy" is not disclosed in real-time, and asset valuation depends on operators' own models.
Lack of risk distribution mechanisms: Traditional private credit funds are designed with tiered structures (senior, mezzanine, junior) where lower tiers absorb losses first, but current yield-bearing stablecoins directly transfer one operator's failure to all depositors.
Absence of automated mediation mechanisms: In traditional finance, defaults require months to years of legal proceedings, and existing DeFi models require subjective judgment through governance voting.
Cap was designed to address these limitations. It enables real-time verification of yield structures through smart contracts, tiers risk through restaking-based collateral structures, and implements automatic compensation through slashing mechanisms when defaults occur.
Notably, the model that Cap proposes improves the overcollateralized lending model. By separating the collateral provider (delegator) from the borrower (operator) by leveraging restaking infrastructure, Cap enables ample alternative assets such as BTC and ETH with lower cost of capital to underwrite dollar strategies of the borrower for a profitable spread. This separation allows for greater capital efficiency while maintaining robust protection for depositors.
The following section examines how Cap specifically implements these three principles.
The core of Cap lies in the clear separation of roles among three participants. Stablecoin holders (depositors), operators, and delegators form a triangular structure where each moves according to their own incentives while serving as checks on each other.
Cap's triangular structure can be understood as an on-chain reimplementation of the traditional finance relationship between "principal holders - asset managers - guarantors." It is similar to the structure where banks raise funds from depositors, supply funds to companies after loan reviews, and credit guarantee institutions underwrite default risk. However, in Cap, this entire process is automated by smart contracts, and information asymmetry between participants is minimized through on-chain transparency.
The key difference lies in the method of credit underwriting. In traditional finance, credit guarantee institutions provide guarantees ex-post based on review criteria, but in Cap, delegators pre-deposit collateral and assign it to specific operators. This collateral is automatically slashed and redistributed to depositors when operators default, essentially taking the form of a collateralized Credit Default Swap (CDS).
The following sections examine each participant's role and incentives in order.
2.1.1 Depositor Options: cUSD and stcUSD
Depositors can participate in Cap's ecosystem through two assets.
The first is cUSD. cUSD is a pure dollar-pegged stablecoin that does not pay interest, which can be used as a payment or store of value tool. cUSD holders can exchange it 1:1 with underlying assets included in the reserves at any time and are not exposed to complex yield structures.
The second is Cap's yield-bearing token, stcUSD. stcUSD is an ERC-4626 vault token where interest generated from operators' yield-generating activities is automatically compounded, and users can stake cUSD to mint stcUSD. stcUSD holders can earn a "safe" yield in the sense that the reserves consist of 2x overcollateralized loans. While the positive spread comes from borrower activity, liquidity risk, and potential market downturn for collateral assets, stcUSD holders' principal is protected by Cap's collateral structure described below.
This design separating payment tokens from yield tokens also reflects regulatory considerations. The US GENIUS Act prohibits the issuance of payment tokens that pay interest, so combining both functions in one token could create regulatory risk.
2.1.2 Cap Stablecoin Network (CSN)
Assets deposited by depositors are managed in the Cap Stablecoin Network (CSN). The CSN is the infrastructure that constitutes cUSD's collateral and generates base yields from idle assets.
Cap designed three differentiating features through the CSN.
First is redemption flexibility. Assets included in the CSN are all designed to be interchangeable. Even if a user deposited USDC to mint cUSD, they can redeem it in PYUSD or other assets included in the CSN upon redemption.
Second is issuer risk diversification. The CSN restricts any single stablecoin from exceeding 40% of total collateral. This ensures that even if there is a problem with a specific stablecoin issuer, cUSD as a whole is not destabilized.
Third is securing base yield. The CSN includes not only payment stablecoins like USDC but also tokenized money market funds like BUIDL and BENJI. US Treasury yields generated from these funds are delivered to stcUSD holders as base interest, and through this, Cap designed stcUSD holders to receive minimum returns regardless of operator activity.
