DeFi Insurance: Managing Risks of Digital Assets
Understanding DeFi insurance and its importance in mitigating DeFi risks and threats.
Playing the video that you've selected below in an iframe
Learn about how the money is drained from protocols and how you can keep your assets safe.
As blockchain-based digital assets grow in popularity and global adoption, so do theft and other malicious criminal activities.
With trillions of dollars on the line, users can benefit from financial safety nets that give users peace of mind and increased confidence in current and emerging digital assets.
In recent years, financial innovations have expanded to include a new asset class — blockchain-based digital assets. They are so-called because they are digital representations of value. These include cryptocurrencies, asset-backed stablecoins, crypto-assets, non-fungible tokens (NFTs), among others.
Ever since they hit the scene, digital assets have shown no signs of slowing down. Recent reports show the cryptocurrencies market is now worth over $3 trillion, while the NFTs market, which only became mainstream around 2020–2021, is now worth over $41 billion.
Also growing more relevant in the crypto space are DeFi (Decentralised Finance) projects and stablecoins which have soared to billions in market value in the last year alone.
Based on the numbers alone, it’s easy to see how the digital assets market is growing exponentially. Because the more an asset gains global popularity and rises in value, the more people want to get in on it. Consequently, both retail and institutional investors inject even more capital into these assets. Large corporations like Tesla and MicroStrategy have joined the bandwagon by including BTC in their balance sheets. Even countries like El Salvador are adopting BTC as legal tender.
Another reason for this rapid growth is that blockchain projects, by nature, are decentralised and thus have low barriers to entry. Anyone with an internet connection can log into an NFT marketplace and buy or sell NFTs. Anyone with enough stakeable cryptocurrencies, such as ADA and SOL can stake them to earn good rewards.
Lastly, digital assets have the one characteristic necessary to increase in value — scarcity. The most popular cryptocurrency, Bitcoin, has a maximum supply of only 21 million BTC. Its halving mechanism is also designed to slash the supply by 50% roughly every four years. This creates scarcity amid increasing demand. NFTs also boast this certain level of scarcity. The rarer the token, the more value it commands in the marketplace.
Where there is value, there is also risk. In the case of digital assets, the biggest risk exposure is in the integrity of the smart contracts and dApps (decentralised applications) used to facilitate them.
Blockchains are inherently secure and tamper-proof. It will take massive amounts of computing power to take control of the network and make changes to any block. So instead, hackers turn their attention to the protocols, applications, and wallets that exist on the network.
At first, crypto exchanges were the prime targets. Who can forget the infamous Mt. Gox hack and its $460 milliondisaster? The most recent appears to be the January 2022 Crypto.com hack, which cost the Singapore-based cryptocurrency exchange app over 4,830 ETH and 440 BTC, among other assets.
In the last five years, there have been several high-profile hacks of smart contracts and DeFi protocols. All of them involved large amounts of money being lost because the culprits were able to exploit vulnerabilities in the code. An example is the $120 million theft from DeFi protocol BadgerDAO in December 2021. The attack was discovered by blockchain security company PeckShield.
Even after passing an audit, it’s still possible for a protocol to contain bugs. Hackers are getting savvier at locating and exploiting these security flaws. Let’s take for example, the ChainSwap hack of July 2021, which lost over $8 million worth of tokens after the hacker used a bug vulnerability to mint new tokens and transfer them to their own addresses.
Many DeFi projects are built using smart contract code cloned from popular protocols. Sometimes, the developer may unwittingly commit a typo error during the copy and paste process. This can result in system flaws that lead to costly hacks.
Sometimes money is lost through outright theft. Dishonest founders might create a loophole in the code, allowing them to withdraw the liquidity from the project. Then they disappear with the funds and leave the users drowning in losses.
Whether due to sheer negligence or unforeseeable issues, hacks resulting from smart contract code vulnerabilities have been on the rise lately. As of Q1 2021, money lost to attacks on ETH dApps alone was over $86 million, according to a report by Atlas VPN. In comparison, money lost to crypto exchanges was below $3 million.
Keep in mind that these are just the hacks that made the headlines. There’s no telling how many more have occurred that aren’t public knowledge yet.
So, the question is…
Can we ever be fully confident that code works as intended 100% of the time?
Probably not. Projects work hard to protect themselves, but alone, these safeguards cannot guarantee complete protection. Admittedly, there have been several cases of stolen digital assets being recovered, but this process is unbearably lengthy. In some cases, getting back what you lost depends on the benevolence of the hacker.
