In-Depth Analysis of the Current State and Prospects of DeFi Insurance Protocols

2023.05.29

In-Depth Analysis of the Current State and Prospects of DeFi Insurance Protocols

The development of DeFi brings risks of security attacks, necessitating viable insurance protocols to protect users.

2023.05.29 - 05:57:06

DeFi保险

Navigating Web3 tides with focused insights

The development of DeFi brings risks of security attacks, necessitating viable insurance protocols to protect users.

Written by: Catarina Urgueira

Compiled by: TechFlow

Introduction

DeFi has experienced numerous security incidents resulting in billions of dollars in losses, leading to a loss of confidence in its core value proposition. Insurance solutions that mitigate the inherent risks of DeFi are crucial for ensuring widespread adoption.

This article dives into the following protocols:

Nexus Mutual, Unslashed, InsurAce, Risk Harbor, Ease.org, Sherlock, Tidal Finance, InsureDAO, Neptune Mutual, Bridge Mutual, Cozy Finance, Bright Union, and Solace.

Overview of the Insurance Market

Although decentralized exchanges and lending dominate the majority of locked value in DeFi, insurance accounts for less than 1% of total value locked (TVL). However, as total locked value grows, so does the potential loss from smart contract vulnerabilities or other attack vectors. Similar to safety nets in traditional financial markets, insurance solutions may be necessary to give retail and institutional investors confidence when participating in on-chain markets.

Since its launch, industry pioneer Nexus Mutual has dominated the insurance market, accounting for over 78% of TVL, yet covering only 0.15% of DeFi’s total TVL. The rest of the insurance market is highly fragmented, with the next three protocols after Nexus collectively holding around 14% of TVL.

While the global traditional insurance market remains vast and is expected to grow significantly in the coming years, the DeFi insurance sector has emerged as a small but promising segment within the blockchain industry. As the DeFi insurance space matures and gains broader acceptance, we can expect more innovation, new protocols emerging, and existing ones improving their services to meet the needs of DeFi users.

How Does DeFi Insurance Work?

Rather than obtaining coverage from centralized institutions, DeFi insurance allows individuals and businesses to secure their capital against risks through decentralized pools of providers. In return, insurers earn interest on locked capital via a portion of paid premiums, thereby creating a correlation between insurance and risk.

Insurance providers allocate their funds into pools offering higher returns to compare protocol risks. This means individuals trade outcomes of events based on their estimation of the likelihood of potential risks occurring. If a covered protocol suffers a negative event such as a hack, funds from the pool covering that protocol will compensate users who purchased insurance against that specific incident.

Pooling resources and distributing risk among multiple participants is an effective strategy for dealing with rare or extreme events that could have significant financial impacts. A shared fund can cover many times the amount of risk with relatively less capital, providing a collective mechanism for handling large-scale issues.

Parametric insurance has gained popularity in DeFi due to its potential for automation and transparency. Smart contracts with predefined parameters and real-time data from oracles can automatically trigger claims based on these conditions. This automation speeds up claim processing, improves efficiency, and reduces the possibility of human bias or error.

Open participation and on-chain operational transparency are often highlighted as key advantages of decentralized insurance systems. As DeFi continues to expand, the need for solutions protecting user capital becomes increasingly important.

Evolution of DeFi Insurance

The concept of decentralized insurance dates back to the early days of blockchain technology. Etherisc, the first decentralized insurance platform, launched on Ethereum in 2017, offering a peer-to-peer insurance marketplace where users could buy and sell general insurance policies—such as flight delay and hurricane loss coverage—without traditional insurance companies.

A turning point for DeFi insurance came in 2019 with the launch of Nexus Mutual, the first insurance protocol specifically built for the DeFi ecosystem. It operates under a discretionary model, meaning a council (composed of all KYC-verified Nexus Mutual members) decides on all claim payouts. Nexus Mutual's recent V2 release enabled the creation of an on-chain risk market, allowing others to build and share various crypto-native and real-world risks—including liability, disaster, property, and cybersecurity insurance. Protocols built on this version can offer services without requiring users to complete KYC, increasing accessibility to the platform’s risk management solutions.

Following Nexus Mutual, several protocols were launched to address ongoing challenges in the space.

