An Introduction to DeFi Insurance• Catarina Urgueira • 20 min read
DeFi has experienced a number of security incidents that have cost billions of dollars in losses, leading to a loss of confidence in its core value proposition. Insurance solutions that mitigate the inherent risks of DeFi are critical to ensuring widespread adoption.
This report provides a historical overview of the Ethereum-based DeFi Insurance space, compares the different sources for underwriting capital, and explores the different existing cover types.
This Insurance Series takes an in-depth look at the followingprotocols:
- Nexus Mutual, Unslashed, InsurAce, Risk Harbor, Ease.org, Sherlock, Tidal Finance, InsureDAO, Neptune Mutual, Bridge Mutual, Cozy Finance, Bright Union, and Solace
Insurance Market Overview
While decentralised exchanges and lending account for the majority of the value locked in DeFi, insurance accounts for less than 1% of the total value. However, as the TVL grows, so does the potential damage from smart contract vulnerabilities or other attack vectors. Insurance solutions, similar to the safety nets found in traditional financial markets, may be required for investors, retail users, and institutions to feel comfortable participating in on-chain markets.
Nexus Mutual, the industry pioneer, has dominated the insurance market since its launch, accounting for over 78% of the TVL but only covering 0.15% of the TVL in DeFi. The remaining insurance market is fragmented, with the three protocols following Nexus accounting for roughly 14% of the TVL.
While the global traditional insurance market remains massive, with significant growth projected over the coming years, the DeFi insurance sector has emerged as a small but promising segment of the blockchain industry. We can expect more innovation in the DeFi insurance sector as it matures and gains acceptance, with new protocols emerging and existing ones refining their offerings to meet the needs of DeFi users.
How does DeFi insurance work?
Instead of acquiring coverage from a centralised institution, DeFi insurance allows individuals and businesses to insure their capital against risks through a decentralised pool of providers. In exchange, coverage providers earn interest on the locked capital generated by a percentage of premiums paid, creating a correlation between the premium and the risk of the protocol under consideration.
Coverage providers invest their funds in pools that provide higher returns in comparison to the protocol's risk. This means that individuals trade event outcomes based on their estimates of the probability of the underlying risk's occurrence. If an insurer-covered protocol suffers a negative event, such as a hack, funds from the pool covering that protocol compensate users who purchased coverage against that specific event.
Pooling resources and spreading risk among several players is an effective strategy to deal with unusual or extreme events that have significant financial ramifications. A common capital pool can cover many multiples of risk with less capital, providing a collective mechanism for dealing with large-scale problems.
The popularity of parametric insurance in DeFi is due to its automation and transparency possibilities. Smart contracts with preset parameters and real-time data from oracles enable automatic claim processing based on these parameters. This automation speeds up the claims process, increases efficiency, and lowers the possibility of human bias or error.
The ability for anyone to participate and the transparency of on-chain operations are often highlighted as key advantages of decentralized insurance systems. As DeFi continues to grow, the need for solutions that protect users' capital becomes increasingly important.
DeFi Insurance Evolution
The concept of decentralised insurance dates back to the early days of blockchain technology. The first decentralised insurance platform, Etherisc, was launched on Ethereum in 2017, providing a peer-to-peer insurance marketplace where users can buy and sell generic insurance policies, like flight delays and hurricane damage, without traditional insurance companies.
The turning point for DeFi insurance came in 2019 with the launch of Nexus Mutual, the first insurance protocol built specifically for the DeFi ecosystem. It operates under a discretionary mutual structure, which means that the Board (the Nexus Mutual members who are all KYC-verified) decides on all claims payments. Nexus Mutual’s recent V2 release facilitates the creation of an on-chain risk marketplace, allowing other companies to build and share a wide range of crypto-native and real-world risks such as liability, catastrophic, property, and cyber cover. The protocols built on top of this version can provide their services without requiring users to complete KYC requirements, which increases accessibility to the platform's risk management solutions.
Following Nexus Mutual, many protocols were launched to address ongoing challenges in the space. In November 2020, InsurAce was launched, offering zero premium pricing (ultra low premiums), no-KYC requirement, and a portfolio-based multi-chain solution.
Unslashed followed in January 2021, offering coverage for various risks and allowing anyone to become a capital provider and receive a return from premium policies, interest generated via Enzyme Finance, and the USF Capital Mining Program, increasing the available capital for coverage.
