• Recently, hacks and bankruptcies have caused the most damage to users and have highlighted the need for insurance for both the platforms and the users.
• In order to protect users against possible risks, exchanges and decentralized platforms should increase the amount of their insurance funds and to make amendments in their structures.
• Insurance activities have weaknesses not only in the crypto ecosystem but in real life, and blockchain technology may help overcome these shortcomings particularly in terms of insurance fraud.
• In the field of insurance, which currently covers a small part of the ever-growing DeFi ecosystem but will inevitably enhance its scope in the future, it is possible to secure your assets on different platforms based on trust through community-based platforms such as Nexus Mutual.
• At a time when we are radically changing the practice of finance, we should also change the concepts and practices of insurance.

The last 6 months have been a rather challenging and uncertain period for the cryptosphere. Bankruptcy of 3AC, the collapse of CeDeFi platforms, countless bridge and DeFi hacks, and the FTX collapse have put both users and projects, in fact, the entire ecosystem into a major crisis. During this process, the entire ecosystem was forced to take a step back, but had the opportunity to take two steps forward. We are in a period of uncertainty, fear and anxiety. However, we are also feeling the urge to take steps for improvement together.

1. What is Insurance?

Insurance is a financial tool covering a wide area that we are rather familiar with in our daily lives. We have all taken out insurance for our health, life, valuables or immovable properties. The basic operating principle of insurance companies is to establish a compensation mechanism for any damage that may occur in the future. In order to achieve this, the person desiring to take out a policy pays a premium to the insurance companies and in return, the company covers the person’s loss in whole or in part based on specific terms and conditions. 

We are not familiar with encountering the word “insurance” within the cryptosphere; however, platforms such as dYdX, Perpetual or Binance have created “insurance funds” to be used when needed. There are also projects conducting insurance activities and deployed on blockchain.

2. Insurance Funds in the Crypto Ecosystem

a) dYdX Insurance Fund

dYdX is a decentralized derivatives market where users can perform on-chain derivatives transactions in both directions using their own wallets. Due to its inherently high-risk nature, dYdX has created two internal risk control mechanisms. The first one is the Insurance Fund, and the other is Leverage Risk Reduction. The purpose of both of these mechanisms is to ensure the system’s solvency in the event that the accounts reach negative value without being liquidated. 

For example, let’s assume user A opens a long position for BTC at $2000 with 10% margin requirement, which makes their balance ($-1000, and +1 BTC). Due to high volatility, when the price of BTC drops to $900 and the user is not liquidated, user A’s balance becomes $-100. In such a case, the insurance fund comes into play to cover the loss of $100. In case the insurance fund is also exhausted, leverage risk reduction comes into play and a user B with a short position is selected to balance user A’s position. In this case, the negative balance of user A is added to user B, and the user B’s position is leveraged while increasing the margin percentage. By doing so, the system prevents the platform from being exposed to bad debt in addition to eliminating the insolvency risks on the platform.

dYdX currently has an insurance fund of approximately $18 million.

b) Binance SAFU and IRI

Binance launched an insurance fund initiative called Secure Asset Fund for Users (SAFU) in 2018. In order to prevent users from losing funds or reducing their losses in cases of emergencies, Binance decided to transfer 10% of transaction fees to this fund. This fund consists of BTC, BNB and BUSD.

SAFU Token Distribution:

• 1,230,769 BNB ~  $349,243,035
• 300,000,000 BUSD
• 16,277 BTC ~ $273,811,694 
• Total : $923,054,729

Binance preferred to hold these funds on-chain to increase transparency rather than holding them on the exchange. “There have been two large-scale transfers to the wallet labeled as “Binance: SAFU Wallet” so far. The first transfer was 1,036,268 BNB and 300,000,000 BUSD on the day the wallet was created, and the other was 194,500 BNB during the week when FTX was known to become insolvent.” Accordingly, from what we can understand, we can say that Binance does not have a schedule for transferring funds to ensure transparency. Similarly, as we have limited knowledge about the revenue of Binance, it is a bit difficult to calculate the real value of this fund, which has been maintained since 2018. Also, it is worth noting that, according to Bloomberg, Binance had a revenue of $20 Billion for 2021, excluding the extra products such as their investments, NFT marketplace or lending platforms. In an interview, Binance CEO CZ stated that 90% of platform revenue consisted of trading commissions. Based on these numbers, we can speculate that there is actually a disconnect between the commission income and the insurance fund.

