Why DeFi Insurance Failed (And How to Fix It)

Have thoughts on this topic? Join the conversation on X.

Introduction

I've been flying to many crypto conferences, and have been paying for travel insurance when I realized I've never actually claimed it. Not once.

It's probably why insurance is one of the world's most successful financial models. The insurance industry operates a pretty awesome yield protocol built on a simple, powerful yield loop: collect premiums widely, invest the float astutely, and pay claims selectively, all guided by robust risk modeling. While underwriting margins can be tight, investment income often ensures enduring profitability.

While pure underwriting profit (premiums earned minus claims and expenses) can be slim or even negative in some years or lines of business, the investment income generated on the float often ensures healthy overall profitability and resilience for the industry incumbents.

Why, then, has onchain insurance struggled so much to find sustainable footing and profitability? I remembered this post by @hosseeb

Smart contract exploits and DeFi hacks have resulted in billions lost over the past few years, protocols offering insurance often grapple with low adoption metrics (compared to the overall DeFi market size).

Platforms like Nexus Mutual pioneered this space, offering users a way to hedge against smart contract risks. Yet, despite the clear need, the onchain insurance sector has arguably failed to achieve widespread adoption.

The reasons are multifaceted: capital inefficiency, cumbersome claims processes, adoption friction and more have plagued early models.

Here are some excellent points from @BraveDeFi:

The challenges are deeper than just code. As veterans in the space highlight, scaling underwriting capital is the primary bottleneck, even when demand for coverage is high. Furthermore, accurately pricing on-chain risk is a niche skill, requiring expertise across smart contracts, market dynamics, and custody – an overlap few possess. Compounding this is the risk-on nature of many crypto natives, who historically haven't prioritized buying cover.

The Underwriting Challenge: Limitations of Current Models

Before exploring solutions, we must acknowledge the ground truth:

1. The Underwriting Capital Bottleneck: First-generation models like Nexus, while successful, rely on dedicated capital pools. This creates opportunity costs and limits scale. As insiders emphasize, finding sufficient capital willing to underwrite complex, evolving on-chain risks is the core constraint, despite demand, especially for large policies.
2. The Difficulty of Risk Pricing: On-chain risk isn't static. It requires continuous assessment by experts who understand the interplay of code, economics, and off-chain factors (like RWA custody). Pricing based on loss probability, not just yield, is key – yet willingness to pay often correlates with fluctuating DeFi yields, complicating sustainable pricing.
3. Inadequacy of "Self-Insurance": Many protocols tout "Safety Modules" or treasury buffers (like Aave, Maker, Ethena). However these buffers are often thin (<1-2% of TVL) relative to potential large losses ($100M+) and thus primarily cover specific risks (like bad debt) and do not protect against catastrophic smart contract failures affecting the treasury itself. Using volatile governance tokens as backstops is also precarious, as governance tokens usually drop further during crises.
4. Lack of supply: LP's/underwriters' desire and ability to supply collateral/insurance is constrained due to the complexity involved

However, the DeFi landscape is evolving with new primitives which could help onchain insurance to be more practical and adopted.

Leveraging New Primitives for Onchain Insurance

Maybe onchain insurance could work better if we combine the capital efficiency of restaking, permissionless insurance pool creation for broader access, and deeply integrated, onchain incentive alignment.

Restaking: A New Source for Underwriting Capital?

Before diving into incentives, let's recap the base layer. Restaking in my case is not just allowing existing staked assets (like ETH LSTs), but any whitelisted yield-bearing asset, to be used as collateral for multiple protocols, dramatically lowering the capital cost for new applications.

Here are how the different parties work together:

• LPs: Provide underwriting collateral to specific insurance pools in exchange for the largest portion of fees earned from premium
• Insurance protocol governance token holders: Vote on insurance pool proposals from protocols and being wary as exploits will cause LPs will leave, reputation is tarnished, and revenue will drop
• Protocols: Choose well-defined pre-written insurance pool proposals that is suitable for their protocol and pay a proposal creation fee (to prevent spam as well)
• Insurance protocol: Earn some portion of the fee above

An "Insurance protocol" built on this model immediately addresses the primary hurdle of first-generation protocols:

1. Capital Efficiency via Restaking: Instead of requiring a massive and dedicated capital pool, the insurance protocol secures its operations and potential payout backstop using restaked assets. This frees capital and potentially lowers premiums.
2. Maintain Hybrid Assessment (Manual + Automated slashing): Protocol exploits and failures are nuanced, thus the insurance protocol should also incorporates a subjective assessment layer (expert committees, decentralized assessors staking the insurance native token) alongside potential objective slashing conditions that are automated. This retains human judgment where needed, learning from Nexus Mutual's experience but building on a more efficient capital base.

The key unknown, as highlighted, is the market's willingness to provide this underwriting via restaking once the real risks (slashing) are active, and what risk premium they will demand.