2.2.1 Operator Roles and Participation Requirements
Operators are core participants who borrow capital from Cap's reserves to generate yields. They can pursue returns through various methods including market making, arbitrage, high-frequency trading (HFT), and private credit strategies, regardless of whether on-chain or off-chain.
To become a Cap operator, two conditions must be met. First, they must pass Cap's whitelist review. Second, they must secure collateral delegation from delegators (restakers). Once these two conditions are met, operators can access Cap's reserves through smart contracts.
Operator activities proceed in a cycle of: securing collateral delegation → borrowing capital → executing yield strategies → repaying interest and principal. The following sections examine this cycle in more detail.
2.2.2 Operators Securing Collateral Delegation
For operators to borrow capital from Cap, they must first secure collateral from delegators. Delegators assign assets such as ETH deposited in shared security networks (EigenLayer, Symbiotic, etc.) to specific operators, and this collateral determines the operator's borrowing limit. For example, if a delegator has delegated $1 million worth of ETH to a specific operator, that operator can borrow capital from Cap's reserves within that range.
In exchange for collateral delegation, operators agree to pay delegators a fixed fee (restaker rate). This fee rate is determined through bilateral negotiation between operators and delegators and varies according to the operator's strategy risk and track record.
2.2.3 Operator Capital Borrowing
Once collateral is secured, operators borrow capital from Cap's reserves through smart contracts. The total interest rate that operators must pay is composed as follows:
Total Interest Rate
= Minimum Rate + Utilization Rate + Restaker Rate
= Hurdle Rate + Restaker Rate
The sum of the minimum rate and utilization rate constitutes the "Hurdle Rate" paid to stcUSD holders. The hurdle rate is the minimum return that operators must pay to stcUSD holders, a floor guaranteed regardless of operator strategy performance. The restaker rate is the fixed fee agreed upon at the capital borrowing stage, paid separately to delegators who provided collateral.
The role of each component is as follows:
Minimum Rate
The minimum rate is determined as the higher of the benchmark rate and market rate. The benchmark rate is a fixed floor set by the protocol, and the market rate is the current yield of external lending protocols such as Aave, referenced through an oracle. The rationale for this design lies in Cap's fractional reserve structure. Since Cap generates base yields by depositing idle assets in external protocols, if operators' borrowing rates were lower than this base yield, idle deposits would be more advantageous than lending from Cap's perspective. The minimum rate prevents this inversion.
Utilization Rate
This adjusts dynamically according to reserve utilization and operates through a combination of short-term and long-term adjustment mechanisms.
The short-term adjustment mechanism is implemented as a piecewise linear function. When utilization is below target, rates rise with a gentle slope, switching to a steep slope when exceeding the target. This is similar to the structure in traditional finance variable-rate loans where spread rates surge above base rates, economically deterring excessive borrowing and securing liquidity buffers for depositor withdrawals.
Long-term adjustment occurs through a Rate Multiplier. If current utilization persistently stays below target, this is interpreted as a market signal that current rates are too high to incentivize borrowing. In this case, the multiplier gradually decreases to adjust the entire rate curve downward. Conversely, if utilization consistently exceeds target, the multiplier rises to adjust the rate curve upward. This mechanism automates a function similar to central bank base rate adjustments.
Restaker Rate
This is the fixed rate that operators pay to delegators who delegated collateral to them. This rate is determined through bilateral negotiation between operators and delegators and has a unique value for each operator-delegator pair. From the delegator's perspective, this is a premium for underwriting credit risk; from the operator's perspective, it is the cost of securing collateral.
Combining all rates, the operator's interest rate varies with utilization as shown in the figure above.
2.2.4 Executing Yield Strategies
Once operators secure borrowed capital, they execute various yield strategies according to their expertise. On-chain, they can perform DEX liquidity provision, arbitrage, MEV extraction, etc. Off-chain, they can execute CEX market making, institutional trading, private credit strategies, etc.
Cap does not directly control or verify what strategies operators execute. Instead, operator performance is judged by repayment compliance in the next stage. If they can pay the promised interest and repay principal, the strategy is successful; if not, collateral is slashed and redistributed to stcUSD holders.
