Why Is DeFi Insurance Unpopular?

Authored by: Thejaswini M A

Compiled by: Luffy, Foresight News

"Insurance is nothing but a scam," is almost a consensus in the market.

People think this way for a reason. Cigna, a U.S. insurance company, developed an algorithm that could directly deny claims without reviewing medical records. UnitedHealth, when the time set by its algorithm expired, directly stopped paying for care, completely disregarding the opinions of attending physicians. The traditional insurance business model has always been: collect client funds first, take a hefty cut, and then set up barriers at every step to impede claims.

Today, bank deposits are insured by the Federal Deposit Insurance Corporation (FDIC), but the coverage limit is only $250,000, a standard that has remained largely unchanged since its establishment in 1934. Brokerage accounts are protected by the Securities Investor Protection Corporation (SIPC) with a limit of $500,000; once account assets exceed this figure, the protection becomes meaningless. The public perception of security is far lower than reality, with coverage limits set entirely at the discretion of insurance companies.

DeFi insurance was supposed to completely solve this pain point: eliminate intermediaries, with payouts automatically executed as long as the smart contract's preset conditions are triggered, completely removing the possibility of malicious claim denials.

But the reality is that almost no one is buying. Insurance premiums would severely erode investment returns, and after deducting premiums, the remaining yield simply cannot match the investment risks users bear.

This article will explain this market situation and why, even though everyone wants to solve the problem, it's difficult to reverse the core root cause of the predicament.

Nexus Mutual is currently the largest DeFi insurance provider. Since its launch in 2019, its total cumulative claims paid amount to just over $18 million.

Data source: Dune Analytics

In April 2026, Kelp DAO suffered a hack, resulting in losses of up to $292 million. The amount stolen in this single incident alone is equivalent to 16 times the total claims paid by this leading insurance institution over seven years.

This forms an extreme contrast with the current situation of traditional insurance's frantic claim denials. Traditional insurance collects high premiums but goes to great lengths to obstruct claims; DeFi insurance, however, generates meager premium income because almost no investors are willing to purchase coverage.

The stable operation of traditional insurance relies on the principle of uncorrelated risks. One house catching fire doesn't cause other houses to be damaged. An insurance company can sell policies to 1 million users, and a single fire claim can be covered by the premiums collected from all. However, DeFi lacks this risk isolation mechanism: security incidents like oracle failures or cross-chain bridge vulnerabilities can chain-react, impacting all lending protocols and liquidity pools built on that underlying asset. The USDC de-pegging event in March 2023 affected all protocols that used USDC as collateral on that day. For a DeFi insurance pool, risks are highly correlated. The underwriter can only bet that losses from security incidents are controllable and that the pool's funds are sufficient to cover them.

In March 2023, Euler Finance was hacked for $197 million, and the risk spread rapidly: Angle Protocol lost $17 million due to holding Euler liquidity tokens, Yield Protocol shut down operations urgently, and other platforms like Inverse Finance were also affected.

Once a protocol has a security vulnerability, it often affects multiple projects. A single extreme incident in one day could even directly deplete the entire claim reserve of an insurance pool.

I compiled the current premium rates for Nexus Mutual and InsurAce and compared them to the native annual percentage yield (APY) of the protocols they insure: Aave V3's USDC deposit APY is about 3.14%, while the insurance premium range is 1.5%–2.5%. After deducting premiums, the net yield is only 0.6%–1.6%. Investors bear on-chain security risks only to end up with returns slightly higher than ordinary bank savings.

Morpho, Compound, and Spark show similar situations, with native APYs of 3.5%–4%. Premiums consume one-third to half of the yield, leaving minimal profits but with extremely low cost-effectiveness.

Maple Finance's institutional lending pools offer APYs of 4.77%–4.90%, but insurance premiums are as high as 3%–6%. The net yield after insurance ranges from -1.1% to 1.9%. Ethena staking offers APYs of 3.6%–4%, with premiums also at 3%–6%, resulting in net yields of -2.4% to 1%. Purchasing insurance on these two types of platforms can, in extreme cases, lead to losses on the principal for investors.

Only the original MakerDAO (Sky) stands out. Its savings product offers a 3.6% APY, with the lowest insurance premium being only 0.11%. It is widely recognized as the lowest-risk entity within DeFi, retaining a net yield of 2.8%–3.5% after insurance, preserving most of the returns.

