De-Risking DeFi and Beyond: State of Crypto Insurance

This research focuses on the challenges that DeFi insurance aims to address, its mechanisms, the current market status, and the obstacles that need to be overcome for the industry to thrive. It is fair to say that existing blockchain insurance protocols primarily operate within the crypto industry.

Key Takeaways

• High volatility, hacks, exploits, smart contract vulnerabilities, and stablecoin depegging complicate the adoption of DeFi.

• Approximate direct funds affected by hacks: $7.21 billion.

• Approximate indirect damage from attacks and stablecoin depegging: $50 billion.

• Infrastructure and protocol logic are vulnerable parts of the DeFi ecosystem.

• Nexus Mutual absorbs 82% of DeFi insurance TVL.

• DeFi insurance faces challenges in competing with liquidity pools, lending protocols, and other yield-generating sources in attracting liquidity, complicating its development.

The Problem DeFi Insurance Addresses

Decentralized Finance offers investors the potential for higher returns compared to traditional financial markets. However, the DeFi market remains relatively small due to its inherent risks. These risks include high volatility, hacks, exploits, and the decoupling of stablecoins or wrapped assets from their benchmark.

Among the various DeFi opportunities, liquid staking has the largest Total Value Locked (TVL) and is considered the safest option for investors. This suggests that even within the crypto space, safety is prioritized over potentially higher rewards.

To address the challenges inherent in DeFi, insurance protocols have emerged. Users can obtain insurance to protect against losses resulting from various events, such as exploits, hacked smart contracts, attacks on DeFi protocols, and decreases in the value of stable currencies. This provides users with coverage to mitigate potential losses associated with these vulnerabilities.

DeFi Hacks and Exploits Are Hindering DeFi Adoption

Decentralized Finance has experienced a series of hacks and exploits, resulting in significant financial losses and posing a major threat to the DeFi ecosystem. According to DefiLama, the crypto industry has witnessed approximately $7.21 billion in funds affected by 257 exploits since 2016.

The increasing number of DeFi protocols is accompanied by a rise in hacker attacks and exploits. These exploits became more frequent during the rapid growth of DeFi's Total Value Locked (TVL) in the second half of 2021, and they tend to increase as TVL and the number of protocols grow.

One notable incident highlighting the risks in DeFi was the crash of the UST stablecoin and Terra, which caused a significant decline in DeFi's Total Value Locked (TVL) and cryptocurrency prices. This single event alone resulted in a loss of over $40 billion in DeFi TVL.

A more recent event worth mentioning is the depeg of the MAI (Mimatic) stablecoin, which is currently trading at around $0.79. Although this event had a limited impact on the entire DeFi space due to its relatively small market capitalization and number of holders, it still led to losses for MAI holders and DeFi users, which should not have occurred theoretically.

The inherent fragility of DeFi can discourage potential users who are unwilling to take on such a high level of risk. DeFi insurance is specifically designed to act as a safety net for users and investors, providing protection against potential losses resulting from these events.

The Most Widespread Vulnerabilities DeFi Faces

DeFi hacks can be categorized into five types based on the target of the attack: infrastructure weakness, smart contract language, protocol logic, or the interaction between multiple protocols.

As shown in the chart below, attacks on infrastructure resulted in the highest losses, totaling $3 billion. This was followed by protocol logic, which caused $2.7 billion in damage.

When exploring exploit techniques, as shown in the table below, the compromise of private keys emerges as the most frequently employed vector attack, surpassing all other methods in terms of the amount of funds affected, totaling $2.3 billion. Access control and proof verifier bug techniques followed the private key compromise in terms of funds affected, with $658 million and $570 million, respectively.

The pie chart below illustrates the percentage distribution of exploit techniques based on the funds they affect. In this chart, we have divided private key compromise into two categories: one involving social engineering and the other using unknown methods. The chart clearly illustrates the need to mitigate technical risks in the crypto market.

How DeFi Insurance Works

In the true spirit of DeFi, insurance pools operate in a decentralized manner. The basic idea is that liquidity providers pool their resources to deposit insurance funds, which are set aside to cover various events. These reserved insurance funds are then made available to those who purchase insurance protection for the specific event in question.

Liquidity providers in these insurance pools take on the role of insurers and assume a certain level of risk. However, the interest earned by liquidity providers serves as compensation for the risks they undertake. If a covered event, such as an exchange hack, occurs, the funds contributed by liquidity providers to cover that specific event are disbursed to the affected parties to address the damages. On the other hand, if the event does not happen, the money contributed by liquidity providers remains in the pool and continues to generate yield over time.

Yield in these insurance pools comes from insurants paying premiums for their coverage and specifying the contracts or platforms they want to insure. Insurance is purchased for a limited period and for a specific event. In the event of adverse incidents, insurants can file claims, which are then evaluated by the insurance protocol to determine compensation.

The table below highlights key differences between traditional insurance and DeFi insurance.

The effectiveness of DeFi insurance depends on maintaining a delicate balance between collected premiums, reserves, and potential claims. Premiums can fluctuate based on market dynamics, taking into account factors such as the specific events the policyholder wants to cover, the type of coverage, and the duration of the policy. These factors influence the amount the policyholder pays for the premium.

