Please ensure you’re on the correct domain: redefind.io | Beware of impersonation scams, we will only ever email from an @redefind.io email address.

The Shortcomings of DeFi 'Insurance'

5th January 2025

Executive Summary

Our take is that decentralized 'insurance' solutions are good in theory but, in practice, face significant issues and fail to deliver genuine protection for crypto holders in critical areas like theft. These solutions arguably rely on community voting as a way to avoid regulation, as evidenced by recent pivots away from the term 'insurance' toward 'cover' and 'insurance alternatives.' Moreover, most of these solutions are hardly decentralized, despite some making fairly aggressive claims that centralization is the enemy. Let’s not forget that many of these protocols have a CEO and a team of developers who wrote the code and continue to determine the future of the protocol. This article discusses some of the main problems with the DeFi insurance sector.

What is DeFi?

Short for Decentralized Finance, DeFi is an umbrella term for peer-to-peer financial services on public blockchains. DeFi takes the basic premise of Bitcoin and expands on it, giving the potential to create more open, free, and fair financial markets accessible to anyone with an internet connection.

The team at Redefind see DeFi as a brilliant innovation. However, in our opinion, the DeFi crypto insurance sector has fallen short in regards to delivering genuine cover and peace of mind to individuals and businesses owning digital assets. This article will explain why we believe this is the case, and discuss why we built Redefind: the only regulated, centralized insurance provider solely dedicated to crypto insurance, providing solutions for both individuals and businesses across all forms of custody (including self-custody).

What is DeFi insurance?

DeFi insurance, also known as DeFi cover, includes a range of solutions designed to protect cryptoasset owners from some crypto theft event types. Unlike traditional regulated insurance, which up until now has been mostly focused on crypto custodian cover (e.g. crime and cold storage policies for exchanges and custodians), DeFi insurance primarily focuses on mitigating risks associated with technological vulnerabilities and protocols. The DeFi insurance target market is primarily individuals owning cryptoassets in self-custody.

“Your keys, your coins — your risk”(OpenCover, 2023)

How does DeFi insurance work?

1inch provides a concise description of how DeFi insurance works:

“At the core of DeFi insurance protocols usually lies a model enabling the collective funding of insurance pools and decentralized assessment of insurance claims. Providers to these pools deposit funds to form a reserve that covers potential losses. Certain protocols require a single upfront payment, while others accept LP tokens as collateral and forgo additional fees. In the event of a covered incident, such as a protocol hack, affected users are compensated from these pools. Additionally, users can accrue yield on their funds locked in the pool. Another model is staking-based insurance, where users lock up tokens in exchange for coverage, simultaneously securing the protocol and providing a source of funds for potential payouts. Members with risk and pricing expertise can manage staked assets, underwrite risks and earn fees.”

The problems with DeFi insurance

Below we highlight some of the issues that we have seen first hand with DeFi insurance solutions:

1. Not Even Insurance

DeFi insurance isn't insurance. The below quote from OpenCover (themselves a DeFi insurance solution), states that the most of ‘DeFi insurance’ isn’t actually insurance at all, given the cover in place is mostly discretionary, and that a better term for these solutions is ‘DeFi cover’ and ‘DeFi insurance alternatives’:

'“The term DeFi insurance is often used to describe this new [DeFi] type of risk protection, a more accurate term is DeFi cover as traditional insurance is a heavily regulated industry, and while some [DeFi] providers are able to offer bona fide insurance, most products are discretionary rather than contractual.(OpenCover, 2023)

2. Not Regulated in a Highly Regulated Sector

There is a huge chasm between traditional insurance (very highly regulated) and ‘DeFi cover’ (unregulated and discretionary). They’re chalk and cheese:

Actual Insurance

“Few sectors are as heavily regulated as the insurance one.”(Deloitte)

“Insurance in the UK is a highly regulated industry, due to its crucial social and economic role.” (UK Gov)

DeFi Insurance

“Emerging decentralized insurance applications might offer solutions, but like cryptocurrency and blockchains, they are unregulated and require trusting others with your money.” (Investopedia)

3. User Experience & Complexity

Those new to the crypto sector (one could argue the demographic most likely to want to purchase insurance as they are new to the space) would likely be daunted with the UI/UX of the DeFi cover providers.

