Comprehensive interpretation of the status quo and prospects of DeFi insurance agreements

introduce

Compilation of the original text: Deep Tide TechFlow

introduce

DeFi has experienced numerous security incidents resulting in billions of dollars in losses, which in turn has led to a loss of confidence in its core value proposition. Insurance solutions that mitigate the risks inherent in DeFi are critical to ensuring widespread adoption.

This article dives into the following protocols:

first level title

Insurance Market Overview

While decentralized exchanges and lending account for the majority of the value locked in DeFi, insurance accounts for less than 1% of the total value. However, as the total value locked grows, so does the potential loss that could be caused by smart contract vulnerabilities or other attack vectors. Similar to the safety net in traditional financial markets, insurance solutions may require investors, retail investors and institutions to participate in the on-chain market with confidence.

Industry pioneer Nexus Mutual has dominated the insurance market since its launch, capturing over 78% of TVL but only covering 0.15% of DeFi TVL. The rest of the insurance market is very fragmented, with the next three agreements following Nexus accounting for about 14% of TVL.

first level title

How does DeFi insurance work?

Rather than obtaining insurance from a centralized institution, DeFi insurance allows individuals and businesses to insure their capital against risk through a decentralized pool of providers. In exchange, the insurance provider earns interest on locked-in capital through a percentage of premiums paid, creating a correlation between insurance and risk.

Insurance providers invest their funds in pools that offer higher returns to compare the risks of the protocols. This means that individuals trade event outcomes based on their estimates of the probability of the underlying risk occurring. If a protocol covered by an insurance company suffers a negative event, such as a hack, the funds in the pool covering the protocol compensate users who purchased insurance against that specific event.

Pooling resources and spreading risk among multiple players is an effective strategy for responding to unusual or extreme events with significant financial impact. A common pool of funds can cover many times the risk with less money, providing a collective mechanism for tackling large-scale problems.

The popularity of parametric insurance in DeFi is due to its automation and transparency possibilities. Smart contracts with preset parameters and real-time data from oracles can automatically claim based on these parameters. This automation speeds up the claims process, increases efficiency, and reduces the possibility of human bias or error.

first level title

The Evolution of DeFi Insurance

The concept of decentralized insurance dates back to the early days of blockchain technology. Launched on Ethereum in 2017, Etherisc, the first decentralized insurance platform, provides a peer-to-peer insurance marketplace where users can buy and sell general insurance policies, such as flight delays and hurricane losses, without traditional insurance companies.

A turning point for DeFi insurance was the launch of Nexus Mutual in 2019, the first insurance protocol purpose-built for the DeFi ecosystem. It operates under a carte blanche structure, which means that the board of directors (all KYC-verified Nexus Mutual members) decides all claims payments. Nexus Mutual’s recent V2 launch facilitates the creation of an on-chain risk marketplace, allowing other companies to build and share a variety of crypto-native and real-world risks such as liability, catastrophe, property, and cybersecurity insurance. Protocols built on this version can provide their services without requiring users to complete KYC requirements, which increases the accessibility of the platform's risk management solutions.

After Nexus Mutual, many protocols were launched to address the ongoing challenges in the field.

In November 2020, InsurAce launched, offering zero-premium pricing (ultra-low premium), no KYC requirements, and a portfolio-based multi-chain solution.

Unslashed, which subsequently launched in January 2021, provides insurance across a range of risks and allows anyone to become a capital provider and earn returns from premium policies, interest generated by Enzyme Finance, and the USF capital mining program, increasing the available capital for insurance.

Launched the same month, Bridge Mutual offers permissionless coverage pool creation, portfolio-based insurance coverage and the ability to use stablecoin underwriting policies in exchange for attractive yields. In December 2021, it released the V2 version with improved capital efficiency, launched a leveraged portfolio that allows users to underwrite multiple projects at the same time, and launched a Shield Mining feature that allows projects and individuals to contribute X tokens to the project X coverage pool , to increase the APY of the pool and attract more liquidity. It also launched Capital Pool, the investment arm of Bridge Mutual, which invests unused capital in third-party DeFi protocols and generates income for vaults and token holders.