After the FTX collapse, an Industry Recovery Initiative (IRI) to last for six months was established, initiated by CZ with the support of other actors in the ecosystem. The main purpose of this fund is to both protect the user funds and to enable the recovery of a damaged ecosystem in cases of black swan events that result in an ecosystem-wide crisis. As the founder and the first funder of this initiative, Binance contributed with 1,000,000,000 BUSD and announced that their goal is to create a fund worth $2 Billion. Some significant actors in the ecosystem such as Justin Sun, Simon Dixon, Polygon Ventures and Aptos Labs also stated that they would contribute to this initiative. Along with Binance, Bybit and OKX announced they would also create different funds with the same purpose. Such funds are of great significance for the crypto ecosystem because they aim to ensure the security of user funds with a similar purpose. However, there is an important point to mention here. Although IRI is claimed to not act as an investment fund, they will enter into somewhat of an investment agreement with the applicant projects and the already accepted but financially distressed projects. Disclosure of these investment agreements are of great importance; otherwise, “centralization-washing” may indeed be included in the crypto terminology in the long run. 

3. Projects Offering Insurance Services in the Crypto Ecosystem

The insurance industry had a total market value of $4.5 Trillion in 2021 and is estimated to reach a value of $10 Trillion by 2030. Such an indispensable and constantly growing sector obviously has some applications on the blockchain as well. Although it only covers a small portion in the cryptosphere as of now, it would not be wrong to assume that they will consolidate their place in both Defi and real-world assets with novel insurance solutions as the ecosystem develops.

After discussing the insurance mechanisms of both centralized and decentralized platforms, we can take a look at the projects providing insurance services by utilizing the advantages of blockchain technology. Let us first talk about the operating principles of companies/projects providing insurance services, and then explain how blockchain technology may contribute to the field of insurance and how it can reduce operational costs while increasing user satisfaction.

Insurance companies provide coverage for immovable properties or specific matters, and for these coverages to be fulfilled, they ask individuals willing to take out insurance policies to pay a certain amount of premium based on their risk situations. These premium payments are collected in a pool, and if the loss is approved to be covered by the insurance company, the payment is made from this pool to the person who suffered the loss. For instance, let us assume Alice buys a new car and she wants to insure it against bad events – such as minor and major accidents, damage from natural disasters, or theft. Alice goes to Bob Insurance to apply for the insurance of her car. Bob Insurance shares with Alice the most suitable insurance quota, insurance conditions and insurance validity period considering parameters such as Alice’s financial history, traffic history, and criminal record. In t+1 time, Alice has an accident and applies to the insurance company to cover the damage to her car. Bob Insurance requests the auditors to investigate the incident to decide if the accident is covered under Alice’s insurance policy. In case Alice is found to be justified, Bob Insurance is obliged to cover the damage in part or in whole (according to the insurance conditions); but in case Alice is found to be unjustified, Bob Insurance does not have to make any payment.

a) Insurance Fraud

One of the biggest problems in the insurance industry is known as insurance fraud. According to data from the FBI, there are about $40 Billion in fraud cases in the United States alone, excluding health insurance. The difficulty of communication between different insurance agencies, their inadequacy, the failure to supervise institutions providing insurance service without a license and the inability of authorized bodies to monitor these activities are among the reasons for why this amount is significantly high. Here, some solutions may be developed using the innovations brought by blockchain technology.

• Distributed ledger technology provides us with a public and transparent data repository. Within such an open data platform, the communication between different agencies and the supervision of public institutions over institutions providing insurance service can be increased.
• Thanks to the immutability of blockchain, both insurance buyers and agencies providing this service can avoid being exposed to any fraudulent information or documents, and can issue more consistent quotas for the future periods while being able to prevent fraud.
• A significant portion of insurance fraud is carried out by a method called double-booking. In the simplest terms, this means demanding multiple institutions to cover the loss resulting from the same event. Just as double-spending is not possible on blockchain, we can avoid double-booking as we would not be able to make multiple claims for the same event in such a case.
• Insurance fraud not only harms insurance companies, but also individuals. Minor or major frauds usually result in the increase of insurance premiums, thus corresponding to a larger portion of household income. The reduction of fraud is also directly proportional to the purchasing power of the household.
• Claimshare application, developed by IntellectEU, and in cooperation with corporations such as Intel and KMPG conducts its activities to eliminate the double booking method by using blockchain technology. According to KMPG, nearly 10% of insurance agency payments consist of insurance fraud payments. In 2022, Claimshare announced that they are working to expand their application areas and to make fraudulent activities that can be carried out by third parties (doctors, commissioners) as well as insurance agencies ineffective.

b) Data Integrity

As mentioned above, the insurance industry encompasses a rather wide area, creating many different data points. And as it takes a long time for institutions to collect and verify data, the time for settlement and decision-making increases. A large insurance network supported by smart contracts and gathered in one place can be regarded as a big step both in shortening these periods and in reducing the operational costs of institutions.

