DeFi has experienced multiple security incidents with billions of dollars in losses, causing people to gradually lose confidence in its core value proposition. However, insurance solutions to mitigate DeFi risks are crucial to ensure that DeFi can be widely adopted.
This insurance series takes an in-depth look at the following protocols:
Nexus Mutual、Unslashed、InsurAce、Risk Harbor、Ease.org、Sherlock、Tidal Finance、InsureDAO、Neptune Mutual、Bridge Mutual、Cozy Finance、Bright Union 和 Solace
Insurance Market Overview
While DEX and lending account for the majority of DeFi locked value, insurance accounts for less than 1% of the total value. However, as TVL grows, the potential for smart contract vulnerabilities or other attack vectors will increase accordingly. Insurance solutions are similar to safety nets in traditional financial markets, and thriving solutions will encourage investors, individual users, and institutions to participate in on-chain markets with confidence.
Industry pioneer Nexus Mutual has dominated the insurance market since its launch, accounting for more than 78% of TVL, but only accounts for 0.15% of DeFi's overall TVL. The remaining insurance market is fragmented, with the three protocols after Nexus accounting for about 14% of TVL.
While the global traditional insurance market is very large and is expected to grow significantly in the coming years, the DeFi insurance industry has become a small but very promising branch of the blockchain industry. As the DeFi insurance industry matures and upgrades, we can expect more innovation, new protocols to emerge, and existing protocols to continuously improve their products to meet the needs of DeFi users.
How does DeFi insurance work?
Instead of obtaining insurance from a centralized institution, DeFi insurance allows individuals and businesses to insure their capital against risk through decentralized liquidity pools. In exchange, insurance providers earn interest on locked capital generated from a percentage of premiums paid, thereby creating a correlation between premiums and the risk of the protocol.
Coverage providers invest their funds in a pool of funds that offer a higher return than the risk of the protocol. This means that individuals trade event outcomes based on their estimates of the probability of a potential risk occurring. If a protocol covered by an insurance company suffers a negative event, such as a hack, funds from the pool covering that protocol will compensate users who purchased insurance against that specific event.
Pooling resources and spreading risk among multiple participants is an effective strategy for handling unusual or extreme events with significant financial impact. A common pool of funds can cover many times the risk with less money, providing a collective mechanism for handling large-scale problems.
The popularity of parametric insurance in DeFi is due to its automated and transparent mechanism. Smart contracts with preset parameters and real-time data from oracles can automatically settle claims based on these parameters. This automation speeds up the claims process, improves efficiency, and reduces the possibility of human bias or error.
The ability for anyone to participate and the transparency of on-chain operations are often highlighted as the main advantages of decentralized insurance systems. As DeFi continues to grow, the need for solutions to protect user funds becomes increasingly important.
DeFi Insurance Evolution
The concept of decentralized insurance dates back to the early days of blockchain technology. The first decentralized insurance platform, Etherisc, was launched on Ethereum in 2017, providing a peer-to-peer insurance market where users can buy and sell generic policies such as flight delays and hurricane losses without traditional insurance companies.
The turning point for DeFi insurance came in 2019 with the launch of Nexus Mutual, the first insurance protocol built specifically for the DeFi ecosystem. It operates under a discretionary structure, meaning that the board of directors (all KYC-verified Nexus Mutual members) decides on all claim payments. Nexus Mutual’s recently released V2 facilitates the creation of an on-chain risk marketplace, allowing other companies to build and share crypto-native and real-world risks such as liability, catastrophe, property, and cyber insurance. Protocols built on this version can offer their services without requiring users to complete KYC requirements, which increases the accessibility of the platform’s risk management solutions.
After Nexus Mutual, many protocols were launched to address the challenges that still exist in this field.
In November 2020, InsurAce was launched, offering zero premium pricing (ultra-low premiums), no KYC requirements, and a portfolio-based multi-chain solution.
Unslashed was subsequently launched in January 2021, offering insurance for a wide range of risks and allowing anyone to become a capital provider and earn returns from premium policies, interest generated from finance, and USF capital mining programs, increasing the available capital for insurance.
