By Catarina Urgueira

Compiled by: TechFlow

introduce

DeFi has experienced numerous security incidents resulting in billions of dollars in losses, which in turn led to a loss of confidence in its core value proposition. Insurance solutions that mitigate the risks inherent in DeFi are critical to ensuring widespread adoption.

This article takes a deep dive into the following protocols:

Nexus Mutual、Unslashed、InsurAce、Risk Harbor、Ease.org、Sherlock、Tidal Finance、InsureDAO、Neptune Mutual、Bridge Mutual、Cozy Finance、Bright Union 和 Solace。

Insurance Market Overview

While decentralized exchanges and lending account for the lion’s share of value locked in DeFi, insurance accounts for less than 1% of the total value. However, as total locked value grows, so does the potential losses that could result from smart contract vulnerabilities or other attack vectors. Similar to safety nets in traditional financial markets, insurance solutions are similar to safety nets in traditional financial markets and may be needed for investors, retail and institutions, to feel comfortable participating in on-chain markets.

Since its launch, industry pioneer Nexus Mutual has dominated the insurance market, capturing over 78% of TVL, but only covers 0.15% of DeFi TVL. The rest of the insurance market is very fragmented, with the three protocols following Nexus accounting for approximately 14% of TVL.

While the global traditional insurance market remains large and is expected to grow significantly in the coming years, the DeFi insurance industry has emerged as a small but promising area in the blockchain industry. As the DeFi insurance industry matures and becomes more accepted, we can expect more innovation, with new protocols emerging and existing protocols improving their offerings to meet the needs of DeFi users.

Instead of obtaining insurance from a centralized institution, DeFi insurance allows individuals and businesses to insure their capital against risk through a decentralized pool of providers. In exchange, insurance providers receive interest on locked capital through a percentage of the premiums paid, thus creating a correlation between insurance and risk.

Insurance providers invest their funds in pools that offer higher returns for comparing the risk of the protocol. This means that individuals trade event outcomes based on their estimates of the probability of the potential risk occurring. If a protocol covered by an insurance company suffers a negative event, such as a hack, funds from the pool covering that protocol compensate users who purchased insurance against that specific event.

Pooling resources and spreading risk across multiple participants is an effective strategy for dealing with unusual or extreme events with significant financial impacts. A common pool of funds can cover many times the risk with less money, providing a collective mechanism for dealing with large-scale problems.

The popularity of parametric insurance in DeFi is due to its automation and transparency possibilities. Smart contracts with preset parameters and real-time data from oracles can automatically make claims based on those parameters. This automation speeds up the claims process, increases efficiency, and reduces the possibility of human bias or error.

Anyone can participate and the transparency of on-chain operations are often highlighted as key advantages of decentralized insurance systems. As DeFi continues to grow, the need for solutions to protect user capital becomes increasingly important.

The evolution of DeFi insurance

The concept of decentralized insurance dates back to the early days of blockchain technology. The first decentralized insurance platform, Etherisc, was launched on Ethereum in 2017, providing a peer-to-peer insurance market where users can buy and sell common insurance policies, such as flight delays and hurricane losses, without traditional insurance companies.

The turning point for DeFi insurance was the launch of Nexus Mutual in 2019, the first insurance protocol built specifically for the DeFi ecosystem. It operates under a discretionary structure, meaning that the board of directors (all KYC-verified Nexus Mutual members) decides on all claim payments. Nexus Mutual’s recently launched V2 facilitates the creation of an on-chain risk marketplace, allowing other companies to build and share a variety of crypto-native and real-world risks such as liability, catastrophe, property, and cybersecurity insurance. Protocols built on this version can offer their services without requiring users to complete KYC requirements, which increases the accessibility of the platform’s risk management solutions.

After Nexus Mutual, many protocols were launched to address the ongoing challenges in the space.

In November 2020, InsurAce was launched, offering zero premium pricing (ultra-low premiums), no KYC requirements, and a portfolio-based multi-chain solution.

Unslashed subsequently launched in January 2021, providing insurance coverage for a wide range of risks and allowing anyone to become a capital provider and earn returns from premium policies, interest generated by Enzyme Financial and USF Capital Mining Programs, increasing the available capital for insurance.