Crypto veterans and DeFi experts are the only demographic likely to understand both the complex terms and daunting UI of DeFi cover solutions. Ironically, these veterans may not feel the need for such cover due to understanding the limitations in DeFi cover.

4. Poor Coverage

Cover types provided by the DeFi solutions are actually just not that useful for the average crypto owner in our opinion:

  • Protocol cover only
  • Slashing
  • Depeg
  • Protocol exploits
  • Real world examples:
  • Depeg ‘cover’, maximum payout of 200USDT - a very small limit, especially when gas costs are included. (Source: DeFi provider, we have anonymised the provided)
  • DeFi cover for smart contract exploits/hacking and severe oracle failure - expensive for narrow cover: 3.84%. (Source: DeFi provider, we have anonymised the provided)

The multiple focus groups Redefind has run with crypto veterans, crypto enthusiasts and family offices highlight that users want to protect their cryptoassets against theft (in-person theft, wallet drainers, address poisoning, malware, SIM Swaps and social engineering). But DeFi cover solutions don’t offer any such protection.

5. Immature Concept

The first DeFi cover provider was founded in 2016 as an Initial Coin Offering (ICO). Compare this less than a decade DeFi cover sector to regulated insurance which has been around for centuries (Lloyds of London is over 300 years old). It is estimated that only 0.5% of total value locked (TVL) DeFi assets were ‘covered’ by DeFi cover solutions in 2023 (OpenCover). Historical data shows that since 2016 DeFi cover providers have sold a total of 19,839 covers, received 552 claims, of which they paid out on 379 as at 2023 (OpenCover). This equates to approximately 3,300 DeFi covers being sold per year. Contrastingly, in traditional insurance, the UK house insurance market alone (a miniscule fraction of the global insurance market) sells the equivalent of 95,000 policies a day (35million/year) . This is an astounding difference. Not only has the uptake of Defi Insurance been incredibly low, but the ratio of claims reported: claims paid (68.66%) gives a worrying insight into the validity and ‘discretionary’ nature of these covers. Other DeFi cover growing pains include:

1. The pools paying out claims where the ‘insured’ was returned their stolen assets (so did not have a loss), potentially meaning the pool might sue their ‘policyholders’: here

2. Drama within specific DeFi cover ecosystems can negatively impact the ecosystem's coin price, which may, in turn, affect pool members' willingness to vote in favour of paying claims. For instance, the CEO of a DeFi cover provider was hacked for his ecosystem tokens, $8million worth, causing a drop in the coin price. Such incidents can create conflicts of interest and undermine the reliability of community voting-based insurance models (we won't touch on the fact that there is CEO of a 'decentralized protocol').

6. Too Complex

“Everything should be made as simple as possible but not simpler.” Einstein

As we have seen, the UI/UX of the DeFi cover solutions is complex. Yet the majority of the DeFi cover wordings are contrastingly far too simple (some of which are only 1 page in length, meaning there is a lack of clarity around what happens in certain scenarios). Wordings should not be complex to read, but should include thorough detail so the insured has absolute clarity as to what is and what is not covered in different scenarios. This is not possible to achieve with a single side of A4. The result is that DeFi cover solutions have complex technology and far oversimplified policy wordings lacking any substance - arguably the worst of both worlds. Contrastingly, regulated insurance policy wordings must be clear, fair and not misleading.

“The full policy booklet or policy wording is a comprehensive document that outlines the terms, conditions, and coverage provisions of an insurance policy in detail. Its purpose is to provide policyholders with a clear understanding of their rights, obligations, and the scope of coverage under the insurance policy. It is a full contract.”(Claimrite, 2024)

7. Misaligned Incentives

“In cases where oracles can’t make a determination as to whether an event took place or not – for example, to what degree an earthquake actually damaged a building – members of the DeFi pool review and vote on claims. The problem here being that members of the pool and the insured have misaligned incentives that favor the pool rejecting claims. In cases where claims are unjustly rejected in the traditional insurance world, the insured can look to the courts for redress. In DeFi space, such recourse doesn’t exist.”(Evertas, 2022)

8. Network Fees

In 2021, Ethereum gas fees soared to unprecedented levels during the height of the DeFi and NFT boom. At their peak, average gas fees exceeded $50 per transaction while more complex interactions—such as those involving smart contracts, which are integral to DeFi ‘insurance’—cost even more. If such a trend persists, it could become prohibitively expensive for some users to participate in DeFi ‘insurance’, as these platforms can require users to interact with multiple smart contracts to purchase coverage or file claims, further compounding the cost barrier.