Launched the same month, Bridge Mutual offers permissionless insurance pool creation, portfolio-based insurance coverage, and the ability to underwrite policies with stablecoins in exchange for attractive yields. In December 2021, it released V2 with capital efficiency improvements, leveraged portfolios that allow users to underwrite insurance for multiple projects simultaneously, and Shield Mining, a feature that allows projects and individuals to contribute X tokens to the Project X Coverage Pool in order to increase the pool's APY and attract more liquidity. It also introduced Capital Pools, Bridge Mutual's investment arm that invests unused capital into third-party Defi protocols and generates income for vaults and token holders.
Armor was launched in late January 2021 using the Nexus Mutual model with no KYC requirements, but later introduced the Uninsurance model and was rebranded to Ease.org in May 2022. In RCA (Reciprocal Covered Assets), covered assets simultaneously underwrite assets in other ecosystems, which allows underwriting capital to be collected from capital deployed in DeFi yield strategies. In the event of a hack, Ease liquidates a percentage of funds from all vaults to compensate investors. Ease's value proposition is based on the assumption that, on average, the losses from hacks are far less than the premiums paid.
Tidal Finance launched on Polygon in July 2021 with a flexible weekly subscription system. The new upgraded version V2 has been on testnet since March 2023 and will allow users to efficiently set up their own customized insurance pools and policies.
Launched in May 2021, Risk Harbor is the first decentralized parametric insurance protocol that provides protection against smart contract risks, hacks, and attacks. It provides automated, algorithmic, transparent, and fair claims assessment by comparing the redeemability of credit tokens to the issuing protocol. For example, in the case of coverage protection for the UST depeg event, when the UST price on Chainlink drops below $0.95, Risk Harbor compensates, enabling holders to automatically swap their wrapped aUST for USDC. Risk Harbor is working on two upcoming versions, V2.5 and V3, with V2.5 acting as a stepping stone to V3. Improvements in V2.5 include ERC20 holdings instead of ERC721, automatic ERC20 staking, and sell-back protection capabilities, while V3 includes cross-chain deposits and purchases, allowing a single vault that includes all EVMs and other EVM farms, creating an insurance vault for uncorrelated risks. However, it is worth noting that Risk Harbor is primarily focused on the Terra ecosystem, where it has concentrated the majority of its TVL since the end of 2021. The team aims to expand and shift its focus to the Cosmos and Ethereum ecosystems.
In September 2021, Bright Union launched as a DeFi insurance aggregator, while Sherlock launched the same month with a unique approach to auditing. Sherlock set up an auditing firm of blockchain security engineers to review smart contracts, which are then used as part of the audit process to prevent hacks. This idea of providing code audits and coverage directly to protocols eliminates the need for users to manage their own coverage. As a result, insurance protocols have followed suit and begun offering similar services by partnering with external audit firms to launch their own Audit Cover product, which provides protection against smart contract risks to protocols audited by their partners.
Solace launched in October 2021 with a focus on ease of use and providing portfolio coverage that dynamically adjusts risk rates as positions change, preventing overpayments and complex policy management. It sources its own underwriting capital based on a protocol-owned liquidity model and eliminates underwriting risk for token holders. Solace puts the assets of a bond program into an underwriting pool to sell policies and use the pool to pay claims. However, the Solace team has temporarily stopped operations to develop a new version of the protocol. They discovered two flaws in the insurance model that they believe go against the essence of DeFi: the need for manual input in the claims process and the need for probabilistic underwriting to generate returns. They aim to address these issues in the new version.
InsureDAO was launched in February 2022 as a protocol open to everyone, similar to Bridge Mutual, and the team is currently working on revising the protocol to change the model to be more aligned with the current market.
Neptune Mutual was launched in November 2022 with the goal of providing users with guaranteed payouts. In Neptune, rules are not defined on smart contracts, which prevents automation of the claims process and relies on reporters, which requires trust-based assumptions. However, this limitation provides an advantage for Neptune as it allows them to offer insurance that does not rely on on-chain data, such as custody insurance.