Bridge Mutual was launched in the same month, offering permissionless covered pool creation, portfolio-based insurance coverage, and the ability to underwrite policies with stablecoins in exchange for attractive yields. In December 2021, it released V2 with improved capital efficiency, launched leveraged portfolios, allowing users to underwrite insurance for multiple projects at the same time, and launched Shield Mining, a feature that allows projects and individuals to contribute X tokens to a project X covered pool to increase the pool's APY and attract more liquidity. It also launched Capital Pool, Bridge Mutual's investment arm, which invests unused capital in third-party DeFi protocols and generates income for vaults and token holders.

Armor was launched at the end of January 2021 using the Nexus Mutual V1 model with no KYC requirements, but later introduced the Uninsurance model and was renamed Ease.org in May 2022. In RCAs (Reciprocally Covered Assets), the covered assets simultaneously insure other assets in the ecosystem, which allows the collection of covered capital from the covered capital deployed in DeFi yield strategies. In the event of a hack, Ease liquidates the corresponding amount of funds from all vaults to compensate investors. Ease's value proposition is based on the assumption that, on average, the losses caused by hacking attacks are far less than the premiums paid.

Tidal Finance launched its flexible weekly subscription system on Polygon in July 2021. The new upgraded version V2, which has been on testnet since March 2023, will allow users to efficiently set up their own customized insurance pools and policies.

Launched in May 2021, Risk Harbor is the first decentralized parametric insurance protocol that provides protection against smart contract risks, hacks, and attacks. It provides automated, algorithmic, transparent, and unbiased claim assessments by comparing the convertibility of credit tokens to the issuing protocol. For example, in its coverage of UST decoupling events, when the price of UST on Chainlink drops below $0.95, Risk Harbor pays out, allowing holders to automatically redeem their wrapped aUST for USDC. Risk Harbor is working on two upcoming versions, V2.5 and V3, with V2.5 serving as a springboard for V3. Improvements in V2.5 include the use of ERC20 tokens instead of ERC721 tokens, automatic ERC20 token staking, and the ability to sell protection, while V3 includes cross-chain deposits and purchases, allowing the creation of an insurance vault with uncorrelated risk from all EVMs and other blockchains. However, it is important to note that Risk Harbor is primarily focused on the Terra ecosystem, which has concentrated the majority of TVL since late 2021. The team aims to expand and shift its focus to the Cosmos and Ethereum ecosystems after this new release.

In September 2021, Bright Union launched as a DeFi insurance aggregator, while Sherlock launched in the same month with a unique approach to auditing. Sherlock set up an auditing firm of blockchain security engineers to review any smart contract, which is then protected from hacker attacks as part of its audit process. This idea of ​​providing code audits and insurance coverage directly to protocols eliminates the need for users to manage their own insurance coverage. As a result, insurance protocols have also begun offering similar services by launching their own Audit Cover products in partnership with external auditing firms to provide protection from smart contract risks to protocols audited by their partners.

Solace launched in October 2021, focusing on ease of use and providing portfolio coverage with dynamically adjusted risk rates to prevent overpayments and complex policy management. It is based on a protocol-owned liquidity model to source its own underwriting capital and remove underwriting risk from token holders. Sol places assets from bond programs in an underwriting pool to sell policies and uses the pool to pay claims. However, the Solace team has suspended operations to develop a new version of the protocol. They identified two flaws in the insurance model that they believe are contrary to the essence of DeFi: the claim process requires manual input and probabilistic underwriting needs to generate returns. They aim to address these in the new version.

InsureDAO was launched in February 2022 as a protocol open to everyone, similar to Bridge Mutual, and the team is currently redesigning the protocol to make its model more in line with the current market.

Neptune Mutual was launched in November 2022 to provide users with guaranteed payouts. In Neptune, rules are not defined in smart contracts, which prevents automation of the claims process and relies on reporters, which requires assumptions of trust. However, this limitation provides an advantage for Neptune as it can provide coverage that does not rely on on-chain data, such as custodial coverage.

