The DeFi Insurance Problem

What is underwriting, and why is it a unique problem in DeFi?

The Chicken and the Egg

Which one comes first?
Armor’s TVL on DeFiLlama is coming from the same Nexus contract viewable here.
  1. Lack of Standardized Risk Assessment: Each DeFi insurance group assess risk differently, and often times, they lack transparency regarding their risk assessment process. In an industry such as DeFi, where data transparency is central to its technological thesis, ambiguous or secretive risk assessment process deteriorates trust.
  2. Underwriting Returns: The ROI associated with underwriting for DeFi insurance is much smaller than most other DApps. Most DeFi insurance reward APRs are not strong enough compared to the risk of loss for underwriting. As DeFi projects continue to offer triple digit APRs, DeFi insurance can’t guarantee that return unless they have thousands of consistent paying policyholders.

DeFi Insurance Business Models

Model #1: Staker-as-Underwriter Model

One of the many forum submissions on Nexus sharing their inability to withdraw funds.

Model #2: Reciprocally-Covered Assets Model

Functioning of a payout after a hack with RCA.

Model #3: Protocol-Owned Liquidity Model

Model #4: The “Nuclear Power Plant” (NPP)

Money Makes Money

All it takes is time and a little bit of luck.
Above is the year-over-year growth of Northwestern Mutual’s invested assets.
Above is the year-over-year growth for client investment assets, which grew 25% just in 2021.

DeFi Doesn’t Have Many Stable Assets

Displayed above is the weekly chart for the Nexus and Unslashed vaults.
Unfortunately, this vault only generates an average monthly return of 0.07%.

Reality Check

Time to pay reality’s dues.
  1. Risk Assessment
  2. Asset Management
  3. Claims Assessment

Risk Assessment

Asset Management

Claims Assessment

How do insurance DApps handle claims?

Full thread viewable here.

What should be decentralized?

  1. Decentralized Risk Assessment (stakers choose which protocols should have the most underwriting capital)
  2. Centralized Asset Management (Core team controls AUM)
  3. Semi-centralized Claims Assessment (stakers alone choose what claims to pay)
  1. Centralized Risk Assessment (models designed by core team)
  2. Centralized Asset Management (Core team controls AUM)
  3. Decentralized Claims Assessment (the losses occur directly in the vaults Ease configured)
  1. Semi-Centralized Risk Assessment (publicly available for anyone to view here and submit adjustments to Solace DAO)
  2. Centralized Asset Management (Core team controls AUM)
  3. Semi-Centralized Claims Assessment (Risk management team pays out using optimistic payouts approach, and deploys third-party arbitration in the event of claim disputes)
  1. Semi-Centralized Risk Assessment (audit contests make the process available to everyone, but Sherlock team ultimately makes the assessment).
  2. Centralized Asset Management (Core team controls AUM)
  3. Semi-Centralized Claims Assessment (Integrated with UMA for third-party arbitration).

What We Can Learn from Traditional Insurance

Heavy is the Head the Wears the Crown

Very few are destined to hold the weight.
  1. Insure more loss events. DeFi insurance teams usually specialize in the coverage they offer (Unslashed = slashing insurance, Solace = smart contract insurance, etc.). However, DeFi insurance can and should diversify the financial risks they take on in order to increase revenue from premiums and decrease the likelihood of a black swan event liquidating a DApp overexposed to one type of risk. As Buffet proclaimed, “if you see your costs rising, so should your premiums.”
  2. Have DApps underwrite each other at scale. Instead of designing a mutual insurance group of individual risk strategists underwriting DApps, we should be designing a mutual that DApps can enter into to insure each other. This is why Solace’s upcoming solution, Solace Native, will be an exciting experiment to watch throughout this fall.
  3. Bundle multiple security services: Sherlock’s audit-focused insurance model is an excellent example of what happens when insurance is coupled with additional security measures. And it shouldn’t stop at audits. DeFi insurance should include on-chain monitoring services and bug bounty contests as prevention tools to secure their financial risks.
  4. Create an exploits oracle. The goal of an exploits oracle is to be the source of truth for whether or not an exploit occurred. The oracle could classify the kind of exploit, which contracts were exploited, and or what funds were affected. An oracle like this is to the benefit of all DeFi security players, and DeFi insurance can use it to verify exploits they cover.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Head of Growth @ Solace | USC Grad Student | writing ✍️ | musician 🎸