2.2.5 Interest Payment and Repayment
Operators pay the hurdle rate (stcUSD holders' share) and restaker rate (delegators' share) from yields generated during the borrowing period, and repay principal at maturity. Returns exceeding the hurdle rate and delegator premium become the operator's profit.
Consider a simple example. If an operator generated 15% annual returns with borrowed capital, and the current hurdle rate is 8% with a delegator premium of 2%, then stcUSD holders receive the 8% hurdle rate, delegators receive the 2% fixed premium, and operators keep the 5% excess return.
In this structure, operators can only keep returns exceeding the hurdle rate and delegator premium as profit, so operators with strategies capable of generating high returns have greater incentive to participate in Cap.
If operators fail to repay interest or if collateral ratios reach dangerous levels, delegator collateral is slashed and automatically redistributed to stcUSD holders. This liquidation mechanism is covered in detail in Section 3.3.
Delegators serve to back operators' borrowing with collateral. They deposit assets such as ETH in Shared Security Networks (SSN) and delegate them to specific operators, receiving fixed fees from operators in return.
2.3.1 What is a Shared Security Network (SSN)?
To understand Cap's delegator structure, one must first understand the concept of shared security networks.
Restaking is a method of reusing already staked assets to provide additional validation services and earn rewards. In Ethereum's case, validators are already staking ETH to secure the network. Restaking allows these assets to be "reused" to provide security for other protocols as well, which is why restaking protocols are also called "shared security networks."
Cap primarily utilizes the shared security networks of EigenLayer and Symbiotic in its protocol.
EigenLayer is the largest restaking protocol in the Ethereum ecosystem, supporting the construction of verifiable applications called AVS (Actively Validated Services) based on validator networks and staked ETH. Symbiotic emerged as a competitor to EigenLayer, supporting more flexible collateral assets than EigenLayer. They allow various ERC-20 tokens to be used as collateral in addition to stETH, providing extensive customization options for vault management and operator selection.
Cap introduced a novel approach utilizing these shared security networks for credit underwriting purposes. While restaking protocols have typically been used to protect infrastructure services such as oracles, data availability layers, and cross-chain bridges, Cap applied them to financial services, designing delegator collateral to underwrite operators' credit risk.
2.3.2 The Relationship Between Delegators and Operators
Delegators serve as "market-based credit assessors" within Cap's system. Instead of evaluating operator creditworthiness through a centralized committee or DAO, Cap has delegators stake their own capital and select operators. Delegators review each operator's strategies and track record, negotiating and determining fee rates commensurate with assessed risks. A critical design feature is the strict 1:1 relationship for delegations; a single collateral delegation can only be used for a single operator, and cannot be cross-utilized with other operators.
To this end, delegators and operators can enter into a Guarantor Agreement, an off-chain legal agreement that can specify loan duration, agreed delegator fee rates, and remediation conditions in case of operator default. Such legal contracts can be viewed as a type of Credit Default Swap (CDS) where delegators guarantee operator defaults and receive fees.
If operators fail to repay loans or collateral value falls below safety thresholds, delegated assets are slashed and automatically redistributed to stcUSD holders on-chain.
To summarize fund flows in this triangular structure: When users deposit dollar assets, corresponding cUSD is minted, and deposited assets are held in Cap's reserves. When delegators delegate collateral to operators, operators can borrow capital from reserves within that collateral range. Operators execute yield strategies with borrowed capital, and generated yields are distributed to stcUSD holders (hurdle rate), delegators (fixed fees), and the operators themselves (excess returns).
This role separation matters because each participant's incentives naturally check each other. Operators want to maximize returns, but borrowing itself is impossible without delegator collateral. Delegators want fee income, but must carefully select delegation targets since their assets are slashed if operators fail. Depositors want returns, but can feel secure knowing delegator collateral protects them even if operators fail. This balance forms the foundation of the Cap protocol.
