For our institutional clients, sponsors, investors and service providers alike, building Digital Trust is a clear priority of our time. It is inevitable that our relationship with our assets will become increasingly digitalized, so the question is how can we help build sufficient levels of digital trust alongside that process. This is a key question when we think about building digital assets business and overcoming barriers to adoption and scale. In our custody paper, co-authored with digital assets custody provider Zodia earlier in 2023 and available here, we set out some of the models for digital assets custody and touch on some risk mitigation solutions. In this article, we will take a deep dive into one of those solutions – insurance – and look at why it is needed, what is available in this space and how it helps with asset protection and digital trust.
By way of recap on our earlier paper, holders of digital assets can choose to hold their assets in a variety of ways. Holders that don’t maintain the private keys associated with their assets themselves assume “custodial” risk – the risk that the entity or protocol managing the assets operates in a way that harms the client or user. There is clearly custodial risk when a client relies on exchanges and other traditional financial (“TradFi”) institutions to custody their assets so this is nothing new. However, the added technological complexity, and lack of firm industry standards and regulations in the digital assets custody space may lead to greater obfuscation of risk and consequential huge institutional and governance failures (see the FTX collapse). Here, we consider the risks of traditional centralized offerings, those associated with decentralized offerings, and what suitable insurance solutions may be available to assist. In fact, by taking a broader view, we can see that the “smart contract risk” inherent in decentralized finance (“DeFi”) protocols is similar to, and may be considered just a special case of, custodial risk (even though these protocols do not custody users’ assets).
Insurance and insurance-like solutions are available in both TradFi and DeFi to help mitigate custodial risk for clients and users. These solutions can be provided by the custodian or protocol itself (an “institution-side” solution) or by the client of the custodian or user of the protocol (a “client-side” solution). Below we will provide a brief survey of these different solutions.
TradFi
Institution-Side – Custody Insurance
Digital asset custodians who have established relevant services using a traditional centralized model can, of course, use widely-available commercial insurance products, like cyber insurance, to protect their clients against risks that could affect their digital assets. However, custodians of digital assets held in cold storage can also purchase custody insurance from traditional insurance providers, either directly from an insurer or through a broker that places the insurance with one or more insurers. Custody insurance typically protects the insured’s custodied assets from physical destruction or theft of the hardware holding the private keys and from unauthorized copying of private keys by employees or third parties.
Example: Aon organized a syndicate of insurers to provide custody insurance for the digital assets custodied by Copper in cold storage.
Client-Side – Custody Cover
A client that has custodied its digital assets with a custodian may be protected against the custodian’s loss of the client’s private keys through the use of institution-side custody insurance, but what about a failure of the custodian itself (e.g. due to a an insolvency)? Clients of such custodians, particularly if the custodian is a prominent centralized exchange, may be able to purchase insurance or an insurance-like product that reimburses the client for assets lost if the custodian stops processing withdrawals.
Example: Prior to the collapse of FTX, members of Nexus Mutual, a decentralized discretionary mutual and DeFi protocol, were able to purchase custody cover protecting against a loss of funds held in FTX. Nexus Mutual paid out approximately $5 million on FTX-related custody claims.
DeFi
Smart contracts and the DeFi protocols built using them don’t custody assets in the same way that centralized exchanges or specialized digital assets custodians do. Instead, DeFi users typically deposit an asset into the protocol and receive a different asset in return that entitles the user to receive the original asset plus some additional yield or reward at a later date (e.g. a liquidity provider token in Uniswap). Thus, DeFi users are also exposed to special case of custodial risk – if there’s a problem with the DeFi protocol, the user may be unable to recover its original asset and the new asset it received in exchange may be worthless.
Institution-Side – Protocol-Integrated Insurance
Unlike in TradFi, where institution-side solutions are more prevalent than client-side solutions, institution-side solutions are less prevalent in DeFi. Instead of protocols (or, strictly speaking, the governance organizations associated with them) purchasing insurance to protect against the risk of protocol hacks or other exploits, the focus has remained on reducing the risk of such events occurring through the use of smart contract audits and bug bounties. However, as the industry matures, we expect that more and more protocols will allocate funds to purchase insurance to protect protocol users or, instead, integrate insurance-like products into the protocol directly so that users can opt in or out of insurance themselves.