9. Customer Service

The majority of the DeFi cover solutions require ‘policyholders’ to message the DeFi Cover team on Discord or Telegram if they have any questions. With fake channels lurking around and these types of messaging platforms riddled with bad actors, users are more at risk of suffering a theft or social engineering attack than they are compared to using email or a chatbot on the provider’s website. Plus, some users will wish to remain private and not have to make an account for one of these platforms under a pseudonym and join the channel just to ask questions.

10. EVM Blockchains Only

As of the time of this publication, DeFi insurance alternatives are focused exclusively on EVM-compatible blockchains, such as Ethereum, Polygon, and Avalanche. Notable non-EVM blockchains such as Bitcoin, Solana, and Dogecoin currently lack any DeFi cover solutions. Given that EVM chains represent only approximately one-third of the total cryptocurrency market capitalization, this leaves a considerable portion of the market without cover solutions.

Summary

Our take is that decentralized cover solutions are good in theory but, in practice, face significant issues and fail to deliver genuine protection for crypto holders in critical areas like theft. These solutions arguably rely on community voting as a way to avoid regulation, as evidenced by recent pivots away from the term 'insurance' toward 'cover' and 'insurance alternatives.' Moreover, most of these solutions are hardly decentralized, despite making aggressive claims that centralization is the enemy. Let’s not forget that many of these protocols have a CEO and a team of developers who wrote the code and continue to determine the future of the protocol - where is the line between centralization and decentralization?

Don’t just take our word for it.

“There is simply no way at this nascent stage of DeFi to be able to create a meaningful and sustainable insurance solution for the theft or loss of cryptoassets that exists solely on-chain. The continued irrational exuberance for DeFi insurance threatens the larger crypto ecosystem for two reasons. First, it denies resources to projects that actually can de-risk crypto, and in so doing, pave the way for larger players that would invest more into the space, if they could do so without exposure to excessive losses due to theft or technology failure. Second, it gives the broader market the false impression that cryptoassets are being protected when in reality, current capacity sits at around $5 billion – a true drop in the bucket of (what once was and most certainly will be again) multi-trillion dollar sector.”(Evertas, 2022)

The solution: Redefind

Having addressed the shortcomings of DeFi cover providers, there is now a solution. The FCA-regulated Redefind Digital Asset Recovery Insurance solution provides coverage for a wide range of crypto theft events, many of which are not covered by DeFi solutions. The Redefind policy includes protection for (policy wording is the most up to date):

  • Theft as a result of hacking or malware on a device
  • Theft as a result of SIM swap
  • Theft as a result of a malicious website, app or dApp.
  • Theft as a result of a deepfake impersonation pertaining to a member of your immediate family
  • Theft as a result of unauthorized access to your custodian account(s)
  • Theft from your custodian, which also results in other customers of your custodian having their cryptoassets stolen
  • An offer of goods or services by a bad actor to whom you willingly transfer your cryptoassets but where the promised goods or services do not materialise
  • Theft by an employee of your custodian, when not acting in the capacity of an employee of the custodian
  • Representation by a bad actor of an investment opportunity or investment platform which you believe to be legitimate but results in the total loss of your cryptoassets
  • Theft as a result of sending cryptoassets to a fraudulent clone of a custodian or cryptoasset wallet
  • Theft as a result of forced sending
  • Theft as a result of your seed phrase being stolen
  • Where you have been abducted and will only be released following a cryptoasset ransom payment
  • Theft as a result of your device being stolen

The Redfind solution is designed not only for cryptoasset coverage on third-party custody (exchanges and custodian accounts) but also supports self-custody (software and hardware cryptoasset wallets) for clients globally, whether they are individuals or businesses.

Back to blog