As noted in the introduction, one of the biggest problems with existing yield-bearing stablecoins was the difficulty of verifying where and how yields are generated. In structures where asset valuation depends on operators' own models and actual positions are not disclosed, investors essentially had to rely on faith. Cap executes the protocol's entire core logic on-chain to solve this problem.
All Cap reserves are managed by smart contracts. The entire process, from cUSD minting and redemption, reserve composition, operator borrowing and repayment, to interest accrual and distribution, is recorded on the Ethereum blockchain. Anyone can verify in real-time on-chain how much USDC is currently in reserves, which operators have borrowed how much, and what each operator's Health Factor is.
Reserves are divided into capital lent to operators and idle capital not lent out, with idle capital generating additional yields through a fractional reserve system. This capital is deposited in verified DeFi lending protocols like Aave through Gelato's infrastructure, or earns yields through yield distribution from the underlying assets themselves (e.g., money market fund interest). Importantly, these strategies are all limited to whitelisted verifiable sources, and each strategy's yield rates and asset allocation status are transparently disclosed on-chain.
All operator on-chain activities are traceable. The Lender contract records how much each operator has borrowed, current loan-to-value (LTV) ratios, and how much interest has accrued. However, when operators execute off-chain strategies, specifically what strategies are executed with borrowed capital may not be directly verifiable on-chain. Nevertheless, regardless of operators' actual strategy execution, Cap is designed to automatically execute liquidation if operators fail to repay promised interest or if collateral ratios reach dangerous levels. The focus of verifiability is on whether promised yields were paid rather than on the strategy execution process.
Most importantly, the yield distribution process is configured to be verifiable on-chain. Interest repaid by operators is converted to cUSD through Fee Auctions and distributed to stcUSD holders through the Fee Receiver contract. This entire process is executed on-chain, with fair price discovery through a Dutch Auction mechanism. This design allows any Cap participant to verify the yield distribution process.
In Cap, slashing is triggered by two objective and verifiable conditions. First, when an operator's collateral value falls below the safety threshold. Second, when an operator fails to repay a loan. Both conditions are verifiable by anyone on-chain, leaving no room for subjective judgment.
The liquidation process proceeds as follows. When an operator's health factor (collateral-to-debt ratio) falls below 1, anyone can initiate liquidation. Once liquidation is initiated, operators are given a 12-hour grace period. During this period, operators can repay debt or secure additional collateral to recover their position. If LTV exceeds the emergency liquidation threshold (90%), immediate liquidation is possible without a grace period.
Once the grace period ends, a liquidation window opens. Liquidators repay operators' debts and acquire delegator collateral at a discounted price in return. This process proceeds as a Dutch auction, with the liquidation bonus increasing linearly over time up to a maximum of 10%. Faster liquidation means more bonus, so liquidators have incentives to act quickly.
Slashed collateral is redistributed to Cap's reserves. There are no governance votes, multi-party approvals, or delays in this process. It executes immediately according to rules set by smart contracts. As a result, stcUSD holders have their principal preserved despite operator failure, and cUSD always maintains 1:1 collateral backing.
In summary, Cap has delegators pay "insurance premiums," and liquidators deliver those premiums to stcUSD holders as remediation. Furthermore, this entire process operates as automated by smart contracts.
Of course, this system has limitations. In extreme market conditions where collateral asset values (e.g., ETH) plummet while liquidators are simultaneously scarce, slashed collateral may not fully cover debts. To mitigate such scenarios, Cap introduced conservative LTV settings (80%), emergency liquidation mechanisms, and rapid liquidation incentives through liquidation bonuses. While perfect protection is impossible, this provides a much more transparent and predictable remediation mechanism compared to existing models.
One problem with existing yield-bearing stablecoins was that operator failures transferred directly to depositors. When one operator incurred losses, those losses were shared by all depositors or, in worst cases, concentrated on specific depositors. Cap solves this problem through delegator collateral.
