What Is DeFi Insurance, and Is It Any Good?

DeFi users participate in one of the most exciting but untested areas of cryptocurrency. The nature of smart contracts and decentralized protocols makes them subject to exploits and hacks, occasionally leading to significant losses for affected users. As we have covered in a previous blog, these include flash loan hacks that exploit weaknesses or ‘loopholes’ in the smart contracts that govern protocols, allowing canny actors to drain millions of dollars from their liquidity pools. 

As such, DeFi users are no doubt comforted by the fact they can now insure themselves against these types of losses. The number of providers now offering so-called DeFi insurance is growing, with the largest - Nexus Mutual - already boasting a market cap of just under $342 million according to CoinGecko [Sourced 26.1.2021] despite having launched in July 2020. Meanwhile, competitors Etherisc and Cover Protocol have around $60 million in market cap between them.

How DeFi insurance works 

Much like insurance in the traditional financial world, DeFi insurance aims to protect users from losses in return for a specific premium based on the size of their holding and which platform they are holding it with. While a traditional insurance policy might be issued and underwritten by a multinational insurer, a DeFi insurance policy relies instead on its community of users to dictate premiums and orchestrate payouts. 

The main actors of a DeFi insurance protocol are the underwriters that provide capital to the pools for each individual protocol covered, and which take a share of premiums (also known as staking); claims assessors and governance token holders that vote on claims and changes to the protocol; and claimants, or those that buy the insurance premiums. Depending on the protocol, underwriting (or staking) can be a fairly lucrative pursuit thanks to the regular income stream that is available from premiums, while rewards in the form of the native governance token also boost the haul considerably.

Does the premium justify the cover? 

For users or claimants of DeFi insurance protocols, the benefits are clear: in return for a premium they are able to protect the value of their digital assets from smart contract exploits. As one might expect, the riskier the protocol, the more you will pay for your safety. On Nexus, for example, it costs 0.1281 Ether (ETH) to insure 10 ETH on the Curve Finance protocol for a period of 180 days, while the same level of cover for the same holding on Acropolis Delphi comes with a 2.18 ETH price-tag (an APY of around 48%). [Sourced from app.nexusmutual.io 26.1.2021]

While some might see this as a fair price to pay - at least in terms of the more mainstream protocols - others question the value of the cover claimants are receiving through DeFi insurers. Most only pay-out for technical glitches with smart contracts, and then only on a discretionary basis. Typically, insurance protocols do not provide cover for the numerous things that could go wrong in the various layers of the DeFi protocol, while a lack of a secondary market to trade limits the ability of insurance protocols to scale.

To KYC or not KYC?

Moreover, there is somewhat of a conflict inherent in the operation of some DeFi insurers, who require KYC (know your customer) information before they will provide cover, including the dominant Nexus Mutual. As any DeFi user knows, while the ecosystem is not entirely devoid of KYC, the raison d'être of DeFi is decentralization. Fundamentally, DeFi was originally envisioned as a place where cryptocurrency could operate truly independently of traditional finance, as was originally intended by crypto’s first pioneers.

Nexus Mutual is not the only game in town, though. Nsure.Network is sidling up to rival it with an entirely permissionless (i.e. no KYC) model based on a Lloyds of London approach. Rather than being based on flows from underwriters, or those staking in the insurance pools, Nsure premiums are determined by a “dynamic pricing model” based on “capital mining” whereby pricing is determined by the real-time supply of capital and demand of insurance coverage for the products. Nsure claims that this model ensures that “valid claims will always be paid and that systematic risk is under control.”

DeFi insurance solutions 

As highlighted earlier, Etherisc and is also nipping at the heels of Nexus Mutual, although with a very different product: a flexible, again entirely permissionless, tool that allows users to build their own insurance products for a wide variety of different scenarios. This includes crypto wallet insurance and collateral protection for crypto-backed loans as well as cover for “real world” situations such as flight delays and hurricanes. Union Finance is another interesting new protocol proposing to offer a multi-token model that it says will avoid the sort of issues that Nexus faced when its NXM token crashed heavily in September. Union will also be permissionless and claims to be able to cover users beyond just smart contract failure. 

The lack of a secondary market is also being somewhat addressed through the selling of non-fungible tokens (NFTs) on marketplaces where NFT insurance contracts can be traded. Indeed, Nexus’s problems were exacerbated by the fact that users of yInsurance, from yearn.finance, were able to create non-KYC insurance underwritten by Nexus Mutual using a wrapped form of NXM (WNXM) and an NFT that was tradable on the Rarible marketplace. A protocol named ‘Safe’ then allowed users to mine SAFE tokens using yNFT (from yInsurance) and WNXM. This caused a spike in the price of NXM as WNXM is pegged to its price. However, the APY for SAFE was not competitive and so users stopped farming it with WNXM, causing a domino crash for NXM, WNXM and SAFE, which was forked and replaced by COVER.

Nascent DeFi insurance protocol Steady State Finance is also developing a secondary market solution. Users of its platform will be able to buy and sell the tokens they receive for providing liquidity to an insurance pool for individual protocols.

Who insures the insurers? 

And so, while new solutions are continually being found, as the above would suggest, the market is not without risk. In addition to the type of scenario that befell Nexus Mutual, the protocols themselves are vulnerable to hacks. Cover Protocol (formerly SAFE) has already been exploited. In December 2020, a white hat hacker exploited a bug in the incentives smart contract to drain $3.62 million worth of COVER tokens from the protocol. The irony of an insurer that covers users against smart contract bugs being exploited because of a bug in its smart contract is lost on no one. Nor the fact that Binance - which Cover insures against - compensated its users $10 million for the lost value of their COVER tokens due to the attack.

User-centric models force users to speculate on, rather than manage, their risk exposure, namely due to the lack of comprehensive data regarding DeFi risks. Steady State is the only solution currently looking to insure providers, rather than users. With a cutting-edge Risk Analysis Database, Steady State claims to be able to objectively measure systemic dangers in decentralized finance. This will allow protocols to take out insurance policies that are built-to-fit based on their needs, and on-chain monitoring that tracks ongoing exploits and hacks, allowing for instant payouts in the case of a policy event. This is still, however, in development.

DeFi insurance, then, is not perfect. Nonetheless, it remains one of the most interesting and innovative uses of the DeFi model to emerge to date. If decentralized projects are able to provide safe and scalable DeFi insurance products and markets, the security this would provide could lead to increased adoption of DeFi. Moreover, the wider applications are potentially significant, with DeFi insurance perhaps able to provide a model that could rival the notoriously corrupt insurance markets in traditional finance. As ever in the DeFi sandbox, though, there will probably be plenty of eggs cracked first.