In November 2020, InsurAce launched, offering zero-premium pricing (ultra-low premiums), no KYC requirements, and portfolio-based multi-chain solutions.

Unslashed followed in January 2021, providing insurance across various risks and allowing anyone to become a capital provider earning returns from premium policies, yield generated by Yearn Finance, and the USF capital mining program, thereby increasing available capital for insurance.

Bridge Mutual launched the same month, enabling permissionless creation of coverage pools, portfolio-based insurance coverage, and the ability to underwrite policies using stablecoins in exchange for attractive yields. In December 2021, it released V2, improving capital efficiency, introducing leveraged portfolios allowing users to underwrite insurance across multiple projects simultaneously, and launching Shield Mining—a feature allowing projects and individuals to contribute project X tokens to project X’s coverage pool to boost APY and attract more liquidity. It also launched Capital Pool, Bridge Mutual’s investment arm, which invests idle capital into third-party DeFi protocols to generate revenue for vaults and token holders.

Armor launched at the end of January 2021, initially using the Nexus Mutual V1 model without KYC requirements, but later introduced the Uninsurance model and rebranded to Ease.org in May 2022. Under RCAs (Reciprocally Covered Assets), covered assets also act as underwriters for other assets within the ecosystem, enabling the collection of underwriting capital from capital deployed in DeFi yield strategies. In the event of a hack, Ease liquidates a corresponding amount from all vaults to compensate investors. Ease’s value proposition rests on the assumption that, on average, losses from hacks are far lower than the premiums collected.

Tidal Finance launched in July 2021 on Polygon with a flexible weekly subscription system. Its upgraded V2 version has been in testnet since March 2023 and will allow users to effectively set up their own custom insurance pools and policies.

Risk Harbor launched in May 2021 as the first decentralized parametric insurance protocol offering protection against smart contract risks, hacks, and attacks. It provides automated, algorithmic, transparent, and impartial claim assessments by comparing the redeemability of credit tokens against issuing protocols. For example, in its coverage of the UST depeg event, Risk Harbor triggered payouts when the price of UST on Chainlink fell below $0.95, allowing holders to automatically redeem their wrapped aUST for USDC. Risk Harbor is developing two upcoming versions, V2.5 and V3, with V2.5 serving as a stepping stone to V3. Improvements in V2.5 include using ERC20 instead of ERC721 tokens, automatic ERC20 staking, and the ability to sell protection, while V3 will support cross-chain deposits and purchases, enabling the creation of uncorrelated-risk vaults from all EVM and non-EVM blockchains. However, it should be noted that Risk Harbor has primarily focused on the Terra ecosystem and has concentrated most of its TVL there since late 2021. The team aims to expand and shift focus toward the Cosmos and Ethereum ecosystems upon releasing these new versions.

In September 2021, Bright Union launched as a DeFi insurance aggregator, while Sherlock launched the same month with a unique auditing approach. Sherlock formed an audit firm composed of blockchain security engineers who review any smart contract and then provide protection against hacks as part of their audit process. This idea of directly offering code audits and insurance coverage eliminates the need for users to manage their own insurance. As a result, other insurance protocols have started offering similar services by partnering with external auditors to launch their own Audit Cover products, providing protection against smart contract risks for audited protocols.

Solace launched in October 2021, focusing on ease of use and offering portfolio coverage with dynamically adjustable risk rates to prevent overpayment and complex policy management. It uses a protocol-owned liquidity model to source its underwriting capital and removes underwriting risk from token holders. Sol places assets from bonding programs into underwriting pools to sell policies and uses these pools to pay claims. However, the Solace team has paused operations to develop a new version of the protocol. They identified two flaws in the insurance model they believe contradict the nature of DeFi: the claims process requiring manual input and the need for underwriting to generate returns. Their goal is to resolve these issues in the new version.

InsureDAO launched in February 2022 as an open-access protocol, similar to Bridge Mutual. The team is currently redesigning the protocol to better align with current market conditions.

Neptune Mutual launched in November 2022 aiming to provide guaranteed payouts to users. In Neptune, rules are not defined in smart contracts, hindering automation of the claims process and relying on reporters—introducing trust assumptions. However, this limitation gives Neptune an advantage, as it can offer coverage independent of on-chain data, such as custody coverage.