Simplifying the structure: For operators to borrow capital from Cap, they must first secure guarantees from delegators. Delegators promise "if this operator cannot repay, I will cover it with my collateral" and receive fees from operators in return. This is similar to small and medium enterprises receiving guarantees from credit guarantee funds when obtaining bank loans.
Cap's structure is ultimately designed to protect stcUSD holders' principal as much as possible, in the following manner:
First, Cap defines a clear order of loss absorption. If operators fail to repay loans, delegator collateral is first slashed to cover losses. stcUSD holders' principal is unaffected until delegator collateral is exhausted. This is the same principle as traditional finance where subordinated bonds absorb losses before senior bonds.
Second, Cap has a reliable guarantee fulfillment procedure. In traditional guarantees, guarantee fulfillment can be uncertain depending on the guarantor's financial condition. In Cap, since delegators pre-deposit collateral, this collateral is automatically redistributed to stcUSD holders when operators fail, eliminating concerns about guarantor solvency.
Additionally, Cap isolates risks by operator. In Cap, each operator receives collateral from a unique delegator pool, and this collateral is assigned only to that operator. This is designed so that one operator's failure does not affect delegators of other operators. Also, a single collateral delegation can only be used for a single operator within Cap and cannot be cross-utilized with other operators.
Finally, Cap implements market-determined guarantee fees commensurate with risk. Delegators evaluate each operator's strategies and track record to negotiate guarantee compensation. They will demand high fees from risky-looking operators and low fees from proven operators. Market participants' choices, not a central review committee, determine risk pricing.
In summary, Cap's delegation structure is an on-chain implementation of "guarantees for operators." Delegators receive fees and underwrite operators' repayment failure risks, while stcUSD holders have their principal protected thanks to these guarantees. However, unlike traditional guarantees, Cap has the advantage that funds needed for guarantee fulfillment are pre-deposited and the fulfillment process is automated.
4.1.1 Registered Operator and Delegator Status
Cap currently has 18 operators registered as shown in the table, and this operator distribution shows that Cap's design philosophy is being practically implemented.
First, operators with diverse backgrounds coexist, from DeFi-native teams to institutional trading firms from traditional finance. This proves that Cap is not limited to the crypto ecosystem but serves as an attractive capital procurement channel for traditional financial institutions as well. Their yield-generating methods vary, including market making, arbitrage, high-frequency trading (HFT), and private credit strategies. Therefore, unlike authoritarian stablecoins that depend on a single strategy, Cap has a structure where the most competitive strategies naturally emerge as market conditions change.
Furthermore, participation from institutions with trillions of dollars in assets under management, such as Susquehanna, IMC Trading, and Flow Traders, suggests that yield sources previously inaccessible to retail investors, such as arbitrage, MEV, and institutional-grade market making, are being democratized through Cap.
Source: EigenCloud
A particularly notable recent development is Flow Traders' registration as a Cap operator. Flow Traders is one of the world's largest liquidity providers listed on Euronext Amsterdam, processing billions of dollars in daily trading volume and acting as a major market maker in ETFs, ETPs, equities, bonds, commodities, and cryptocurrencies.
Through integration with Cap, Flow Traders can receive loans collateralized by restaked assets and deploy them in market making strategies. This is similar to how short-term funding is procured in traditional finance but can offer higher transparency, automated settlement, and lower operational friction. This is an important milestone proving that Cap can function not just as a platform for crypto-native operators but as a channel for regulated traditional financial institutions to access decentralized capital.
4.1.2 Current Status and Challenges of Operator-Delegator Relationships
Currently, Cap has various on-chain asset managers and delegators composed of restaking protocols registered as shown in the table above. However, examining the actually active operator-delegation relationships, most take the form of self-delegation as shown in the table below.
This can be charitably evaluated given that Cap has only recently launched and is still in an experimental phase. However, diversification of delegators is essential for one of Cap's core value propositions, "market-based credit assessment," to function properly. An ecosystem must form where third-party delegators independent of operators assess risks and negotiate appropriate premiums.
Cap has shown rapid growth since its public launch on August 18, 2025. It achieved $300 million TVL in approximately two months after launch and currently maintains around $350 million TVL (as of November 30, 2025).