Bridge Mutual, launched in the same month, offered permissionless creation of coverage pools, portfolio-based insurance coverage, and the ability to underwrite policies with stablecoins in exchange for an attractive yield. In December 2021, it released V2 with capital efficiency improvements, leveraged portfolios, which allow users to underwrite insurance for multiple projects simultaneously, and Shield Mining, a feature that allows projects and individuals to contribute X tokens to the Project X Coverage Pool in order to increase the pool's APY and attract more liquidity. It also introduced the Capital Pool, an investment arm of Bridge Mutual that invests unused capital into third-party Defi protocols and generates revenue for the vault and token holders.
Armor, launched in late January 2021, used the Nexus Mutual V1 model without the KYC requirement but later introduced the Uninsurance model and changed its name to Ease.org in May 2022. In RCAs (Reciprocally-Covered Assets), covered assets simultaneously underwrite the other assets in the ecosystem, which allows for the collection of underwriting capital from deployed capital within DeFi yield strategies. In the event of a hack, Ease liquidates a proportional amount of funds from all vaults to compensate investors. Ease's value proposition is based on the assumption that, on average, hacking losses are significantly less costly than the premiums paid.
Tidal Finance launched on Polygon in July 2021 with a flexible weekly subscription system. A new upgrade, V2, has been in the testnet since March 2023, and it will allow users to effectively set up their own customized insurance pool and policies.
Risk Harbor, launched in May 2021, is the first decentralized parametric insurance protocol that offers protection against smart contract risks, hacks, and attacks. It provides automated, algorithmic, transparent, and unbiased claiming assessment by comparing the redeemability of credit tokens with the issuing protocol. For instance, in the case of coverage protection for UST depeg events, Risk Harbor reimbursed when the UST price on Chainlink fell below $0.95, enabling holders to exchange their wrapped aUST for USDC automatically. Risk Harbor is working on two upcoming versions, V2.5 and V3, with V2.5 acting as a stepping stone to V3. Improvements in V2.5 include ERC20 positions instead of ERC721, auto ERC20 staking, and the ability to sell back protection, while V3 includes cross-chain depositing and purchase, allowing for a vault with farms from all EVM and beyond, creating a vault of uncorrelated risks. However, it's important to note that Risk Harbor has been primarily focused on the Terra ecosystem, where it has concentrated most of its TVL since the end of 2021. The aim of the team is to expand and shift the focus towards the Cosmos and Ethereum ecosystems once this new version is released.
In September 2021, Bright Union was introduced as a DeFi insurance aggregator, while Sherlock launched in the same month with a unique approach to auditing. Sherlock established an audit firm consisting of blockchain security engineers to review any smart contract, which would then be protected against hacking as part of their audit process. This idea of providing code audits and coverage directly to protocols eliminated the need for users to manage their own coverage. As a result, insurance protocols followed suit and began offering similar services by collaborating with external audit companies to launch their own Audit Cover product, which provides protection to protocols audited by their partners against smart contract risks.
Solace launched in October 2021 with a focus on ease-of-use and offering portfolio coverage that dynamically adjusts the risk rate as positions change, preventing overpayments and complex policy administration. It was based on the Protocol-Owned Liquidity model to acquire its own underwriting capital and remove underwriting risk from token holders. Solace was placing the assets from the bond program in the Underwriting Pool to sell policies against and using the pool to payout claims. However, the Solace team has temporarily halted operations to work on a new version of the protocol. They identified two flaws in the insurance model that, they believe, go against the nature of DeFi: the need for human input in the claims process and the need for probabilistic underwriting to generate returns. They are aiming to solve these issues in their new version.
InsureDAO launched in February 2022 as a protocol open for everyone to use, similar to Bridge Mutual, and the team is currently working on revamping the protocol in order to change the model to be more relevant to the current market.
Neptune Mutual, launched in November 2022, aims to provide users with guaranteed payouts. In Neptune, the rules are not defined on smart contracts, which hinders automation of the claiming process and relies on reporters, which requires a trust-based assumption. However, this limitation provides an advantage for Neptune as it allows them to offer coverage that does not depend on on-chain data, such as custody cover.
Cozy Finance offers parametric insurance, and recently paused all V1 markets to launch V2, which is based on the idea that other protocols suffer from restrictive designs for price, payout, and risk management. This new version allows anyone to create a new market with automatic payouts and programmatic pricing.
Decentralized insurance has come a long way as a promising solution to mitigate risks in a transparent and decentralized manner. Nexus Mutual, being the first mover in the space, still holds a leading position in terms of TVL. However, as the sector becomes more competitive, the market leader will be the protocol that can offer scalable underwriting without fragmented liquidity, transparent and decentralized risk assessment, accurate pricing, and continuous payout of valid claims.