Unlocking Scale: Permissionless Insurance Pools

A major barrier to broad adoption is the bespoke, often centralized process of adding coverage for new protocols. An Insurance Protocol can overcome this by enabling permissionless pool creation, unlike the more curated listing process that is currently used**.**

Here's a rough implementation of how it could work:

• Standardized Templates: The insurance protocol could offer predefined insurance "packages" with varying requirements (e.g., minimum audit standards, TVL thresholds, specific event triggers like >30% TVL loss due to exploit).
• Protocol-Initiated Pools: Any DeFi protocol could propose creating its own dedicated insurance pool under the insurance protocol umbrella, selecting a suitable template.
• Vetting: To maintain quality and security, creating a new pool would still require a successful governance vote by the insurance protocol token holders. A proposal fee, paid by the protocol initiating the pool, could be distributed pro-rata to voters, incentivizing active governance and due diligence. This creates a scalable yet curated marketplace for risk.
• Flexible, Yield-Bearing Insurance Collateral: LPs providing the actual capital backing for these pools could deposit various whitelisted yield-bearing assets (e.g., stETH, rETH, yield-bearing stablecoins). This maximizes capital efficiency for LPs.
• Constrained Rehypothecation: To further optimize capital without introducing excessive systemic risk, LPs could potentially use the same underlying collateral to back pools for fundamentally different types of protocols (e.g., using the same stETH to back a lending market pool and a separate DEX pool). The logic is that exploit vectors are unlikely to simultaneously affect drastically different protocol types, limiting contagion risk. This requires careful design and risk parameterization by the insurance protocol governance.
• DeFi Integration: Working with DeFi protocols to integrate coverage purchase directly at the point of deposit within DeFi protocols is paramount for user awareness and onboarding larger, more risk-averse players. In exchange the protocol can receive a commission for insurance paid on their platform. To bootstrap initial insurance demand and make it a habit, protocols can incentivize the premium initially, and over the long term the premium paid and commission earn exceeds this initial incentive.

This permissionless system dramatically lowers the barrier for protocols to offer protection, and for users to purchase insurance, fostering wider integration and choice.

The Flywheel: Aligning Incentives for Sustainable Underwriting

Efficiency and access are insufficient without alignment. Drawing inspiration from models like Proof-of-Liquidity:

1. Onchain Commissions: As mentioned above, protocols integrating the insurance protocol can earn a direct, on-chain percentage of premiums generated through their interface (e.g., a checkbox "Insure this deposit/LP position"). This provides a tangible revenue stream, incentivizing adoption.
2. User Subsidies: Protocols can use commission revenue or treasury funds to subsidize premiums, making insurance cover cheaper and more attractive for their users, at least initially until it becomes ingrained in their behaviour.
3. Attracting Underwriters: The underwritten protocol must offer competitive, risk-adjusted returns to the restakers/operators providing the underwriting capital. The high yields (~16-24%+) achieved by skilled underwriters in existing systems like Nexus demonstrate potential, but this needs to scale within the insurance protocol framework.
4. Skin in the Game: Protocols could potentially earn higher commission rates by staking the AVS's native token, deepening their alignment with the insurance layer.

This creates a potential virtuous cycle: Integration drives volume -> Volume generates commissions & attracts underwriting capital -> Scale allows better pricing/broader coverage -> Reinforces integration.

Inevitable Challenges Remain

This vision faces significant hurdles:

• Risk Management Expertise: An insurance protocol needs robust internal risk management capabilities, mirroring Nexus Mutual's strength. Governance must prioritize safety over rapid growth. Who prices the risk within the protocol to generate the templates that would attract both protocols and users? How is systemic risk managed?
• Attracting Sufficient, Sticky Underwriting Capital: Will restakers accept the specific risks of insuring protocols for achievable premiums, especially compared to securing lower-risk protocols (that just need economic security rather than underwriting collateral)?
• Economic Modeling & Security: Balancing rewards, fees, commissions, and slashing penalties is incredibly complex and vital for security and sustainability.
• Latency & Assessment: Subjective assessment takes time. Balancing speed with accuracy in claims processing remains difficult.
• Trust & Complexity: Designing and securing a permissionless system with diverse collateral, constrained rehypothecation, and on-chain incentive flows is highly complex.

Final Thoughts

Onchain insurance isn't just an engineering problem; it's fundamentally about risk management and scaling underwriting capital responsibly. While early models like Nexus Mutual proved the viability and importance of expertise, they faced scaling limitations.

Current "self-insurance" buffers offer only partial protection. Restaking presents a powerful tool to enhance capital efficiency, potentially unlocking the door to scalable underwriting.

Combined with permissionless pool creation for broader access and strong onchain incentive alignment, we have a blueprint for a more robust insurance infrastructure.

However, success hinges on embedding deep risk management expertise within these new models and attracting sufficient capital willing to genuinely underwrite DeFi risk. Addressing the complex risk management challenge requires ongoing innovation, potentially involving standardized risk frameworks and leveraging independent expertise from audit firms to validate security assumptions, contribute to assessment processes, and build greater trust in risk pricing.

It requires participants – protocols, capital providers, security auditors, and users – to have meaningful skin in the game. Only then can we build the resilient financial infrastructure needed to onboard the next wave of users and capital into a safer DeFi ecosystem.