As it can be seen above, we can easily see how the process can be shortened when settlement is sought through blockchain technology compared to conventional ways. This is because the content of contracts from two different agencies can be scanned to access acceptable offers in a rather short time through automated smart contracts.

c) Protection of Sensitive Information

Cyber attacks, hacks or database vulnerabilities are experienced in insurance as in every ecosystem. In 2015, due to a vulnerability in the database of Anthem Insurance, about 80 million users’ sensitive information was leaked. When such an incident happens in the context of insurance, sensitive information leaked may include income statements, payment systems information or health issues in addition to residential addresses, telephone numbers, and names. 

Within this context, blockchain technology offers us both a more reliable database infrastructure and the ability to store sensitive information in a more secure framework. For example, in the healthcare sector, communication between hospitals and insurance companies is used to determine which tests are covered by insurance. During this communication, health information of the patient is known by both parties, and in fact, different parties have this information while the patient data should remain confidential. Here, sharing this information with different third parties may turn patients into a marketing target or enable malicious actors to benefit from this data. It is possible to develop a solution using a zero knowledge proof system on the blockchain. When the communication between two parties takes place only by reporting the true and false statements without sharing any unnecessary information can further protect the privacy of patients’ sensitive information.

Nexus Mutual

Nexus Mutual is an Ethereum-based platform, currently most-widely used in the crypto ecosystem that only provides smart contract insurance with a promise to conduct insurance activities for real-world events as well. Acting with the motto of “a people-powered alternative to insurance”, Nexus Mutual operates with a membership system. In order to use the platform, it is required to pay a small amount of membership fee and to perform KYC. With a team consisting of experts in both finance and insurance, Nexus Mutual uses a bonding curve for their own tokens in order to increase capital efficiency.

Currently, Nexus Mutual offers Yield Token Coverage, Protocol Cover, and Custody cover services in addition to smart contract insurance.

i) Yield Token Coverage

The concept of yield tokens has started to take up a large place in our lives after the DeFi summer. Yield bearing tokens (yDAI, 3CRV, etc.) that are linked to their main token, BTC, ETH or a stablecoin, are included in this policy. The event that is covered here is the loss of peg between the insured tokens and the reference tokens. Nexus Mutual states that a minimum of 10% depeg between these tokens should occur for this policy to be enacted. For example, let’s assume you deposited yCRV worth $1000 into a pool where you can earn yield over yCRV and you insured this position. For whatever reason, the balance that should be 1 CRV=1 yCRV has lost its peg and the equation has become 1 CRV=1.2 yCRV. In this case, we have a loss of 20%; hence, in a position to claim compensation for our loss. 

ii) Custody Cover

Nexus Mutual defines the term Custody as corporations holding user funds and wallet keys; in other words, CeFi and CeDeFi. It is possible to secure your funds through centralized platforms supported by Nexus Mutual. In this way, if the conditions are met, it is possible to get compensated for losses in case these centralized platforms become insolvent or hacked, thanks to decentralized solutions. There are two different conditions specified by the platform for the validity of this policy:

1. The specified platforms will be hacked and you will have a minimum of 10% loss of funds due to the hack,
2. The specified platform will not allow you to make withdrawal for more than 90 days.

iii) Protocol Cover

On DeFi platforms that we usually use, sometimes the protocols may experience financial burden due to code related problems or other reasons. Through Nexus Mutual, it is possible to secure funds against these possible problems. We can get insurance for a variety of different areas and projects, from Uniswap LPs to ETH 2.0 staking, through the platform. In order to claim rights on the insurance policies, one or more of the following conditions must be met.