With more underwriting capital, a protocol may provide more coverage, making it more appealing to users. Yet, the source of underwriting capital can have an effect on the protocol's long-term sustainability and effectiveness. Many protocols, for example, are spreading their capital pool across multiple chains, which fragments liquidity and may influence their potential to be capital efficient at scale.
The table below compares several insurance protocols based on their source of underwriting capital.
In this section, we will explore the various cover types offered by different insurance providers.
Protocol cover protects customers against financial losses that can occur when using DeFi protocols. Different suppliers provide various levels of coverage designed to protect against certain risks inherent in protocols. Smart contract exploits/bugs, Oracle failure or manipulation, economic design flaws, and governance attacks are among the threats. It's important to note that protocol cover does not generally protect against risks like front-end, Discord, or Twitter compromises, as well as rug pulls.
Custody cover safeguards against financial losses that can occur when digital assets are stored in third-party custodial accounts, such as centralised exchanges. Its primary purpose is to provide protection in two main scenarios. The first situation occurs when the custodian unexpectedly suspends withdrawals for an extended period of time, preventing consumers from accessing their funds. The second scenario occurs when an unauthorised party gains access to the security measures of the custodian and steals the assets.
Automatic incident resolution, on the other hand, which is performed based on smart contracts, focuses on leveraging on-chain data and predefined conditions. It's important to remember that parametric insurance may have limitations when it comes to addressing risks other than those related to on-chain data, such as custody cover.
Depeg cover protects against depegging occurrences, which happen when an asset loses its peg to a target currency. This form of coverage is widely used to protect stablecoins and other pegged assets, such as stETH. Consider a user who owns a stablecoin that is meant to maintain a 1:1 peg with the US dollar. A financial loss is experienced if the value of the stablecoin falls significantly and the user is unable to redeem it for the expected amount of US dollars. Depeg cover can assist in mitigating this loss by reimbursing the user for a portion or the total amount lost owing to the depegging event.
Specific conditions must be met before a claim may be submitted, and these criteria differ among providers. These usually include elements such as the percentage price decrease and the duration. When establishing a claim for depeg cover, the Time Weighted Average Price (TWAP) of the asset over a given time period is typically used to determine the occurrence of a depegging event. TWAP computes the average price of an asset over a particular timeframe, taking into account the asset's trading volume during that window, to evaluate if a depegging event has occurred.
Many protocols, including InsurAce, Unslashed, and Risk Harbor, provided UST Depeg coverage during the event. According to their UST De-Peg Cover Wording, InsurAce was formally activated on May 13, 2022, when the 10-day TWAP of UST fell below $0.88. Remarkably, they were successful in paying out $11.5 million in claims. Unslashed allowed claims after a 14-day TWAP of UST less than $0.87, and they paid out over 1000 ETH in various batches. When the UST price on Chainlink went below $0.95, Risk Harbor, as a parametric insurance solution, facilitated reimbursement, allowing holders to immediately swap their wrapped aUST for USDC.
Yield Token Cover
Yield Token Cover protects against financial losses caused by a discrepancy between the reference currency value of a yield-bearing LP token and its actual value. To qualify for a claim, the depeg percentage, like Depeg cover, must exceed a specified threshold of the token's value.
Audit cover is a type of protection that protocols can directly acquire to mitigate the risk of vulnerabilities that were missed during their audits. It adds an extra layer of security after the audit for a short length of time.
Sherlock has pioneered this concept and provides up to $5 million in coverage for smart contract exploits after an audit. As long as there have been no further changes to the code base, this coverage can be activated at any time after the audit is completed. InsurAce, on the other hand, has teamed with audit firms to offer a comparable product with a three-month coverage term.
Slashing cover provides financial protection for professional validators participating in proof-of-stake (PoS) chains who may face losses due to slashing events. Slashing events occur when validators violate the consensus mechanism's rules, leading to a penalty in which a percentage of their staked assets is either slashed or reduced.
In 2022, Blockdaemon, a prominent provider of blockchain infrastructure services for node management and staking, collaborated with Marsh, a renowned insurance broker and risk advisor, to introduce an insurance policy that safeguards their customers from slashing events. This programme attempted to provide additional security for validators in the event of slashing penalties. In the same year, Nexus Mutual, a decentralised insurance provider, developed a decentralised solution to safeguard validators on the Beacon Chain, providing additional alternatives for validators seeking slashing cover.
Bridges enable the transfer of funds between different networks, but they also pose risks such as smart contract vulnerabilities, hacks, and implementation or design flaws. These risks can result in inaccurate fund transfers or slippage calculations.