Cozy Finance, which provides parametric insurance, recently paused all V1 markets to launch V2, based on the idea that other protocols are restrictive by design in terms of pricing, payouts, and risk management. This new version allows anyone to create a new market with automated payouts and programmatic pricing.
Decentralized insurance has come a long way as a promising solution that the market is banking on to mitigate risk in a transparent and decentralized manner. Nexus Mutual, as a pioneer in the space, still leads in terms of TVL. However, as competition in the industry grows, the market leaders will be the protocols that can provide scalable underwriting without fragmenting liquidity, transparent and decentralized risk assessment, accurate pricing, and consistent payment of valid claims.
Insurance funds
With more underwriting capital, protocols may offer more coverage, making them more attractive to users. However, the source of underwriting capital may affect the long-term sustainability and effectiveness of the protocol. For example, many protocols are spreading their funding pools across multiple chains, which disperses liquidity and may affect their potential to improve capital efficiency at scale.
The table below compares several insurance agreements based on the source of underwriting funds.
Covered categories
In this section, we will explore the various types of insurance offered by different insurance companies.
Protocol Cover
Protocol Cover protects clients from financial losses that may occur when using DeFi protocols. Different providers offer different levels of coverage designed to protect against certain risks inherent in the protocol. Smart contract exploits/bugs, oracle failures or manipulation, economic design flaws, and governance attacks are all threats. It is important to note that Protocol Cover does not generally protect against risks such as front-running, Discord or Twitter attacks, and rug pulls.
Custody Cover
Custody protections prevent financial losses that can occur when digital assets are stored in third-party custodial accounts, such as centralized exchanges. Their primary purpose is to provide protection in two main scenarios. The first scenario occurs when the custodian unexpectedly suspends withdrawals for an extended period of time, rendering consumers unable to access their funds. The second scenario occurs when the custodian's assets are stolen.
Depeg Cover
Depeg cover protects against a depeging event, which occurs when an asset loses its peg to a target currency. This form of insurance is widely used to protect stablecoins and other pegged assets, such as stETH. Consider a user who owns a stablecoin that is designed to maintain a 1:1 peg to the U.S. dollar. If the value of the stablecoin drops significantly and the user is unable to redeem it for the intended amount of USD, they will suffer a financial loss. Depeg insurance can help mitigate this loss by compensating the user for some or all of their losses due to a depeging event.
Certain conditions must be met before a claim can be submitted, and these criteria vary from provider to provider. These typically include elements such as the percentage of price decline and duration. When establishing a depegging claim, the time-weighted average price (TWAP) of an asset over a given period of time is often used to determine the occurrence of a depegging event. TWAP calculates the average price of an asset over a specific time frame, taking into account the asset's trading volume during that window to assess whether a depegging event has occurred.
Many protocols, including InsurAce, Unslashed, and Risk Harbor, offered insurance policies for UST Depeg during the event. According to their UST De-Peg Cover Wording, InsurAce officially activated on May 13, 2022, when UST's 10-day TWAP fell below $0.88. Notably, they successfully paid out $11.5 million in claims. Unslashed allowed claims after UST's 14-day TWAP fell below $0.87, and they paid out over 1,000 ETH in batches. When the UST price on Chainlink was below $0.95, Risk Harbor, a parametric insurance solution, facilitated reimbursement, allowing holders to immediately exchange their wrapped aUST for USDC.
Yield Token Cover
Yield Token Cover protects against financial losses caused by the difference between the monetary value of yield-generating LP tokens and their actual value. To be eligible for a claim, the depeg percentage (i.e., Depeg Coverage) must exceed a specified threshold of token value.
Audit Cover
Audit coverage is a type of protection that protocols can obtain directly to reduce the risk of vulnerabilities during audits. It adds an extra layer of security after the audit in a short period of time.
Sherlock pioneered this concept and offers up to $5 million in insurance for smart contract vulnerabilities after an audit. This coverage can be activated at any time after the audit is completed, as long as there are no further changes to the codebase. On the other hand, InsurAce has partnered with auditing firms to offer a similar product with a three-month coverage period.
