DeFi 101: How does DeFi Insurance work?


At the time of writing, there is a staggering $60.34B of capital locked up in DeFi smart contracts. That represents a huge amount of risk.

DeFi protocols have offered early users the opportunity to make incredible gains, through yield farming, staking, borrowing, lending and even betting. However, bad actors are continuously pouring over smart contracts in order to find a way to exploit them. On many occasions, the smart contract owners themselves have proven to be untrustworthy and conducted ‘rug-pulls’ — stealing all the funds locked in their protocol.

In 2020, $120million was stolen across DeFi — and that was only the beginning.

So how can DeFi users protect their funds?

The inescapable fact is that using trustless and permissionless protocols is always going to carry an inherent risk.

However, thanks to the development of innovative decentralised cover protocols DeFi users finally have a means of mitigating at least some of that risk. The list of risks that can be covered lengthens every day, however the most popular currently are:

  • Smart Contract hacks or exploits
  • Wallet smart contract attacks
  • Collateralised loan failure — for when collateral sent by borrowers is lost, stolen or burned
  • Protocol attacks (includes oracle attacks, severe economic attacks, governance attacks, protocols on any chain, layer two components).

Insurance vs ‘Cover’ — Mutually beneficial

One of the original, and most established DeFi cover protocols, Nexus Mutual makes an important distinction between the ‘insurance’ offered in the traditional finance world, and the ‘cover’ offered in DeFi. Specifically:

“Nexus Mutual does not offer insurance because it is a discretionary mutual. Smart Contract Cover is not a contract of insurance. It is discretionary cover provided by members of the mutual to each other. Members have full discretion on which claims payments are made. Members are putting trust in the economic incentive model rather than an insurance company”.

In this article, we will refer to ‘insurance’ and ‘cover’ as essentially the same thing. However, the distinction Nexus makes is an important one. In the world of DeFi cover, rather than having an international underwriting company running the show, the power is in the hands of the cover provider’s community. That is to say, generally, governance token holders vote on claims and protocol changes and stakers underwrite the policies on offer by locking up their tokens in pools.

So how does Decentralised Insurance/Cover work?

The precise operations involved in DeFi insurance vary from provider to provider, and developments are happening all the time. For example, the early entrants to the market focused their products around single networks — like Ethereum, but innovative projects such as InsurAce have now developed cross-chain cover over a wide range of protocols from Ethereum to Polygon and Fantom.

InsurAce provides cover on multiple chains including Binance Smart Chain projects

For the purposes of this article, we’ll focus on one of the original and most widely used providers, Nexus Mutual.

For a small, legally compulsory fee (currently around $5) you can become a member of Nexus Mutual. Becoming a member allows you to “buy cover and earn more NXM by helping run the mutual, including voting on claims, deciding which smart contracts are secure and voting on proposals”.

Most DeFi insurance/cover protocols operate in the same way, requiring membership prior to purchasing cover. A Binance Smart Chain-focused cover provider, Soteria.Finance for example also operates in a very similar way to Nexus Mutual.

Once your membership is confirmed, you can then purchase cover against any smart contracts, protocols and custodians offered by your provider, deciding how much and how long you want to be covered for.

Some of the cover options available on Nexus Mutual

Smart Contract cover is the most popular offering across the board currently. Buying smart contract cover allows members to make a claim in the event that some funds were lost from the smart contract as a result of contract bugs, economic attacks or governance attacks.

Purchasing cover on Nexus Mutual against Uniswap V3

Nexus Mutual requires users to provide evidence of personal loss from any contract exploit. Other providers however, such as Cover Protocol, offer users the opportunity to effectively ‘bet’ on the security of a particular entity by minting ‘CLAIM’ tokens if they believe the risk will be successfully claimed against, or ‘NOCLAIM’ tokens if they believe the entity is safe and no successful claims will be made against it. Therefore, no evidence of personal loss is actually required. This approach carries added benefits to the protocol as it gives them more underlying capital with which to underwrite their cover.

Whilst early entrants into the DeFi insurance market have focused initially on the Ethereum blockchain, one of the cover providers leading the way on cross-chain cover is InsurAce currently offers cover on protocols built on a wide range of public chains, including Ethereum, Binance Smart Chain (BSC), Huobi Eco Chain (HECO), Solana, Polygon, and Fantom.

InsurAce also offers a portfolio-based product design, whereby users can access lower overall premiums by covering multiple risks in one portfolio. This combats one of the existing flaws in many DeFi insurance offerings whereby often a user can lose funds when a protocol suffers from an attack made to a connected protocol. In that instance an end user would not receive a payout because the smart contract they purchased cover for was not itself attacked.The user would instead need to have both protocols covered in order to ensure complete protection. InsurAce allows customers to turn that into an advantage by accessing lower premiums through the spread ‘portfolio’ risk rather than purchasing cover against each protocol separately.

How are claims assessed?

With Nexus Mutual, for example, the members act as ‘claims assessors’. Membership rights are represented by holding the $NXM token. Token holders can stake their tokens to vote on claims submitted by other members.

Typically, this is where protocol ‘governance tokens’ come into play with the majority of cover providers — offering a decentralised method of claims assessment.

What happens if claims are successful?

In the event that claims are successful, premium holders are typically paid out according to their agreement at the expense of users who staked their tokens against the exploited contract.

Before cover on any particular smart contract can be purchased, most DeFi Insurance protocols insist enough value is staked against the covered contract by members, to cover the at risk amount. This makes protocols that are run this way heavily dependent on stakers.