What DeFi Insurance Covers

Currently, there are eight main categories of coverage available. However, the specific terms and exclusions are defined by individual providers. This highlights an industry that is still in the process of standardization.

The State of DeFi Insurance

To better understand the state of DeFi insurance, let's examine the key projects in the industry. Currently, the Total Value Locked (TVL) in crypto insurance remains relatively modest when compared to the TVL in other DeFi sectors, totaling $270 million. The majority of liquidity is concentrated within the leading protocol, Nexus Mutual, which accounts for a substantial 82% of the entire DeFi insurance TVL.

These market conditions can be partially attributed to the 'chicken or the egg' dilemma. DeFi insurance protocols need to attract both liquidity providers and policyholders to establish a viable business model. As a result, the largest player in the market enjoys an additional advantage due to its established presence and the network effect it has garnered.

The DeFi insurance market is closely tied to the broader DeFi industry. DeFi insurance protocols typically emerge in blockchain networks with high DeFi activity and Total Value Locked (TVL) surpassing several billion USD. While DeFi insurance plays a valuable role within this niche, it is not positioned as the primary driver of growth for the DeFi sector. Consequently, investments in DeFi insurance remain somewhat limited. The relatively low interest from venture capitalists (VCs) and the modest TVL can be attributed, at least in part, to the challenges faced by the DeFi insurance sector.

How DeFi Covers Accesses Damages

DeFi insurance protocols vary in terms of decision-making and assessment processes. The picture below illustrates six methods.

• The Community vote-based claims assessment process involves DAO community members who hold protocol governance tokens. While some claims assessment processes include publishing an internal opinion before voting starts (e.g., advisory board recommendation), community voters ultimately determine, at their discretion, whether a submitted claim or group of claims should be paid out following the associated cover policy wording.

• The Expert panel claims assessment process relies on a predetermined group of experts to determine the validity of a (group) claim. Typically, the panel consists of security and legal experts, as well as protocol core contributors and community representatives where applicable. Panel members may be internal or external for neutrality. A common practice is to use a multisig contract, which requires a majority vote (signatures) to approve or reject an incident and trigger the corresponding payout.

• Off-chain DeFi insurance operates outside the blockchain. Users apply, undergo underwriting, and receive off-chain contracts. Premiums are paid using traditional methods, and in case of a covered incident, claims are initiated off-chain. Insurance companies assess and process payouts in fiat through conventional financial systems. This approach contrasts with on-chain solutions, which use smart contracts for increased automation and transparency within the decentralized finance space.

• The Optimistic oracle claim assessment process combines community voting mechanics and a semi-automated oracle system (e.g., Chainlink). In this approach, claims are accepted as valid unless disputed by any party within a given timeframe.

• The Parametric cover assessment process allows affected cover holders to automatically claim payouts when a predetermined on-chain condition, reported by an oracle, is met. Unlike a community vote claims assessment, cover holders do not have to submit proofs of loss or wait for the result of a vote, enabling payouts for covered incidents to occur within blocks of the trigger condition. So far, parametric approaches have mostly been used for depeg cover, as the payout condition can be objectively measured.

• The Hybrid claims assessment process combines elements from other methods. For example, a claim may undergo a community vote first and then be reviewed by an expert panel before payout. Alternatively, an expert panel may evaluate the claim, and if there is a dispute, resolution can be facilitated by an optimistic oracle. The time it takes for a valid claim to be paid under a hybrid regime can vary depending on the combination of assessment methods.

Challenges DeFi insurance Need to Tackle

Risk assessment within the DeFi industry is complex due to its novelty, lack of historical data, and the constant emergence of unforeseen events. This dynamic landscape makes evaluating risks particularly challenging.

The competition with alternative yield sources, such as liquidity pools and lending protocols, adds an extra layer of complexity. DeFi insurance protocols must strive to provide higher yields, which can result in increased premiums paid by policyholders. This heightened competition further complicates the challenges faced by DeFi insurance platforms.

DeFi insurance premiums are often relatively high due to the lack of market efficiency. Efficiency in insurance is typically achieved when every $1 in a collateral pool can back more than $1 across multiple policies covering various protocols. The scarcity of demand across multiple pools leads to lower yields for liquidity providers.

Ultimately, DeFi insurance is vulnerable to the same types of exploits as DeFi protocols themselves, as it relies on blockchain technology and data from oracles. Additionally, in the traditional business model of insurance companies, a main source of yield comes from investing collateral into safe, yield-generating assets. However, depositing collateral back in DeFi poses similar risks to the collateral itself.

The Bottom Line

DeFi insurance stands at the intersection of promising potential and significant challenges within the decentralized financial landscape. As it addresses risks like volatility, hacks, and stablecoin depegging, the sector is still in its early stages, with Nexus Mutual dominating the market. The 'chicken or the egg' dilemma and the competitive landscape pose hurdles for newer entrants.

While the decentralized nature of DeFi insurance and its community-driven decision-making processes showcase innovation, the industry grapples with risk assessment complexities, high premiums, and competition from alternative yield sources. Striking a delicate balance between risk mitigation, competitive yields, and community trust will be crucial for the sustained growth and impact of DeFi insurance in shaping the future of decentralized finance.