Crypto insurance addresses a fundamental problem: DeFi users carry risk that traditional insurance won’t cover. Your standard homeowner’s policy has an explicit “cryptocurrency exclusion.” Centralized crypto insurance (Lloyd’s, Coincover) exists for custodied assets, but covering smart contract risk is an actuarially different challenge — the risk is opaque, correlated, and occasionally catastrophic. Nexus Mutual pioneered the decentralized insurance model in 2019 by creating a discretionary mutual where NXM token holders provide capital and assess claims. The sector has grown to cover smart contracts, stablecoin depegs, exchange hacks, and validator slashing — with notable successes (covering the bZx and Compound incidents) and notable controversies (disputed claims during Terra Luna collapse). As of 2025, crypto insurance covers a fraction of total DeFi TVL, presents real friction for users, and remains an active area of protocol innovation.
What Can Be Insured in DeFi
The following sections cover this in detail.
1. Smart Contract Exploits
What’s covered: Loss of funds due to a hack or exploit of a specific smart contract
Example: You hold $100K in Aave V3. A reentrancy attack drains the contract. If you had Nexus Mutual coverage on “Aave V3 smart contract,” you file a claim for your loss.
Insurer’s challenge: Determining whether a loss was due to the covered protocol’s code vs. user error vs. a different protocol in the same transaction is technically complex
Historical coverage events:
- bZx flash loan attacks (2020): Covered
- Compound oracle manipulation (2020): Covered
- Multiple covered claims during 2022 bear market hacks
- Wormhole, Ronin bridge: Complicated (bridge vs. protocol distinction)
2. Stablecoin Depegs
What’s covered: DAI, USDC, USDT, or other stablecoins trading below a defined threshold (e.g., 95 cents) for a sustained period
Parametric design: Typically uses an on-chain oracle price feed — if USDC/USD oracle returns <$0.95 for X minutes, claim triggers automatically (or semi-automatically)
The Terra Luna case:
- InsurAce covered UST depeg parametrically; paid out ~$11.8M to affected policyholders
- Nexus Mutual’s LUNA/UST coverage was disputed — Nexus has a “economic design failure” vs. “hack” distinction that led to community votes
- The Terra event stress-tested every protocol’s claims assessment process
3. Exchange Hacks (Custodial)
What’s covered: Loss of funds held on a centralized exchange (e.g., exchange gets hacked)
Challenge: Proving your funds were specifically in the hack vs. the exchange surviving with losses
Products:
- Coincover: Centralized insurer for CEX customers (insures Gemini, etc.)
- Nexus Mutual: Has “custodian cover” products for prime custody
4. Validator Slashing Events
What’s covered: Ethereum validator or other PoS validator being slashed (having staked ETH penalized for double-signing or other slashable offenses)
Target user: Solo stakers or liquid staking users (Lido, Rocket Pool)
Products: Nexus Mutual offers validator slashing cover; StakeWise and Rocket Pool have discussed insurance funds
5. Yield Bearing Protocol Risk
What’s covered: Losing yield-bearing position due to undercollateralized liquidation cascade or protocol insolvency
emerging product category: Given the growth of lending protocols (Aave, Morpho) as deposit destinations
Nexus Mutual: The Dominant On-Chain Insurer
The following sections cover this in detail.
