DeFi Security
In October, the security of on-chain assets regained much attention since well-known protocols such as BNB Cross Chain Bridge, OmniX NFT Platform, and Team Finance were getting hacked. It seems that the endless hacking attacks in crypto have long been commonplace.
Early this year, Chainalysis published a research report about on-chain crimes, showing that crypto protocols have become a new playground for digital thieves. In the past year, $3.2B worth of cryptocurrencies were stolen from the crypto market, and the victims are disproportionately in DeFi. About 97% of all cryptocurrencies stolen in Q1 2022 were taken from DeFi protocols.
Code exploits are becoming the most common vector of attacks on DeFi protocols, while the Flash Loan attacks gradually disappear. Hackers are now focusing more on getting access to victimsâ private keys or manipulating the token prices by taking advantage of faulty codes in the protocols.
In the current DeFi market, on-chain security businesses mainly focus on providing auditing and monitoring services to protocols. Institutions like Certik, Hacken, and Slowmist have established the industry standard and user confidence to a certain extent. However, even though the vast majority of smart contracts were audited before they go live on the main net, nearly 30% of code exploits still occurred on platforms with the audited smart contracts last year. The auditing service can only prevent most attacks caused by faulty code, but not all. A more robust approach is needed to protect the security of the user fund.
The crypto market currently lacks a standardized risk control process in terms of asset protection after the protocol got attacked. Many attacked protocols rely on help from centralized exchanges and stable coin issuers to track & recover lost, and the different operational capabilities between projects make the security of on-chain assets even worse.
An industry standard for after-attack services needs to be established to provide a standardized recovery process that can greatly decrease the operational risk of the on-chain assets and form a comprehensive protection for protocols.
In traditional finance, the protection for the companyâs property comes from the commercial insurance purchased, but the commercial insurance for on-chain properties is still underdeveloped. Recent research has shown that less than 3% of crypto assets are insured and the current TVL of the on-chain insurance protocol is only about $275.55M.
Centralized Crypto Insurance
Goldman Sachs published their eleventh annual Insurance Survey this June, which included the views of 328 Chief Investment Officers and Chief Financial Officers from the global insurance industry about their asset allocation decisions. There have 6% of insurers ranked Cryptocurrencies as their first choice when considering portfolio construction. Although most traditional insurance companies claim that they do not have cryptocurrencies, it is undeniable that they have shown a strong interest in the development of the crypto market
Evertas, a pioneer in the cryptocurrency insurance industry founded in 2017, was licensed by Lloydâs of London early this year. This represents further cooperation of the traditional insurance company with the crypto market and the efforts by the crypto insurance industry on their road to compliance.
In addition to supporting common commercial insurance like mining property protection, for the on-chain protocols, Evertas launched their smart contract insurance for DeFi. This insurance will provide coverage for malfunctioning smart contracts and associated loss of assets. For security breach issues, it also provides coverage for private key loss and theft cases. Evertas can now provide crypto insurance for users in the UK, Australia, and HK through the continuous expansion of its supporting area.
However, due to the lack of large insurance institutions, the centralized crypto insurance industry is still in a very early stage and can cover only a very small part of the roughly $4B cryptocurrency loss in 2021.
Decentralized Crypto Insurance
The decentralized crypto insurance protocols are combining traditional insurance products with blockchain technology and DAO ideas to improve the transparency and efficiency of their services.
Nexus Mutual
Nexus Mutual is the best-performed DeFi insurance protocol in the current crypto market, which accounts for over 67% of the entire on-chain insurance industry. Unlike commercial insurance in traditional finance, its mechanism is closer to the elder mutual insurance model that appeared in 1752 when Benjamin Franklin established the Philadelphia Contributionship for the Insurance of Houses from Loss by Fire. The mutual insurance company is owned by its policyholders, and any profits earned are either retained within the company or rebated to policyholders in the form of dividends or reduced future premiums
Nexus Mutual currently provides three types of cover
Yield Token Cover:Â Protects against yield-bearing token de-pegging
Protocol Cover: Protect against a hack on a specific protocol
Custody Cover: protects against halted withdrawals and haircuts on your funds stored on centralized exchanges.