Slashing Cover
Slashing protection provides financial protection to professional validators participating in Proof of Stake (PoS) chains who may face losses due to slashing events. Slashing events occur when validators violate the rules of the consensus mechanism, resulting in a penalty where a portion of their staked assets is slashed or reduced.
In 2022, Blockdaemon, a well-known provider of blockchain infrastructure services for node management and staking, partnered with Marsh, a well-known insurance broker and risk advisor, to launch an insurance policy to protect its customers from slashing events. The program attempts to provide additional security for validators in the event of slashing penalties. In the same year, decentralized insurance provider Nexus Mutual developed a decentralized solution to protect validators on the beacon chain, providing an additional option for validators seeking slashing insurance.
Bridge Cover
Bridges make it possible to transfer funds between different networks, but they also bring risks such as smart contract vulnerabilities, hacker attacks, and implementation or design flaws. These risks can lead to inaccurate fund transfers or slippage calculations.
Some centralized bridges are vulnerable to bad actors who can manipulate liquidity pools. Whether funds are stored centrally or decentralized, storage points are targeted by bad actors. In 2022, hackers stole more than $1.8 billion from bridges alone. Bridge Cover was created to mitigate these risks by protecting consumers from financial loss when transferring funds across bridges.
InsurAce introduced this concept through a new product partnership with LI.FI Bridge Aggregator, which has accumulated more than $1 million in coverage. Risk Harbor is also working with Socket on a bridge protection system that is still in beta testing.
Excess Cover
Insurance providers can preserve their underwriting capital by transferring some of their risk exposure to other insurance providers. This reduces the provider's overall risk and allows them to continue to provide coverage for a variety of risks without exposing themselves to excessive risk.
Nexus Mutual is one of the insurers providing excess insurance, which covers Sherlock’s audit agreement and protects 25% of the underlying insurance provided by Sherlock.
Insurance Agreement Coverage Comparison
As the decentralized insurance industry develops, various insurance protocols continue to emerge, offering different types of insurance products. A comparison table detailing the different types of coverage offered by existing insurance protocols has been prepared to help readers understand the range of coverage available.
think
As DeFi continues to grow, it becomes more vulnerable to security attacks. To protect users from such risks, viable insurance protocols need to emerge. However, the DeFi insurance industry faces many challenges in providing diverse insurance coverage and accumulating sufficient underwriting funds. Protocols that split funding pools across multiple chains will disperse liquidity and be affected by their ability to achieve large-scale capital efficiency, while adequate risk management remains an issue that needs to be improved.
In the current environment, the availability of insured capital within the insurance pool limits coverage. Protocols have been exploring strategies to generate additional yields and attract more liquidity providers to expand coverage, such as depositing a percentage of pool returns into platforms such as AAVE or Compound. However, these approaches introduce additional risks, including third-party smart contract vulnerabilities and market volatility, forcing a trade-off between yield generation and risk management.
To address these challenges, incumbents are prioritizing protocol upgrades to improve capital efficiency, coverage capacity, and user experience. Customized insurance and markets are being developed to meet the specific insurance needs of DeFi users.
Parametric coverage offers a viable solution for certain risks, but it may not be suitable for all coverage types. Reliance on oracles for data exposes the system to oracle failure or compromise, and limitations arise when interest-bearing tokens become non-transferable due to protocol upgrades. Implementing coverage rules via smart contracts presents challenges, as it requires storing all relevant information on-chain and limits the scope of risks that can be adequately covered, but it also offers the ability to automate claims assessments.
In addition, reinsurance, as an important component of traditional insurance, is still missing in the DeFi insurance market. The practice of an insurance company transferring part of its risk portfolio to a third party to reduce the possibility of having to pay a significant obligation arising from an insurance claim is called reinsurance. By transferring risk to third-party professional investors, the reinsurance method can improve underwriting capacity, capital efficiency, and resilience. Exploring reinsurance can help mitigate the financial impact of catastrophic events like the UST depeg.
In the next post, we will dive deeper into DeFi insurance pricing models, exploring the different approaches taken by protocols.
Author: DefiLlama 24