Armor was launched at the end of January 2021, using the Nexus Mutual V1 model without KYC requirements, but later introduced the Uninsurance model and changed its name to Ease.org in May 2022. In RCAs (mutually covered assets), the covered asset simultaneously underwrites other assets in the ecosystem, which allows collection of covered capital from covered capital deployed in DeFi yield strategies. In the event of a hack, Ease liquidates the corresponding amount of funds from all vaults to compensate investors. Ease's value proposition is based on the assumption that, on average, hacking costs far less than the premium paid.

Tidal Finance launched a flexible weekly subscription system on Polygon in July 2021. The new upgraded version V2, which has been on testnet since March 2023, will allow users to effectively set up their own custom insurance pools and policies.

Launched in May 2021, Risk Harbor is the first decentralized parametric insurance protocol that provides protection against smart contract risks, hacks and attacks. It provides automated, algorithmic, transparent and unbiased assessment of claims by comparing the convertibility of credit tokens with the issuance protocol. For example, in the overlay protection for UST decoupling events, when the price of UST on Chainlink drops below $0.95, Risk Harbor will pay out, allowing holders to automatically convert their wrapped aUST into USDC. Risk Harbor is developing two upcoming releases, V2.5 and V3, with V2.5 serving as a springboard to V3. V2.5 improvements include the ability to use ERC 20 tokens instead of ERC 721 tokens, automatic ERC 20 token staking, and sell protection, while V3 includes cross-chain deposits and purchases, allowing creation of A vault without associated risk. However, it is important to note that Risk Harbor is primarily focused on the Terra ecosystem, which has concentrated most of its TVL since the end of 2021. The team aims to expand and shift focus to the Cosmos and Ethereum ecosystem after this new release.

In September 2021, Bright Union launched as a DeFi insurance aggregator, while Sherlock launched in the same month, with a unique audit approach. Sherlock has set up an audit firm of blockchain security engineers to review any smart contracts that are then protected from hackers as part of its audit process. This idea of ​​providing code auditing and insurance coverage directly to the protocol removes the need for users to manage their own insurance coverage. As a result, insurance protocols have also begun to provide similar services, by launching their own Audit Cover product in cooperation with external audit firms, providing protection for agreements audited by their partners from smart contract risks.

Launched in October 2021, Solace focuses on ease of use and offers portfolio coverage with dynamically adjusted risk rates to prevent overpayment and complex policy administration. It is based on a liquidity model owned by the protocol to obtain its own underwriting capital and remove underwriting risk from token holders. Sol places assets in the bond program in an underwriting pool to sell policies and use the pool to pay claims. However, the Solace team has suspended operations to develop a new version of the protocol. They identified two flaws in the insurance model that they believe are at odds with the very nature of DeFi: the claims process requires human input and probabilistic underwriting needs to generate returns. Their goal is to address these in new releases.

InsureDAO launched in February 2022 as an open-to-all protocol, similar to Bridge Mutual, and the team is currently redesigning the protocol to make its model more in line with the current market.

Launched in November 2022, Neptune Mutual aims to provide users with guaranteed payouts. In Neptune, rules are not defined in smart contracts, which prevents the automation of the claims process and relies on reporters, which requires an assumption of trust. However, this limitation gives Neptune an advantage as it can provide overlays that do not depend on on-chain data, such as managed overlays.

first level title

Underwriting funds

With more underwriting capital, agreements can offer more insurance coverage, making them more attractive. However, the amount of capital underwritten may affect the long-term sustainability and effectiveness of the agreement. For example, many protocols are spreading their capital pools across multiple chains, spreading liquidity and potentially affecting their capital efficiency at scale.

first level title

coverage type

secondary title

agreement insurance

secondary title

Escrow insurance

Custody insurance protects against financial losses that may occur when digital assets are stored in third-party custodial accounts, such as centralized exchanges. Its main purpose is to provide protection in two main situations. The first occurs when the custodian unexpectedly suspends withdrawals, preventing consumers from accessing their funds. The second situation occurs when an unauthorized third party gains access to the custodian's security measures and steals the assets.

secondary title

Depeg (Depeg) Insurance

Depeg insurance protects against depeg events, which occur when an asset loses its peg to the target currency. This insurance coverage is widely used to protect stablecoins and other pegged assets, such as stETH. Consider a user who holds a stablecoin designed to maintain a 1:1 peg to the US dollar. If the value of the stablecoin drops significantly and users are unable to convert the expected dollar amount, they will suffer financial losses. Depeg insurance can help mitigate this loss by reimbursing users for some or all of the amount lost due to a decoupling event.