The insurance premium of Nexus Mutual comes from the fund pool contributed by investors. Investors deposit $NXM into pools that they think it is safe or they are willing to bear the insurance cost and obtain the corresponding profit generated. If any claim was initiated and verified by the community, funds in the corresponding pool will be delivered to the claimer in the form of $ETH/$DAI while the $NXM will be destroyed.
The mechanism design of Nexus Mutual also draws on the model of the popular liquidity pool, that is, investors sell $ETH to the protocol for $NXM, and $NXM is like the LP tokens in DEXs, which represents the liquidity share provided by the investors and is also its income warrant.
Its tokenomics, or the token value capture, $NXM adopts the following formula.
Firstly, due to its $ETH-denominated nature, $NXM holders naturally have exposure to the price volatility of $ETH. In the formula above, we can find that the price of $NXM is mainly affected by the minimum capital required (MCR), and its ratio to the total amount of funds in the pool. MCR represents the popularity of the underlying insurance, that is, demand, which supports the token price in the long run. On the other hand, the changes in its ratio can greatly influence the price performance of $NXM in the short term. For example, after a claim is paid, the MCR will remain unchanged, and the rapid growth of MCR% will make the price of $NXM quickly rise.
From the mechanisms introduced above, we can see that decentralized insurance protocols use blockchain technology to improve fairness and reduce friction costs compared to traditional commercial insurance. Nexus Mutualâs competitor InsurAce, which has a very similar system to Nexus Mutual, has successfully paid out a total of $11.7M to 155 victims of the previous Terra crash in less than a month. With a more democratized and transparent insurance process, decentralized insurance protocols can hold stronger confidence from crypto-native investors.
Current Dilemma and Prospects
Decentralized crypto insurance protocols and centralized crypto insurance companies have taken different paths in their way of protecting on-chain assets.
on-chain crypto insurance protocols are focusing more on expanding their coverage to deal with the booming of DeFi market, and to meet the various needs of customers, while the centralized crypto insurance companies are focusing more on collaboration with traditional insurance institutions and policy compliances around the world.
Itâs still hard to tell what the future of crypto insurance will look like, but the current decentralized crypto insurance business model has encountered some challenges. Firstly, although the mutual insurance model was widely adopted in on-chain crypto insurance protocols, the biggest attraction for user funds is still its tasty rate of yield. Since there are many speculators in the crypto market, its source of insurance premiums is unstable, and the lack of stable insurance premiums and interest rates generator can be a huge problem that hinders the development of the decentralized crypto insurance businesses.
In addition to that, the stricter KYC requirement is also a problem. For now, complex KYCs are breaking up the decentralization of on-chain insurance protocols and limiting the number of investors. It is worth noting that compliance is beneficial to the adoption rate of the crypto, but it also brings investors concerns about the security of their KYC data. On the plus side, the cooperation between centralized crypto insurance companies and traditional insurance institutions will help educate employees and their customers, which can bring more investors to crypto.
At present, the crypto insurance industry only provides coverage for on-chain security risks. There are still no corresponding countermeasures for emerging risks like governance attacks. But with such a blue ocean, I believe that there will be projects to explore more possibilities of crypto insurance in the near future.
đŠ @Soxpt50
đ 17 November 2022
Disclaimer: This research is for information purposes only. It does not constitute investment advice or a recommendation to buy or sell any investment and should not be used in the evaluation of the merits of making any investment decision.
Links:
[1]https://nexusmutual.io/assets/docs/nmx_white_paperv2_3.pdf
[2]https://www.gsam.com/content/gsam/us/en/institutions/market-insights/gsam-insights/2022/Insurance_Survey_2022.html
[3]https://go.chainalysis.com/2022-Crypto-Crime-Report.html