Cozy Finance offers parametric insurance and recently paused all V1 markets to launch a new V2 version based on restricted design principles from other protocols, featuring improved pricing, payout mechanisms, and risk management. This new version allows anyone to create a new market with automatic payouts and programmable pricing. Decentralized insurance, as a transparent and decentralized solution, has come a long way. Nexus Mutual, as one of the earliest pioneers in the field, still leads in terms of TVL. However, as competition intensifies, the market leaders will be those protocols capable of delivering scalable coverage, transparent and decentralized risk assessment, accurate pricing, and consistent, effective claim payments.

Underwriting Capital

With more underwriting capital, protocols can offer greater insurance coverage, making them more attractive. However, the structure of underwriting capital may affect a protocol’s long-term sustainability and effectiveness. For example, many protocols are spreading their capital pools across multiple chains, which fragments liquidity and may impair capital efficiency at scale.

The table below compares the sources of underwriting capital across several insurance protocols.

Types of Coverage

In this section, we explore the various types of insurance offered by different providers.

Protocol Insurance

Protocol insurance protects users against financial losses that may occur when using DeFi protocols. Different providers offer varying levels of coverage designed to protect against certain risks inherent in protocols. Smart contract vulnerabilities, oracle failures or manipulation, economic design flaws, and governance attacks are among the threats. It should be noted that protocol insurance typically does not protect against front-end, Discord, or Twitter compromises, nor against scam rug-pulls.

Custody Insurance

Custody insurance protects digital assets stored in third-party custodial accounts—such as centralized exchanges—against financial loss. Its primary purpose is to provide protection in two main scenarios. The first occurs when the custodian unexpectedly suspends withdrawals, preventing users from accessing their funds. The second happens when an unauthorized third party breaches the custodian’s security measures and steals assets.

On the other hand, automated event solutions based on smart contract execution focus on leveraging on-chain data and predefined conditions. It should be remembered that parametric insurance may have limitations when addressing risks unrelated to on-chain data, such as custody insurance.

Depeg Insurance

Depeg insurance protects users against depegging events, which occur when an asset loses its peg to its target currency. This type of coverage is widely used to protect stablecoins and other pegged assets like stETH. Consider a user holding a stablecoin intended to maintain a 1:1 peg with the US dollar. If the stablecoin’s value drops significantly, the user suffers a financial loss when unable to redeem it for the expected dollar amount. Depeg insurance can help mitigate this loss by reimbursing the user for some or all of the amount lost during the depeg event.

Specific conditions must be met before a claim can be submitted, and these vary between providers. These typically include factors such as percentage price drop and duration. When establishing a depeg insurance claim, the time-weighted average price (TWAP) of the asset over a given period is commonly used to determine whether a depeg event occurred. TWAP calculates the average price of the asset over a specific timeframe, factoring in trading volume during that window to assess whether a depeg has taken place.

Many protocols, including InsurAce, Unslashed, and Risk Harbor, provided UST depeg coverage during the event. According to its UST De-Peg Cover Wording, InsurAce officially activated coverage on May 13, 2022, when the 10-day TWAP of UST fell below $0.88. Notably, they successfully paid out $11.5 million in claims. Unslashed allowed claims once the 14-day TWAP of UST dropped below $0.87 and paid out over 1,000 ETH across multiple batches. Risk Harbor, as a parametric insurance solution, facilitated payouts when the UST price on Chainlink fell below $0.95, allowing holders to immediately redeem their wrapped aUST for USDC.

Yield Token Insurance

Yield Token insurance protects against financial losses caused by discrepancies between the reference currency value and the actual value of yield-bearing LP tokens. To qualify for a claim, the depeg percentage (similar to depeg coverage) must exceed a specified threshold of the token’s value.

Audit Insurance

Audit insurance is a form of protection that protocols can directly obtain to mitigate risks from vulnerabilities missed during audits. It adds an extra layer of security for a short period following an audit.

Sherlock pioneered this concept and offers up to $5 million in insurance coverage for smart contract vulnerabilities post-audit. This coverage can be activated at any time after the audit is completed, provided the codebase undergoes no further changes. On the other hand, InsurAce partners with auditing firms to offer a similar product with a three-month insurance period.