A notable aspect of Cap's trajectory is its resilience through market volatility. Since launch, Cap has withstood three severe market downturns, including the historic October 10 flash crash, which is one of the largest single-day liquidation events in crypto history, where over $19 billion in leveraged positions were liquidated across the market. Despite these challenging conditions, Cap has demonstrated the ability to bounce back. While it has not been a perfect quarter for most stablecoins, with several facing significant outflows or operational challenges, Cap has maintained its growth trajectory and recovered from each downturn, validating the robustness of its collateral and liquidation mechanisms.
Cap's growth has been largely driven by integrations with blue-chip DeFi protocols. Shortly after launch, the stcUSD market was listed on Pendle, and RedStone built a cUSD oracle. Currently, Pendle's Cap-related market TVL alone exceeds $150 million, becoming the largest source of cUSD demand.
On the lending market side, stcUSD, PT-stcUSD, and PT-cUSD markets have been established on Morpho and Euler. On Morpho, major vault curators including Gauntlet, MEV Capital, and Hyperithm are providing liquidity for Cap assets.
Looking at delegation status, as of November 30, 2025, a total of $45.6 million worth of assets have been delegated, with approximately $14.6 million borrowed by operators. Borrowing relative to delegation is around 32%, confirming that each operator is operating stably without excessive borrowing. However, utilization is relatively low at around 5.3% compared to total reserves of $276.7 million.
The majority (92.9%) of idle assets in reserves that have not been lent out are deposited in Aave V3's core market, generating a base yield of approximately 3.65% annually.
Cap is pursuing diversification of underlying assets for cUSD's stability and regulatory compliance. Before launch, cUSD was designed with assets including PayPal's PYUSD, BlackRock-managed BUIDL, and Franklin Templeton's BENJI included in reserves, all interchangeable and redeemable 1:1 with cUSD. In particular, restrictions will prevent any single stablecoin from exceeding 40% of cUSD collateral, requiring integration of various stablecoins.
Source: Cap
Cap allowed only USDC as deposit assets on launch day but recently signaled the beginning of underlying asset diversification by integrating Wisdom Tree's WTGXX. WTGXX is Wisdom Tree's institutional investor-only RWA fund, a tokenized US Treasury money market fund with approximately $660 million in assets. Cap uses yield from WTGXX for base interest payments on idle assets among cUSD collateral.
This integration carries significant regulatory precedent. Wisdom Tree had to approve the compliance of Cap's model as well as whitelist Cap's smart contracts to use their money market fund. This marks the first time in DeFi history that a traditional asset manager has conducted such a compliance review and smart contract whitelisting for a decentralized protocol. This milestone demonstrates that Cap's architecture can meet the regulatory standards required by established financial institutions, potentially paving the way for broader institutional adoption of DeFi yield products.
Cap has rapidly integrated with major protocols in the DeFi ecosystem since launch. These integrations expand the utility of cUSD and stcUSD and provide users with various strategic options.
On Pendle, stcUSD and cUSD markets are listed, allowing users to choose strategies matching their risk preferences: fixed yield capture through PT (Principal Token) or variable yield pursuit through YT (Yield Token). On the lending protocol side, Cap asset markets have been established on Morpho and Euler, enabling leveraged positions of up to 9x, with major vault curators like Gauntlet providing liquidity.
For oracle infrastructure, Chainlink provides ETH/USD price feeds, and RedStone has built an oracle for cUSD minting mechanisms. In particular, RedStone's fast update cycle contributed to reducing minting fees by 80% from 0.50% to 0.10%.
Cap operates the "Frontier Program" alongside its protocol launch. Running in epoch units for up to five months, participants can earn "Caps" points through activities including cUSD holding, Pendle position (YT, LP) holding, and lending market liquidity provision. Early epoch participants receive more points.
A separate program for delegators called "COGs" is also operating, paid proportionally to amounts delegated to operators. Additional multipliers are applied to delegations that result in actual borrowing, designed so that delegations actually utilized in operations receive more rewards than nominal delegations.