• Code-related bugs, hacks
• Oracle-related problems
• Governance attacks
• Basic economic problems

As can be seen, Nexus Mutual provides services for different areas and different conditions. But, where do they get the fund to cover these policies?

iv) Capital Pool 

Capital Pool is a pool set up by Mutual for the policy payments. All payments are made through this pool, and this pool has three main revenue streams:

1. Policy premiums,
2. Purchase of NXM,
3. Use of Capital Pool funds for investment purposes.

Considering this, it is like the individuals funding the policies act like DeFi users and Mutual is acting like a global insurance DAO. 

We have already mentioned that Nexus Mutual utilizes the bonding curve mechanism. The reason for this is that NXM token is actually the basis of the protocol and the capital pool is provided by token swaps and policy purchases. When a policy is purchased, the value of the capital pool will increase along with the protocol’s ability to pay. And the reason for this is that the pool is actually NXM-based, and what is being purchased is basically NXM . 

A Minimum Capital Requirement (MCR) is specified for all policies sold in order to pay them. Moreover, an MCR floor is specified to minimize the financial risk of the platform. With these, the aim is to keep the Capital Pool/MCR ratio above 1. 

As of today, the total amount of policies sold on the platform is approximately $161 Million. This number corresponds to 0.2% of the DeFi TVL. Considering the number of DeFi hacks and CeFi insolvencies throughout the year, we can argue that this amount is pretty low. 

There are a great number of different projects within Mutual, and users can insure however much they want from any protocol within a time period they specify. According to the table above, users are insuring themselves in many areas from derivative trading projects to centralized exchanges, from DEX LPs to borrowing/lending platforms.

So far, a total of 153 policies have claimed compensation. While 49 of these were accepted, 104 of them got rejected. The largest amount accepted is seen as 5 Million DAI paid to the claimant after the hack suffered by Rari Protocol and Fei. 15% of the policies applied for coverage belong to people who have been harmed by Holdnaut.

The chart above shows us the expiration date of the policies and the amount of policies valid until that date. Due to the nature of DeFi, funds are constantly moving, so we can see that users have purchased relatively shorter-term policies. 

Final Remarks

Throughout this report, we have covered two different concepts of insurance within the crypto ecosystem: projects directly securing the funds of their own users, and the users securing their own funds by taking out a policy.

For a centralized platform, it is necessary to monitor the platforms through independent auditors and regulations that are supposed to secure user funds. Proof-of-Reserves is not a tool to ensure the security of funds on its own. Proof of Liabilities and Proof of Insurance metrics should be incorporated. Even though centralized exchanges have taken up transparency measures after the FTX collapse, in order to make this a regular process, as users, we should apply pressure. And the regulators should take actions regarding the security of user funds on centralized exchanges.

For decentralized platforms, the auditors are usually hired to make sure that the code is secure. Code security, in a way, serves as insurance for decentralized platforms. However, these platforms are financial institutions as well. From treasury management to adjustment of the token economy, it will be beneficial for the ecosystem to receive assistance both from within the DAO and from a third party. In our discussions revolving around technology, we often forget that we are actually establishing new economic/financial models and tend not to prioritize it. However, these two phenomena are mutually dependent and should go hand in hand.

Independent auditors should also be used as an extra pair of eyes for risk control in DeFi platforms. 

Insurance funds of projects are of great importance both for the security of user funds and the reliability of platforms. As far as I can see, the main purpose of insurance funds on derivative exchanges is to avoid “bad debt” on the platform. In extreme cases, derivative exchanges and borrowing/lending platforms should both allocate a certain portion of their treasuries solely to cover the loss of user funds and use a certain amount of their commission fees for this purpose as well.

As we are radically transforming finance, we should also radically transform insurance. As can be seen in the Nexus Mutual example, currently, only 0.2% of DeFi TVL is insured. I believe this will start to increase especially after the recent events. However, projects providing insurance as a service have their own risks. We should work towards reducing these risks in the future. The first risk is a scenario where the total amount of policy to be paid is greater than the capital pool. In such a scenario where the policy amount increases but the capital pool does not increase at the same rate, in other words, where the minimum capital requirement’s ratio to the capital pool is below 1, the platform may become insolvent. Another risk is that, no matter how costly it is, a possible governance attack may accept any claim to drain the capital pool. Moreover, there might also be a vulnerability in the codebase of the project offering the insurance service, which may constitute once another risk. If we can eliminate these risks or can introduce different theoretical approaches, we can render insurance activities in both DeFi and traditional markets more democratic, efficient, and accessible.