Centralized bridges are particularly vulnerable to bad actors who can manipulate liquidity pools. Regardless of whether funds are stored centrally or decentralised, the storage point becomes a target for bad actors. In 2022, hackers stole more than $1.8 billion from bridges alone. Bridge Cover was created to mitigate these risks by protecting consumers from financial losses when moving funds across a bridge.
InsurAce introduced this concept by launching a new product in collaboration with LI.FI Bridge Aggregator, which already has over $1 million in cumulative covered amounts. Risk Harbor is also collaborating with Socket on a bridge protection system, which is still in beta testing.
Insurance providers can preserve their underwriting capital by moving a portion of their risk exposure to other insurance providers. This reduces the providers' overall risk and allows them to continue offering coverage for various risks without being exposed to excessive risk.
One of the insurance companies offering excess cover is Nexus Mutual, which offers coverage to Sherlock for their audited protocols and protects 25% of the underlying coverage that Sherlock offers.
Insurance Protocols Cover Comparison
As the decentralized insurance industry grows, various insurance protocols are emerging with different types of coverage offerings. A comparison table that details the different cover types supplied by existing insurance protocols has been prepared to help readers understand the variety of coverage available.
- Bright Union was not included in the table because it serves as an aggregator, providing cover types that are a blend of the covers offered by the protocols it gathers.
- Risk Harbor provides protection in the event that the value of covered tokens falls below the default ratio. It might be a protocol becoming insolvent as a result of a contract exploit, a failure in liquidation processes resulting in bad debt, governance attacks, economic exploits such as flash loan attacks, or anything else that prevents the underlying token from being redeemed.
- It has not yet been confirmed what types of coverage Solace will provide in its new version.
- Nexus is exploring a D&O (Director & Officers) liability product to cover the costs of compensation claims made against the protocols by shareholders, investors, employees, regulators, or third parties.
As DeFi continues to grow, it becomes more vulnerable to security attacks. To protect users against such risks, viable insurance protocols need to emerge. However, the DeFi insurance industry faces challenges in providing diverse coverage and accumulating sufficient underwriting capital. Protocols that split their capital pool across many chains fragment liquidity and are impacted by their capacity to be capital efficient at scale, while adequate risk management remains an issue to be improved.
In the current environment, the availability of underwriting capital within the insurance pools places restrictions on coverage limitations. Protocols have been exploring strategies to generate additional yield and attract more liquidity providers to expand coverage offerings, such as depositing a percentage of capital pool returns into platforms like AAVE or Compound. These approaches, however, introduce additional risks, including third-party smart contract vulnerabilities and market volatility, forcing a trade-off between yield generation and risk management.
To address these challenges, established players are prioritising protocol upgrades to improve capital efficiency, cover capacity, and UX. Customised covers and markets are being developed to meet the specific coverage needs of DeFi users.
Parametric coverage offers a viable solution for certain risks, but it may not be suitable for all coverage types. Relying on oracles for data exposes the system to oracle failure or compromise, and limits arise when interest-bearing tokens become non-transferable due to protocol upgrades. Implementing coverage rules through smart contracts presents challenges, as it necessitates storing all relevant information on-chain and limits the spectrum of risks that can be adequately covered, but it also offers the capacity to automate the claiming assessment.
Furthermore, reinsurance, an important component of traditional insurance, is still absent from the DeFi insurance market. The practise of insurers transferring sections of their risk portfolios to third parties in order to lessen the possibility of having to pay a substantial obligation arising from an insurance claim is known as reinsurance. By transferring risk to third-party specialised investors, reinsurance methods can improve cover capacity, capital efficiency, and resilience. Exploring reinsurance can help mitigate the financial impact of catastrophic events like the UST depeg.
In the next article, we will delve into DeFi insurance pricing models, exploring different approaches taken by protocols.
To conduct our analysis, we first utilised the Defillama Insurance Category List, which provided us with a comprehensive overview of insurance protocols operating on the Ethereum ecosystem. We then reviewed each protocol on the list, excluding those that did not meet our criteria for analysis. The exclusion criteria included halting operations, changing focus, or the unavailability of publicly accessible information.
- Cover Protocol suffered a hack in 2020 and was shut down in 2021.
- Armor.Fi decided to introduce the RCA Coverage model and rebranded to Ease.org in May 2022.
- iTrust Finance had no publicly available documentation.
- The UnoRe documentation did not fit with what the protocol is currently offering.
- NSure has been inactive since June 2022, resulting in an all-time low in TVL.
- ArCx, Ante Finance, and Helmet are not insurance protocols. ArCx is an analytics platform, Ante Finance is building a trust rating, and Helmet is an options protocol that can be used to hedge exposure, but it is not an insurance protocol by design.