Cap was designed to overcome the limitations of existing yield-bearing stablecoins through verifiable asset management, tiered collateral structures, and automated liquidation mechanisms. However, as with all financial systems, a completely risk-free state does not exist. This section analyzes structural risks of the Cap.
Cap's collateral structure depends on restaking protocols, with most collateral composed of ETH. While ETH's volatility is relatively low compared to other cryptocurrencies, scenarios of sharp price declines in collateral assets cannot be completely ruled out. Moreover, Symbiotic, which Cap uses as a shared security network, more permissively allows ETH-based derivative assets as collateral, requiring additional caution for operators using these as collateral.
The scenario unfolds as follows: As collateral asset prices fall, multiple operators' health factors simultaneously drop below 1. Liquidators sell their collateral to the market, and this selling pressure further depresses collateral asset prices. Price declines worsen more operators' health factors and trigger additional liquidations. If this cycle repeats, situations can arise where slashed collateral values fail to cover outstanding debts.
Cap's vault isolation structure blocks direct risk transmission between operators but cannot block indirect transmission through common collateral asset exposure. If most delegators use ETH and LST as collateral, despite individual vault isolation, the entire system shares risk linked to the same asset prices.
Cap has implemented several measures to mitigate this risk. The base LTV is set at a conservative 50%, which has helped the protocol withstand all market crashes since launch (especially 10/10 flash crash), with no liquidations triggered to date. This conservative collateralization ratio provides a substantial buffer against price volatility. Additionally, Cap employs emergency liquidation mechanisms (immediate liquidation when exceeding 90%), and rapid liquidation incentives through liquidation bonuses.
Cap's reserves operate on a fractional reserve system. A significant portion of deposited capital is lent to operators or deposited in external protocols, potentially making immediate redemption impossible if large-scale withdrawal requests occur simultaneously.
Cap tries to mitigate this issue through utilization-based rate curves. When reserve utilization rises, borrowing rates spike sharply to deter new loans and encourage repayment from existing operators. However, this mechanism's effectiveness assumes rational behavior by market participants; in panic situations, withdrawal requests may persist despite high rates.
In this case, cUSD's market price may temporarily deviate from its peg, and depegging risks forming a vicious cycle triggering additional panic. Particularly when operators are executing off-chain strategies, physical time is needed to retrieve that capital, potentially prolonging liquidity shortages.
If Cap's collateral structure becomes concentrated among a few large delegators, their actions have disproportionate impact on the entire system. When large delegators withdraw collateral, multiple operators' borrowing limits are simultaneously reduced, potentially leading to forced repayments and liquidity shortages. Even though vault isolation design blocks risk transmission between operators, this protection does not cover cases where the same delegator provides collateral across multiple vaults.
Cap is diversifying dependency on any single restaking protocol by using two shared security networks, EigenLayer and Symbiotic, in parallel. However, this is protocol-level diversification that does not directly solve delegator-level concentration issues. Long-term, encouraging participation from more diverse independent delegators to reduce system dependency on specific entities remains a key challenge.
As examined at the beginning of this article, information asymmetry was a core cause that repeatedly caused failures in both traditional finance and existing DeFi models. Cap does not completely eliminate this problem. Instead, Cap's approach is to explicitly price the cost of information asymmetry through delegator collateral. However, for this mechanism to work effectively, delegators must be able to accurately assess operators' risks, and various forms of market distortion can occur in reality.
The first is the problem of adverse selection. Operators possess superior information about their strategies and positions compared to delegators, and operators executing high-risk strategies have incentives to underreport risks and secure collateral at low premiums. Consequently, market equilibrium premiums may underreflect actual risks. Restakers can mitigate this issue by utilizing additional tools, such as Accountable, to monitor the onchain behavior of operators and their reserves.
The second is moral hazard. After collateral delegation is completed, operators have incentives to pursue excessive leverage or high-risk strategies, since primary losses are absorbed by delegator collateral when losses occur. This risk is being mitigated by the whitelist process, since onboarding reputable firms increases the reputational risk from slashing and malicious behavior.