Certain conditions must be met before a claim can be submitted, and these vary between providers. These usually include factors such as percentage price drop and duration. When building a Depeg insurance claim, the time-weighted average price (TWAP) of an asset over a given period of time is typically used to determine the occurrence of a decoupling event. TWAP calculates the average price of an asset over a specific time frame, taking into account the asset's trading volume during that window to assess whether a decoupling event has occurred.

secondary title

Yield Token Insurance

secondary title

audit insurance

Audit insurance is a protection that protocols can directly acquire to mitigate the risk of vulnerabilities being missed during audits. An additional layer of security is added to the protocol in the short time following the audit.

secondary title

Slashing Insurance

Slashing insurance provides financial protection to professional validators of PoS chains who may suffer losses due to slashing events. Slashing events occur when a validator violates the rules of the consensus mechanism, causing a percentage of their staked assets to be slashed or reduced.

secondary title

Cross-chain bridge insurance

Cross-chain bridges enable funds to be transferred between different networks, but they also have risks, such as smart contract vulnerabilities, hacking, and implementation or design flaws. These risks may result in inaccurate transfers of funds or miscalculation of slippage.

Centralized cross-chain bridges are particularly vulnerable to malicious actors who can manipulate liquidity pools. Whether funds are stored centrally or decentralized, points of storage become targets for malicious actors. In 2022, hackers stole over $1.8 billion from cross-chain bridges alone. Cross-chain bridge insurance was created to protect consumers from financial loss by transferring funds across the bridge.

secondary title

excess insurance

Insurance providers can preserve their underwriting capital by transferring a portion of their exposure to other insurance providers. This reduces the provider's overall risk and allows them to continue to offer coverage against various risks without being overly exposed.

first level title

Insurance Agreement Coverage Comparison

Summarize

Summarize

As DeFi continues to grow, it becomes increasingly vulnerable to security attacks. In order to protect users from such risks, viable insurance agreements are required. However, the DeFi insurance industry faces challenges in providing diversified insurance coverage and accumulating sufficient underwriting capital. Protocols that spread capital pools across many chains spread liquidity and suffer from capital efficiency at scale, while adequate risk management remains an issue for improvement.

In the current environment, the availability of underwriting capital in insurance pools limits the limits of insurance coverage. The protocol has been exploring strategies to generate additional yield and attract more liquidity providers to expand insurance coverage, such as depositing a certain percentage of capital pool returns into platforms such as AAVE or Compound. However, these approaches introduce additional risks, including third-party smart contract vulnerabilities and market volatility, forcing a trade-off between yield generation and risk management.

To address these challenges, established players are prioritizing protocol upgrades to improve capital efficiency, reach, and user experience. Customized insurance coverage and marketplaces are being developed to meet the specific insurance needs of DeFi users.

Parametric coverage provides a viable solution to some risks, but may not be suitable for all types of coverage. Reliance on oracle data exposes the system to the risk of oracle failure or attack, and limits arise when interest yield tokens become non-transferable due to protocol upgrades. Enforcing coverage rules via smart contracts presents challenges as it requires all relevant information to be stored on-chain and limits the scope of risks that can be adequately covered, but it also provides the ability to automate claims assessment.

In addition, reinsurance, as an important part of traditional insurance, is still missing in the DeFi insurance market. Insurers transfer a portion of their risk group to a third party to reduce the likelihood of a significant obligation arising from an insurance claim, a practice known as reinsurance. By transferring risk to dedicated third-party investors, the reinsurance approach can improve coverage, capital efficiency, and resilience. Exploring reinsurance can help mitigate the financial impact of catastrophic events like UST depeg.