Slashing Insurance

Slashing insurance provides financial protection for professional validators on PoS chains who may suffer losses due to slashing events. A slashing event occurs when a validator violates the consensus mechanism’s rules, resulting in a portion of their staked assets being slashed or reduced.

In 2022, Blockdaemon, a prominent provider of blockchain infrastructure services, partnered with renowned insurance broker and risk advisor Marsh to launch an insurance policy protecting their clients against slashing events. The plan aims to provide validators with additional safeguards against slashing penalties. That same year, decentralized insurance provider Nexus Mutual developed a decentralized solution to protect validators on the Beacon Chain, offering another option for validators seeking slashing insurance.

Cross-Chain Bridge Insurance

Cross-chain bridges enable the transfer of funds between different networks, but they also carry risks such as smart contract vulnerabilities, hacks, and implementation or design flaws. These risks can lead to inaccurate fund transfers or incorrect slippage calculations.

Centralized cross-chain bridges are particularly vulnerable to malicious actors who may manipulate liquidity pools. Whether funds are stored centrally or distributed, storage points become targets for attackers. In 2022 alone, hackers stole over $1.8 billion from cross-chain bridges. Cross-chain bridge insurance was created to protect users from financial losses when transferring funds across bridges.

InsurAce introduced this concept through a partnership with LI.FI Bridge Aggregator, which has already covered over $1 million in value. Risk Harbor is also collaborating with Socket to develop a cross-chain bridge protection system, currently still in testing phase.

Excess of Loss Insurance

Insurance providers can retain their underwriting capital by transferring part of their exposure to other insurers. This reduces the provider’s overall risk and enables them to continue offering coverage across various risks without being exposed to excessive risk.

One insurer offering excess of loss coverage is Nexus, which provides coverage for protocols audited by Sherlock, protecting 25% of the underlying coverage provided by Sherlock.

Comparison of Insurance Protocol Coverage

As the decentralized insurance industry evolves, various insurance protocols have emerged, offering different types of coverage. To help readers understand the range of available insurance options, we have prepared a comparison table detailing the different types of insurance offered by existing protocols.

Conclusion

As DeFi continues to evolve, it becomes increasingly susceptible to security attacks. To protect users from such risks, viable insurance protocols are needed. However, the DeFi insurance industry faces challenges in offering diversified coverage and accumulating sufficient underwriting capital. Protocols that spread their capital pools across many chains fragment liquidity and suffer from reduced capital efficiency at scale, while robust risk management remains an area needing improvement.

In the current environment, the availability of underwriting capital within insurance pools limits the scope of coverage. Protocols are exploring strategies to generate additional yield and attract more liquidity providers to expand coverage—such as depositing a portion of capital pool returns into platforms like AAVE or Compound. However, these methods introduce additional risks, including third-party smart contract vulnerabilities and market volatility, forcing a trade-off between yield generation and risk management.

To address these challenges, established players are prioritizing protocol upgrades to improve capital efficiency, coverage capacity, and user experience. Custom insurance coverage and markets are being developed to meet the specific insurance needs of DeFi users.

Parametric coverage offers a viable solution for certain risks but may not apply to all types of coverage. Reliance on oracle data exposes systems to risks of oracle failure or manipulation, and limitations arise when yield-bearing tokens become non-transferable due to protocol upgrades. Implementing coverage rules via smart contracts presents challenges, as it requires storing all relevant information on-chain and restricts the range of risks that can be adequately covered—but it also enables automated claims assessment.

Furthermore, reinsurance—a critical component of traditional insurance—remains absent in the DeFi insurance market. Reinsurance, the practice of insurers transferring part of their risk portfolio to third parties to reduce the likelihood of large obligations from claims, could enhance coverage capacity, capital efficiency, and resilience by shifting risk to specialized third-party investors. Exploring reinsurance could help mitigate the financial impact of catastrophic events such as the UST depeg.

Join TechFlow official community to stay tuned

Telegram:https://t.me/TechFlowDaily

X (Twitter):https://x.com/TechFlowPost

X (Twitter) EN:https://x.com/BlockFlow_News

Source

Add to Favorites

Share to Social Media

Author

URGS