Cozy Finance, which provides parametric insurance, recently paused all V1 markets to launch a new version, V2, based on pricing, payouts, and risk management designed with constraints from other protocols. This new version allows anyone to create a new market with automated payouts and programmatic pricing. Decentralized insurance has come a long way as a transparent and decentralized solution. Nexus Mutual, as one of the first pioneers in the space, still leads in terms of TVL. However, as the space becomes more competitive, the market leaders will be the protocols that can provide scalable underwriting, transparent and decentralized risk assessment, accurate pricing, and consistent payouts of valid claims.

Insurance funds

With more underwriting capital, protocols can offer more insurance coverage, making them more attractive. However, underwriting capital may affect the long-term sustainability and effectiveness of the protocol. For example, many protocols are spreading their capital pools across multiple chains, which will disperse liquidity and may affect their capital efficiency at scale.

The table below compares the sources of underwriting capital for several insurance agreements.

Coverage Type

In this section, we will explore the various types of insurance offered by different insurance providers.

Agreement Insurance

Protocol insurance protects customers from financial losses that may occur when using DeFi protocols. Different providers offer varying degrees of coverage designed to protect against certain risks inherent in the protocol. Smart contract vulnerabilities, oracle failures or manipulation, economic design flaws, and governance attacks are among the threats. It is important to note that protocol insurance does not generally protect against risks such as frontend, Discord or Twitter compromises, and staking.

Custody Insurance

Custody insurance protects against financial losses that may occur when digital assets are stored in a third-party custodial account, such as a centralized exchange. Its main purpose is to provide protection in two main scenarios. The first scenario occurs when the custodian unexpectedly suspends withdrawals, resulting in consumers being unable to access their funds. The second scenario occurs when an unauthorized third party gains access to the custodian's security measures and steals the assets.

On the other hand, automated event solutions based on smart contract execution focus on leveraging on-chain data and predefined conditions. It is important to keep in mind that parametric insurance may have limitations when addressing risks that are not related to on-chain data, such as custody insurance.

Depeg Insurance

Depeg Insurance protects against depegging events, which occur when an asset loses its peg to a target currency. This insurance coverage is widely used to protect stablecoins and other pegged assets, such as stETH. Consider a user who holds a stablecoin that is designed to maintain a 1:1 peg with the US dollar. If the value of the stablecoin drops significantly and the user is unable to redeem it for the intended USD amount, they will suffer a financial loss. Depeg Insurance can help mitigate this loss by reimbursing the user for some or all of the amount they lost due to a depegging event.

Specific conditions must be met before a claim can be submitted, and these conditions vary between providers. These typically include factors such as percentage price drop and duration. When establishing a Depeg insurance claim, the time-weighted average price (TWAP) of an asset over a given time period is typically used to determine the occurrence of a depegging event. TWAP calculates the average price of an asset over a specific time frame, taking into account the asset's trading volume during that window period to assess whether a depegging event has occurred.

Many protocols, including InsurAce, Unslashed, and Risk Harbor, provided UST De-Peg coverage during the event. According to its UST De-Peg Cover Wording, InsurAce officially launched on May 13, 2022, when UST's 10-day TWAP was below $0.88. Notably, they successfully paid out $11.5 million in claims. Unslashed allowed claims after UST's 14-day TWAP fell below $0.87 and paid out more than 1,000 ETH in different batches. When the UST price on Chainlink was below $0.95, Risk Harbor, a parametric insurance solution, facilitated the payout, allowing holders to immediately redeem their wrapped aUST for USDC.

Yield Token Insurance

Yield Token Insurance protects against financial losses caused by the difference between the reference currency value of a yield-generating LP token and its actual value. To be eligible for a claim, the depeg percentage (i.e., Depeg coverage) must exceed a specified threshold of the token value.

Audit Insurance

Audit insurance is a type of protection that protocols can obtain directly to mitigate the risk of vulnerabilities missed during an audit. It adds an extra layer of security to the protocol in the short period of time following an audit.