So, why would any member ever vote for a claim to be successful if it means tokens being lost?

This is, in part, the inherent genius within the concept of decentralised cover. With Nexus Mutual for example, $NXM claims assessors are incentivised to think long term, as they are required to lock up their stake. So sure, losing some tokens in the short term would be painful, but undermining the validity of the entire Mutual by rejecting legitimate claims would ultimately lead to a loss in value of their entire $NXM holdings over time.

With Nexus Mutual, most of the work to incentivise fair claims assessment is done by the Bonding Curve (the formula that governs the price of the $NXM token in line with the Mutual’s financial performance). You can read more about the Bonding Curve on the Nexus Mutual Medium account.

What about KYC?

Know Your Customer (KYC) requirements also vary from provider to provider. For example, Nexus Mutual requires full KYC, Cover Protocol on the other hand, does not. Nsure Network is another ‘permissionless’ protocol that doesn’t require KYC. Its model differs from the likes of Nexus in that it takes inspiration from Lloyds of London, offering a dynamic pricing model based on the real-time supply of capital and demand for coverage.

Etherisc is another major player in the DeFi insurance space. They allow their community to build their own products — even branching out into non-crypto related cover against risks such as hurricanes and flight delays. Etherisc also does not require users to undertake KYC.

What problems are the DeFi insurance ecosystem facing currently?

DeFi Insurance protocols need a constant supply of capital from ‘Risk Assessors’ in order to scale and offer more cover. However, they miss out on a huge amount of potential capital because:

  • While the rewards for being a ‘risk assessor’ and staking against smart contracts are extremely lucrative, they also come with risk. With many providers, risk assessor’s tokens will typically be lost in the event of a successful claim against the contract — making staking unattractive to many investors.
  • Capital is also limited by the fact that many investors don’t want to complete KYC. This means they may opt to purchase ‘wrapped’ tokens instead, such as $wNXM, so that they can take advantage of the investment opportunity, without actually participating in the ecosystem. In turn, they miss out on staking rewards.
  • Actually assessing the risk of a smart contract is an incredibly technical pursuit, and even then, anyone can make a mistake in their analysis. This makes ‘Risk Assessing’ unattractive to many would-be stakers., a project developed by OXBC Members Peter Longworth and Robert Cooke, solves these problems.

Layer 2 solution providers like iTrust Finance are also playing a crucial role in increasing adoption and making staking more accessible to mainstream users, which in turn increases cover capacity for providers, allowing them to scale.

On launch, will offer solutions to both sides of this dilemma. Their easy-to-use risk-managed Vaults will take the headache out of selecting a secure contract to stake against.

Initially, $wNXM and $NXM holders will be able to stake into two iTrust Vaults:

Vault A: An index of all the contracts available on Nexus Mutual.

Vault B: A low risk / high rewards Nexus strategy developed by the DAO.

Currently, $wNXM holders are unable to stake against Nexus Mutual contracts. This means they miss out on staking rewards, and Nexus Mutual misses out on their capital — which could be used to scale and underwrite more cover.’s Vaults will allow $wNXM holders to stake too — opening up a whole new addressable market for the Mutual, and finally levelling the playing field for $wNXM holders.

By making staking and risk management easy for investors, iTrust expects to attract a wider pool of stakers and thus, crucially, to expand cover capacity for providers.

In Conclusion

The DeFi insurance sector is growing at an incredibly fast rate with new providers and layer two solutions launching at regular intervals. As more assets are locked up in DeFi smart contracts, the demand for cover will only grow.

For consumers, it is imperative to understand exactly what risks the policies they are paying premiums for actually cover against. Most providers tend to only pay out against exploits caused by technical faults with smart contracts, as opposed to deliberate acts of theft by team members, for example. In the main, ‘rug-pulls’ are not actively covered by any of the major providers.

Even cover providers themselves are not immune to controversy. COVER protocol was itself exploited in December 2020 with $3.62 million being drained from the protocol. This, just two months after the project faced ‘pump and dump’ accusations after their original $SAFE token experienced extreme volatility.

As with any nascent technology, gaps are being closed and DeFi insurance products are improving on a daily basis.

Layer 2 solution providers like iTrust Finance are also playing a crucial role in increasing adoption and making staking more accessible to mainstream users, which in turn increases cover capacity for providers, allowing them to scale.

If DeFi does indeed prove to be the ‘future of finance’ — decentralised insurance protocols will have a significant role to play in its success.

About the Oxford Blockchain Foundation

The Oxford Blockchain Foundation (OXBC) was inaugurated by 150 ‘Founder Members’ in June 2018. OXBC exists to widen the community, deepen the knowledge, and heighten the opportunities available to its members, within the blockchain space.

Our culture prizes alacrity, robust thought, and integrity in our support of one another and the wider industry.

Member benefits include:

  • Your profile on our website.
  • Invitations to exclusive events.
  • Free / discounted tickets to our own and third party events.
  • Invitations to join in the development and publication of thought leadership papers.
  • Introduction to professional opportunities.
  • The benefit of the power of our exclusive, energetic, international community.

You can find out more about OXBC, including details on how to join, here.

Disclaimer: OXBC is a non-profit Foundation and does not endorse any of the projects featured in its blog, newsletter or on any of its content/social channels. None of the materials produced by OXBC constitute financial or investment advice. Ensure you do your own research and verify any claims before relying on them. The Oxford Blockchain Foundation is not affiliated to the University of Oxford.



OXBC - Oxford Blockchain Foundation

Oxford Blockchain Foundation exists to enhance the community, knowledge and opportunities of our members. #oxbc