The third is the possibility of collusion. When delegators and operators are the same interested party or have prior agreements, collateral may be delegated at premiums lower than actual risks. However, even if operators and delegators collude, it is the delegators’ collateral that gets slashed, not the stcUSD holders. There’s no real profit from colluding if the participants used established assets to delegate with proper oracles, as any default would result in real economic loss to the colluding delegator. The slashing mechanism ensures that stcUSD holders remain protected, regardless of operator-delegator relationships.
Cap tries to mitigate these issues through Guarantor Agreements, off-chain legal agreements. Delegators and operators specify loan duration, fee rates, and remediation conditions in case of default as legally binding contracts.
However, legal contract enforceability varies by jurisdiction and becomes more uncertain in cross-border transactions. There are also limitations in that legal victories may not lead to actual remediation when operators have lost their ability to pay.
Like all DeFi protocols, Cap is exposed to security risks. Protocols that have undergone rigorous audits have suffered significant losses due to undiscovered vulnerabilities.
Most projects share a fundamental problem - their security is "discrete." Traditional audits provide comprehensive security snapshots at specific points in time, but cannot cover the continuous stream of code changes that occur during ongoing development. However, even minor modifications or patches can introduce new attack vectors, creating gaps between audit cycles where vulnerabilities may go undetected.
Cap has taken a multi-layered approach to address these security challenges.
Source: Cap
First, Cap has completed six audits to date and committed to quarterly audit cycles going forward. This establishes a baseline of periodic security verification from established auditors.
Source: Cap
Second, Cap has integrated Octane to provide continuous security coverage between audits. Through this integration, every pull request, regardless of size, undergoes automated security analysis before it can merge to protected branches. This approach aims to surface vulnerabilities the moment they appear in development, rather than waiting for the next scheduled audit.
Third, Cap has integrated Hypernative for runtime security monitoring. While audits and code reviews address pre-deployment security, Hypernative provides real-time threat detection and on-chain activity monitoring, offering an additional layer of protection against exploits and anomalous behavior in production environments.
This layered security architecture, combining periodic audits, continuous development-phase review, and runtime monitoring, represents a comprehensive approach that audits alone cannot achieve. While no security framework can guarantee absolute protection, it is clear that Cap is taking the best possible approach.
Cap is one of the early cases of utilizing restaking protocols for credit underwriting purposes. While existing restaking protocols have mainly been used for infrastructure security such as oracles, data availability layers, and cross-chain bridges, Cap applied them to the collateral structure of financial services.
If this approach proves valid, the scope of restaking protocol utilization may expand across financial services. Functions that intermediaries performed in traditional finance, such as liquidation protection, insurance, and credit underwriting, can be reimplemented on shared security networks. Cap is the first case of this experiment and, depending on its success, will become a precedent determining the direction of subsequent projects.
Cap's current operator list includes traditional financial institutions such as Susquehanna, IMC Trading, and Flow Traders. However, their actual borrowing volumes are still limited, with most remaining at the pilot stage.
The true turning point will come when these institutions begin using Cap as a core funding channel rather than a mere experiment. In traditional finance, market makers procure short-term funds through prime brokerage. If Cap can replace or supplement this role, its scale could reach dozens of times the current TVL. Of course, this requires the legal clarity, operational stability, and sufficient liquidity that institutions demand.
Cap has presented its long-term goal as an "Evergreen Protocol," a system that operates autonomously without human team intervention. Currently, team discretion applies in operator whitelisting, collateral asset approval, etc., but these functions may be gradually codified or replaced by market mechanisms.
However, there are difficult challenges to solve for complete governance minimization. How do you verify operators' off-chain activities on-chain? When legal disputes arise, can smart contracts alone resolve them? What answers Cap provides to these questions will be a measure of the protocol's maturity.
Dive into 'Narratives' that will be important in the next year
Cap
Infinit
Frax
Avantis