Premium pricing strictly corresponds to risk levels, but premiums for emerging platforms are too high, directly consuming the high yields users seek when entering the market.

Crypto investors choose to forgo insurance not out of laziness or recklessness; they understand that in most cases, purchasing insurance equates to zero returns. Even if all DeFi depositors collectively chose full coverage tomorrow, the entire industry could not meet the demand: Nexus Mutual's total pool size is about $81.56 million, and the entire industry's effective coverage capacity is at most a few hundred million dollars. In contrast, the total value locked (TVL) in major protocols amounts to hundreds of billions, a gap of astronomical proportions.

A single large-scale security incident like Kelp DAO would directly drain the vast majority of the industry's insurance reserves.

The historical claims total of $18 million precisely exposes the fragility of the industry's capital pools; the market has never experienced a catastrophic risk event capable of breaching underwriting reserves.

After a user submits a claim to Nexus Mutual, all token-holding members of the platform must vote on whether to pay. Members who vote in favor of paying a claim risk having their own assets directly impaired if the claim ultimately fails to be paid. This mechanism naturally fosters a tendency to deny claims. Traditional insurance employs dedicated underwriters and claims adjusters to balance conflicts, whereas DeFi insurance design merges all responsibilities onto the same group.

Before the 2008 financial crisis, financial risk pricing agencies generally believed a nationwide U.S. housing price collapse was impossible, as they had never experienced it. Insurance giant AIG massively sold risk protection contracts but was completely unable to pay when the market crisis truly erupted.

Before the U.S. government introduced FDIC deposit insurance, ordinary savers had no asset safety net. The Great Depression forced the government to mandate bank insurance, making coverage a hard cost for banks to operate.

In the DeFi space, no one can force protocols like Aave or Morpho to purchase insurance. Smart contract deployment is completely permissionless; there is no entity that can mandate projects to configure risk protection. This also leads to a lack of a safety net to withstand extreme market conditions in the industry.

The three largest claims in Nexus Mutual's history are: the FTX collapse, paid in two installments totaling about $7.3 million; the TribeDAO hack, a $5 million payout; and the Euler Finance hack, a $3.4 million payout. The sum of these three amounts almost equals the platform's total cumulative claims of $18.6 million over seven years.

Now, this mutual insurance platform is shifting towards proactive risk prevention. It has partnered with security audit agencies like Immunefi, Cantina, and Sherlock to launch bug bounty protection products. The protocol only needs to bear 20% of the critical bug bounty cost, with Nexus Mutual covering the rest, pre-funding incentives for white-hat hackers to identify vulnerabilities and avoid theft incidents at the source. Meanwhile, Nexus Mutual is expanding into compliant insurance tranches, attempting to connect crypto risks to reinsurance capital pools and introduce larger external capital to supplement underwriting capacity.

In March 2025, Cantina took a step further by launching an independent native protocol protection product, ensuring users can still receive payouts even if a vulnerability is not discovered early by bounty hunters and the protocol is hacked.

Both of these strategic shifts essentially acknowledge a core reality: on-chain native capital is insufficient to cover on-chain risks. Three fundamental flaws are irreparable: the insurance pool size is too small, risks are highly correlated, and the claim adjudicators and capital providers are the same group.

Nexus Mutual has $81.56 million in Total Value Locked (TVL) according to DeFiLlama, capturing 85% of the DeFi insurance market share. Other players are continuously shrinking: InsurAce peaked at $150 million TVL and is now only $132,000, having completed only one major claim after the UST de-peg in 2022; Sherlock's pool shrank from $60 million to $505,000 within a year; Unslashed Finance has millions of dollars trapped in outdated, un-updated code since late 2024. Other insurance projects have either shut down completely or pivoted to different business models.

A lighthouse warns all ships of hidden reefs but cannot charge passing vessels a fee, making it difficult for anyone to voluntarily fund its construction. The benefits are shared by all, but the cost is borne by the builder alone.

The value of DeFi insurance lies in preventing the spread of chain-reaction liquidation stampedes. Crypto market assets are highly interconnected; only when everyone simultaneously obtains coverage can overall market stability be maintained. But if everyone expects others to buy insurance as a safety net while unwilling to bear the premium cost themselves, ultimately no one will configure insurance, and the risk protection system becomes useless. Protection that no one actively underpins ultimately safeguards no assets.