Handle Your Assets with Care: Analyzing DeFi Insurance

OpenCover is an autonomous information platform, initiated in the third quarter of 2022, dedicated to collecting and disseminating impartial data regarding DeFi insurance (coverage).

In the wake of a 2022 rife with scams and fraudulent activities, a substantial number of users have gravitated towards decentralized applications. Despite the inherent complexities and slower transaction speeds often pointed out by analysts, there's an underplayed narrative about the multitude of vulnerabilities leading to stolen funds (a staggering $3 billion in 2022 alone). Even with rigorous development efforts, it's proven impossible to guarantee complete safety of these applications.

Given the reluctance of traditional insurance companies to enter the cryptocurrency market due to legal and technical intricacies, decentralized solutions have emerged as the primary choice for capital protection in the DeFi space. This is particularly crucial for institutional investors accustomed to certain security guarantees.

According to DeFiLlama, users of decentralized applications have lost $6.5 billion due to exploits (malicious code). These are classified into several types: protocol logic vulnerabilities, infrastructure attacks, ecosystem trickery, smart contract language errors, and fraud (exit scams).

Contrary to popular belief, the industry's most significant losses are not due to fraud. Instead, the majority of stolen funds are attributed to protocol logic and infrastructure exploits. From these two classifications emerge the primary attack vectors: compromise of private keys, access control breaches, proof verification errors, signature spoofing, and so on.

The largest financial damage is from private key leaks (over $2 billion). They often occur due to targeted phishing attacks, and this attack vector is most effective against cross-network bridges. Regrettably, current insurance companies do not cover funds lost due to personal carelessness, but this is unlikely to dissuade people from seeking to protect their assets.

It's important to remember that even with optimal protocol performance, economic risks persist alongside technical ones. A case in point is the UST that nearly plummeted to zero despite its mechanism functioning correctly. The total damage was estimated at a whopping $17 billion. However, those who had wisely opted for insurance received payouts totaling $22.5 million.

All protocols undergo expert evaluation based on characteristics such as Total Value Locked (TVL), team transparency, code openness, audit frequency, and previously identified issues.

Pricing is also a complex process, as there's no precise formula to determine optimal prices, considering all risks and the complete absence of historical data. Essentially, all platforms are pioneers in this regard. Each provider offers an array of products that differ in terms of conditions, prices, and exclusions. However, we can identify eight main types of coverage:

Considered fundamental, as it protects from losses during interactions with DeFi, specifically: exploits, smart contract errors, governance manipulations, or mere glitches.

Helps to insure against price drops of collateralized tokens (USDT, DAI, USDC). Each company has its own mechanism for determining what precisely is considered a peg loss.

Protects from losses caused by LP tokens deviating from a given market value. It resembles the protection of tokenized assets and has the same specific requirements for compensation approval.

This is insurance for cryptocurrency stored on centralized platforms, lost due to theft, hacking, or withdrawal prohibitions. This is not directly related to DeFi, but the niche remains open, as many traditional companies shy away from it. This became relevant after the FTX crash, where approximately $9 billion were stuck on the exchange. Affected users with this coverage received about $4.8 million in payouts.

They are in high demand and should protect tokens during exchange via bridges, but they are currently not available on all major platforms.

This coverage is created specifically for developers to safeguard the protocol from vulnerabilities missed during audits. For such DeFi applications, personal insurances won't be necessary, as the creators have already taken these costs upon themselves.

Protects from routine penalties (slashing) imposed on validators in PoS blockchains for consensus rule violations. This can be due to incorrect node configuration, software errors, or mere network disruptions.

This is the most unique insurance of all, allowing for adaptation to any specific operations in decentralized applications, enabling each user to have their own local protection.

Currently, there are no fewer than 23 active providers with a functioning application. They differ in claim assessment, coverage types, and claim initiation rules, and centralized providers assume the role of regulators, for instance, for KYC compliance.

Nexus Mutual launched as one of the first in 2017. It holds a dominant position in the market, but alternatives are plentiful: InsurAce, Chainproof, Unslashed Finance, and more.

An examination of wallet activity divulges that in 2022, Nexus Mutual customers insured their assets amounting from $10,000 to $1 million, accounting for over 90% of all covers. On alternative platforms, where BSC and Polygon blockchains are accessible, half of the purchases pertain to the bracket under $10,000, indicating a multifaceted user base. Although it is impossible to determine the exact ownership of wallets, it provides a general impression of the buyers: protocol developers, DAO participants, and market makers, hedge funds, or merely affluent individuals.

Numerous methodologies exist to determine the validity of claims: collective decision-making (DAO), compliance-based (meeting prerequisites), an optimistic oracle (an amalgamation of the first two), an expert panel, or a hybrid model (involving a multitude of methodologies). The optimistic oracle stands out as the most efficacious and swift, as it automatically authenticates a claim barring any community objections within a brief interval. To deter misuse, punitive measures are enforced for unwarranted challenges.

A conventional insurance fund is constituted by purchase fees and institutional investments, where investors contribute capital in return for a slice of the profits, albeit risking net losses. Each provider maintains the funds independently across a range of cryptocurrencies and stablecoins, but the cumulative amount must invariably exceed the size of the capital pool. The universal ratio across all platforms hovers around 1.07:1.

The preceding year marked a milestone in payouts due to the decoupling of UST and FTX's insolvency ($22.5 and $4.7 million respectively), culminating in a total nearing $37 million. Despite DeFi insurance's inability to scale amidst a bullish market, current circumstances present a plethora of opportunities. As prices ebb, individuals display a propensity to exploit cryptocurrency for profit-making, rather than simply hoarding it in a cold wallet awaiting appreciation. This can incite more vigorous advancement, but DeFi coverage must ultimately grapple with the conundrum of risk assessment and allocation.