Perhaps it’s time to consider other security measures that we can employ to plug these gaps.
Together with the growing desire to own digital assets, protection for these blockchain-based digital assets will be in demand as well. Cover protocols help investors and owners protect their digital assets from swelling exploitation and crypto market risks. To understand how covers in the decentralised space work, it can be a good idea to take a look into how traditional insurance works.
Insurance is a product designed to mitigate financial risk. You insure assets to protect them against unlikely events so that in the event that they do happen you are protected against financial loss.
For instance, people insure their homes against natural disasters. No one expects these disasters to happen, but if they do, it is responsible and reassuring to have a safety net in place to protect against the resulting damage and related expenses. Without insurance, the big consequences of low probability risks can be devastating. It is not without good reason that the insurance industry is as large as it is with universally widespread adoption across all industries.
Typically, insurers categorise and group risks so that they can accurately price those risks by analysing past data; this work is undertaken by actuaries. When policyholders suffer a loss to the asset they have insured they proceed with making an insurance claim and an insurance assessor will review the documents, policy terms, and asset to determine whether or not the insurance company should pay a claim amount to the policyholder.
Insurance funds obviously require a certain amount of capital to pay policyholders in the event of claims. Whilst there may be variations in the amount of capital on hand to pay policyholder claims, minimum levels, and other requirements are generally governed by regulators, directives, and the rule of law; for example, in Europe regulated insurers need to comply with the Solvency 11 directive.
In DeFi, the peer-to-peer nature of transactions often means that activity falls outside of these types of regulations. It is also true that there are different approaches to financial protection, such as hedging, that fall outside the definition and scope of the insurance products.
Understanding the different approaches taken in protecting digital assets in the blockchain industry requires a deeper look.
Financial protection of digital assets is a much-needed solution in the relatively risky world of blockchain. If there is an issue with the smart contract code that results in financial loss, no one wants to hear excuses about why there isn’t enough capital to fully cover their claim. Equally, no one wants to wait months to receive their payout, or worse still, wait months to find that their claim has been rejected on a purely discretionary basis.
These are just some of the challenges that Neptune Mutual’s cover marketplace is attempting to solve. To that end, Neptune Mutual is launching an on-chain protocol based on a parametric cover model in which dedicated cover pools will be set up by centralised finance exchanges, DeFi projects, and metaverse projects to protect against the risks of hacks and exploits. Unlike the discretionary model that pays out based on the cost of the financial loss incurred, parametric cover pays out all policyholders in the event that an incident is validated.
Neptune Mutual has adopted a low-risk approach to the design of the protocol. In essence, this means that there are a number of underlying principles (such as stablecoin liquidity pools and a 100% minimum capital ratio) that support the guarantee that policyholders will be paid out if an incident is validated.
This type of approach provides a more effective financial cover for a number of reasons.
For one, it facilitates faster claims payout since the defined parameters in the agreement eliminate the need for back and forth among underwriters, claims assessors, loss adjusters, or centralised parties. As long as the Neptune Mutual NPM token community determines through the reporting mechanism that the parameters have been met and that an incident can be validated, the coverage is triggered and the payout is immediately released to policyholders.
Because it is decentralised there is no centralised risk, and because it is an on-chain protocol all transactions are transparent. Policyholders and liquidity providers don’t have to trust the discretion of assessors because as with many blockchain protocols the Neptune Mutual protocol is a trustless environment.
In essence, Neptune Mutual’s solution strikes a balance between providing low risk, low-priced policy fees on one hand, and good returns for risk capital providers on the other. Good returns are achieved through yield optimisation strategies of cover pool capital, however, it should be noted that to ensure there is always sufficient capital to meet the total payout liability of the pool, these yield optimisation strategies are applied exclusively to capital over and above the amount required to honour the cover pool liability. In addition to these strategies, there are also other revenue-generating mechanisms, including cover project token rewards and a proof-of-deposit (POD) staking programme.
Financial protection is set to become mainstream in the digital asset ecosystem. Developers and project founders will benefit because it will provide users with greater confidence in using and interacting with smart contracts.
As the Neptune community grows in the coming years, more people may want to provide stablecoin liquidity to support the cover pools of their favourite projects. Hopefully, this will motivate those that serve to reduce crypto market risks and increase the adoption of decentralised applications.