How Nexus Mutual Works
Nexus Mutual is a discretionary mutual — a member-owned organization where:
- Members join by completing KYC and buying NXM tokens (ETH-denominated)
- Capital providers stake NXM against specific protocols → earn premiums from that cover
- Cover buyers pay premiums (in ETH or NXM) for specific protocol coverage
- Claims assessors (NXM holders) vote on whether individual claims should be paid
- Payouts come from the mutual’s capital pool if claim passes assessment
Key distinction from traditional insurance:
- No fixed guarantee of payout (it’s “discretionary” — members vote)
- Coverage is at the protocol level, not the user balance level
- Requires active claims assessment by a token-holder community with alignment interests
NXM and wNXM
- NXM: Can only be held by KYC’d mutual members; price determined by bonding curve (capital pool value / required MCR ratio)
- wNXM (Wrapped NXM): ERC-20 tradeable on secondary markets without KYC; trades at discount to NXM when withdrawal queue is long
- Capital requirement: Nexus maintains a Minimum Capital Requirement (MCR); if capital falls below 100% MCR, the protocol enters a defensive state
Coverage Mechanics
Buying coverage:
- Select protocol (e.g., “Uniswap V3 smart contract”)
- Specify amount ($10,000), period (30/90/180 days), cover currency (ETH or DAI)
- Pay premium (quoted in %; typically 2–7% per year for established protocols)
- Receive Cover token (non-transferable)
Premium pricing drivers:
- Protocol risk rating (higher TVL hacks → higher premium)
- Available capital staked in that protocol’s pool
- Historical claims frequency
Notable Nexus Claims History
| Event | Outcome | Notes |
|---|---|---|
| bZx flash loan attacks (Feb 2020) | Paid | First major DeFi hack payout; established Nexus credibility |
| Harvest Finance hack (Oct 2020) | Paid | Flash loan oracle manipulation |
| Yearn Finance DAI vault hack (Feb 2021) | Partially paid | Definitional dispute about “smart contract bug” vs. “economic attack” |
| CREAM Finance hack (2021) | Paid | |
| Terra/UST collapse (May 2022) | Disputed | Protocol design failure vs. hack categories debated |
| FTX collapse (Nov 2022) | Paid for custodian cover | CEX cover vs. DeFi cover distinction |
InsurAce: Parametric-Focused Competitor
InsurAce took a different design approach:
- Parametric triggers: Price oracle and on-chain event triggers rather than community votes → faster, more automatic payouts
- Multi-chain: Covers protocols across Ethereum, BSC, Polygon, Avalanche, etc.
- Portfolio approach: Discount for covering multiple protocols together
- INSUR token: Governance + staking for capital provision
Terra UST payout: InsurAce’s most notable moment — distributed ~$11.8M to UST depeg claimants using parametric oracle-triggered payouts. Demonstrated that parametric design can execute cleanly on clear events.
Why Crypto Insurance is Hard to Price
The following sections cover this in detail.
Actuarial Challenges
Standard insurance requires historical loss data to price risk:
- Car insurance has 100+ years of accident data → actuaries can price premiums with confidence
- Smart contract hacks have ~5 years of data
- Each protocol is different; a new protocol has zero loss history
- Losses are correlated (bear markets create multiple hacks simultaneously)
- “Black swan” events ($100M+ hacks) occur at non-actuarially-predictable rates
Adverse Selection
Users most likely to buy smart contract insurance:
- Security-conscious users who have read the protocol audits
- Users with concentrated exposure → they know something the market doesn’t
Or conversely:
- Users who understand risk management and are systematically hedging
This two-sided adverse selection makes pricing difficult.
Moral Hazard
If you’re insured for smart contract hacks:
- Less incentive to monitor risk
- Less incentive pay for individual security audits
- Less incentive to diversify across protocols
Correlation Risk
DeFi hacks are not independent events:
- A composability exploit can simultaneously drain multiple protocols
- An oracle manipulation affects all protocols using that oracle
- Market crashes create multiple hack events simultaneously (undercollateralized positions + whale stress)
This correlation violates the independence assumption of standard insurance pricing.
Coverage Gap: How Much DeFi is Insured?
As of 2025, estimates suggest less than 2–3% of total DeFi TVL is covered by any form of on-chain insurance. The friction (KYC for Nexus, manual claim process, limited protocol availability) prevents broader adoption.
Who buys coverage:
- Institutional DeFi users (hedge funds, family offices)
- High-TVL individual users
- Protocols insuring their own treasuries
Who doesn’t:
- Most retail users (premium cost vs. perceived risk not worth it)
- One-time users (coverage costs fixed fee + time)
Related Terms
Sources
Zetzsche, D.A., Arner, D.W., & Buckley, R.P. (2020). Decentralized Finance. Journal of Financial Regulation, 6(2), pp. 172–203.
Rennock, M.J.W., Cohn, A., & Butcher, J.R. (2018). Blockchain Technology and Regulatory Investigations. Practical Law Journal.
Mühlmann, C. (2021). Understanding the Limitations of Decentralized Insurance Protocols. Ledger Journal, 6.
Florysiak, D., & Schandlbauer, A. (2022). Asymmetric Information and Crypto Markets. Working Paper, University of Southern Denmark.
Chen, T., & Li, X. (2023). Blockchain Financial Services: Smart Contract Vulnerabilities and Insurance Mechanisms. Frontiers in Finance, 10.