DeFi
With more than $3 billion lost in exploits last year, 2022 proved a significant stress test for the DeFi insurance industry, paying out $34.4 million worth of claims — over 90% of all-time payouts.
That’s according to a report by DeFi cover industry data specialist OpenCover, which was compiled between June 6, 2022, and March 6, 2023 and covers seven EVM-compatible chains.
“DeFi cover is one of the fundamental building blocks necessary for the next wave of capital to enter the ecosystem. Both retail users and institutions require safety nets they enjoy in traditional finance to be comfortable participating in on-chain markets,” said Hugh Karp, founder at Nexus Mutual.
The so-called DeFi cover industry is now made up of at least 23 active participants, ranging from DAO-governed protocols to regulated companies, having added nine new providers in 2022.
Currently, the total liquidity that DeFi cover providers have committed to underwriting capital pools amounts to 186,000 ether ($286 million). This has ranged between $210 million and $394 million in the last nine months. Nexus Mutual dominates the market at around 80% of the total capital.
However, despite the general increase in demand for DeFi insurance, this capital backs just 151,000 ether ($231 million) worth of active risk cover — the equivalent of approximately 0.5% of the $48 billion total value locked (TVL) in DeFi — so there’s a significant gap in the market.
This active cover amount, the value of all potential claims and a proxy for cover adoption, declined in the last nine months, down 44% and 58% from peak in USD and ether terms, respectively. OpenCover attributes this decrease to expiring covers and a reduction in new cover purchases in line with the overall drop in activity as DeFi TVL fell around 37% during the period.
Who’s buying DeFi insurance?
OpenCover recorded a total of 19,839 policies sold, 552 claims and 379 payouts across the leading on-chain DeFi cover providers to date. In the past nine months, OpenCover tracked 3,434 cover purchases, 80 new claims and 234 payouts, with increased demand surrounding events like the FTX collapse. However, the overall decrease in active cover amounts suggests that more but smaller value policies were purchased during the period.
Typical buyer profiles reveal that DeFi cover is mainly purchased by sophisticated users such as DAOs, development teams, hedge funds and high-net-worth individuals, with little retail activity.
In 2022, the median and mean cover amounts purchased on Nexus Mutual were around $100,000 and $750,000, respectively. OpenCover suggests this is likely due to the higher cover purchase transaction costs on Ethereum compared to other chains. However, InsurAce data on Polygon and BSC showed more retail adoption with cover amounts below $10,000 in about 50% of purchases.
Policies sold grew by 85% since November, compared to the previous four months. However, OpenCover suggested this was driven by Layer 2 airdrop speculation, such as the recent Arbitrum announcement, and the real growth figure was more like an estimated 15%.
Dealing with major exploits
Cover claims and payouts reached record highs in 2022. Of the $34.4 million paid out last year, the TerraUSD (UST) depeg represented a $22.5 million payout, and the FTX collapse, $4.7 million.
The need for audit cover was acutely demonstrated last week following the $197 million exploit of the DeFi lending platform Euler Finance, despite several audits by multiple auditors being carried out on its code. One of its auditors, Sherlock, is paying out a $4.5 million claim after missing the vulnerability that led to the attack, though it pales in comparison to the size of the hack.
The most common exploit attack vectors include protocol logic, infrastructure, ecosystem, smart contract language and exit scams, the first two accounting for 78% of losses alone. The leading attack vector, compromised private keys, has led to nearly $2.2 billion in historical losses, with cross-chain bridges particularly vulnerable. As compromised private keys are often down to user error, current cover typically excludes such losses, instead focusing on protecting users from risks beyond their control, falling into the category of protocol design flaws and technical risks.
OpenCover’s data on underwriting capital, active cover amounts and claims data were compiled from Nexus Mutual, Unslashed Finance, InsurAce, Chainproof, Sherlock, Neptune Mutual, Risk Harbor, InsureDAO and Ease — representing over 90% of the industry’s on-chain underwriting capital.