Bug Bounties are rewards offered to third-party security researchers (sometimes called “white hat hackers”) for finding and reporting protocol vulnerabilities.
Despite the above, it is common for protocols that demand off-chain performance by a set of decentralized operators to require those actors to provide something akin to a surety bond to the protocol. This surety bond, which is typically denominated in the native asset of the protocol, is deposited in the protocol’s smart contracts and acts as a form of insurance for other users of the protocol. If there are losses that occur as a result of the operators’ performance, the losses can be recouped from the surety bond before any losses are passed on to the other users.
Example: Users of Rocket Pool can deposit Ether in exchange for a token that accumulates staking rewards generated by Ethereum node operators using the Rocket Pool protocol. If those node operators lose funds (through slashing or an inactivity leak, for example), those losses are covered by the surety bond provided to the protocol by the node operators rather than by the users holding the yield-bearing token.
Slashing and inactivity leaks are different penalties imposed on a validator of the Ethereum blockchain who proposes an invalid block or does not validate the chain under certain conditions. Both penalties result in the forfeiture of a portion of the Ether staked by the validator.
Client-Side – Protocol Cover
Just as clients of centralized exchanges can purchase insurance-like products to cover the failure of the exchange, users of a DeFi protocol can purchase cover to protect against the failure of a protocol. These products are usually offered by insurance-specialized DeFi protocols (as opposed to traditional insurers), underwritten by other users that stake certain assets to provide capital for potential claim pay-outs and cover smart contracts bugs, hacks and other exploits that are contrary to the intended use of the protocol.
Example: Nexus Mutual, InsurAce and other DeFi protocols offer insurance-like products that cover risks for a variety of protocols, including popular protocols like UniSwap, MakerDAO and Compound. Earlier this year, Nexus Mutual paid claims relating to the hack of Euler Finance, a DeFi protocol, and, following the return of the funds to Euler by the hacker, is now seeking to recover those amounts from the cover holders.
Client-Side – Reciprocal Coverage
The solutions discussed above all resemble traditional insurance products, where coverage is provided by a third party in exchange for premium based on that third party’s underwriting of the risk. Recently, however, DeFi protocols have emerged that facilitate “reciprocal coverage” to protect users against protocol risks without the need for underwriting costs or premium payments. Under this model, a user deposits its assets (e.g. a Uniswap liquidity provider token) into the reciprocal coverage protocol and receives a reciprocal coverage asset. The reciprocal coverage asset functions like a coverage-wrapped version of the original asset, with any losses relating to the original asset (e.g. as a result of a hack of the protocol) covered by other holders of the reciprocal asset (who may have contributed a different original asset). The benefit of this method is that users are charged only based on actual loss experience and, correspondingly, the need for underwriting is eliminated. The main drawback is that the user is exposed to the risk of unrelated protocols.
Example: Ease.org offers the reciprocal coverage described above for certain assets held in other protocols. Unlike generic protocol cover, reciprocal cover applies to particular tokens within a given protocol (rather than the protocol itself), so coverage may be unavailable for certain assets.
Conclusion
We can see from the examples set out above that a number of the risks inherent in custody of digital assets are akin to those prevalent in traditional arrangements. However, there are some peculiar risk aspects of decentralized finance offerings that need to be accommodated and alongside those, some very new insurance and insurance-like solutions growing up to serve market needs. There are few widely adopted industry standards in this space and a lack of consistent, applied regulation. However, that is not to say that these solutions are not robust – as mentioned above, members of Nexus Mutual were able to obtain rapid reimbursement of claims for losses, whilst other former customers will wait years for resolution of legal process and compensation only at significantly impaired recovery rates. If you hold or are planning to hold digital assets, understanding the custodial risks you are taking on is key (as documented in our previous paper). Then understanding how you might insure against them, including using the more novel, non-traditional solutions available, is the obvious next step and we are supporting clients to really diligence and understand these offerings as the marketplace continues to endure.
Authored by Bryon Widdup and Dave Marley.