Sherlock pioneered this concept and provides insurance coverage of up to $5 million for smart contract vulnerabilities after an audit. This coverage can be activated at any time after the audit is completed, as long as there are no further changes to the codebase. On the other hand, InsAce works with auditing firms to offer a similar product with a three-month insurance period.

Slashing Insurance

Slashing insurance provides financial protection to professional validators of PoS chains who may suffer losses due to slashing events. Slashing events occur when validators violate the rules of the consensus mechanism, resulting in a percentage of their staked assets being slashed or reduced.

In 2022, Blockdaemon, a well-known provider of blockchain infrastructure services, partnered with Marsh, a well-known insurance broker and risk advisor, to launch an insurance policy to protect their clients from slashing events. The program is designed to provide validators with additional security against slashing penalties. In the same year, decentralized insurance provider Nexus Mutual developed a decentralized solution to protect validators on the Beacon Chain, providing an additional option for validators seeking slashing insurance.

Cross-chain bridge insurance

Cross-chain bridges enable funds to be transferred between different networks, but they also come with risks such as smart contract vulnerabilities, hacker attacks, and implementation or design flaws. These risks can result in inaccurate fund transfers or miscalculated slippage.

Centralized cross-chain bridges are particularly vulnerable to malicious actors who can manipulate liquidity pools. Whether funds are stored centrally or decentralized, storage points become targets for malicious actors. In 2022, hackers stole more than $1.8 billion from cross-chain bridges alone. Cross-chain bridge insurance was created to protect consumers from financial losses when transferring funds across bridges.

InsurAce launched the concept through a partnership with the LI.FI Bridge Aggregator, which has already accumulated over $1 million in coverage. Risk Harbor is also working with Socket on a cross-chain bridge protection system, which is still in the testing phase.

Excess Insurance

Insurance providers can preserve their underwriting capital by transferring a portion of their risk exposure to other insurance providers. This reduces the provider’s overall risk and enables them to continue to provide coverage for a wide range of risks without being exposed to excessive risk.

One of the insurers offering excess coverage is Nexus, which provides coverage for Sherlock’s audited protocols and protects 25% of the underlying coverage provided by Sherlock.

Comparison of insurance coverage

As the decentralized insurance industry develops, various insurance protocols have emerged to provide different types of insurance coverage. To help readers understand the various insurance coverages available, we have prepared a comparison table detailing the different types of insurance provided by existing insurance protocols.

Summarize

As DeFi continues to grow, it becomes increasingly vulnerable to security attacks. To protect users from such risks, viable insurance protocols are needed. However, the DeFi insurance industry faces challenges in providing diverse insurance coverage and accumulating sufficient underwriting capital. Spreading capital pools across many on-chain protocols disperses liquidity and suffers from capital efficiency at scale, while adequate risk management remains an issue that needs improvement.

In the current environment, the availability of insured capital in insurance pools limits the limits of insurance coverage. Protocols have been exploring strategies to generate additional yield and attract more liquidity providers to expand insurance coverage, such as depositing a percentage of capital pool returns into platforms such as AAVE or Compound. However, these approaches introduce additional risks, including third-party smart contract vulnerabilities and market volatility, forcing a trade-off between yield generation and risk management.

To address these challenges, established players are prioritizing protocol upgrades to improve capital efficiency, coverage capabilities, and user experience. Customized insurance coverage and markets are being developed to meet the specific insurance needs of DeFi users.

Parametric coverage offers a viable solution for some risks, but may not be suitable for all types of coverage. Reliance on oracle data exposes the system to the risk of oracle failure or attack, and limitations arise when interest yield tokens become non-transferable due to protocol upgrades. Implementing coverage rules via smart contracts is challenging because it requires storing all relevant information on-chain and limits the scope of risks that can be adequately covered, but it also offers the ability to automate claim assessments.

In addition, reinsurance, as an important component of traditional insurance, is still missing in the DeFi insurance market. The practice of insurance companies transferring part of their risk group to third parties to reduce the possibility of significant obligations arising from insurance claims is called reinsurance. By transferring risks to dedicated third-party investors, reinsurance methods can improve coverage, capital efficiency, and resilience. Exploring reinsurance can help mitigate the financial impact of catastrophic events like UST depeg.