Author: Thejaswini M A
Compiler: Luffy, Foresight News
"Insurance is purely a scam," is almost a consensus in the market.
There is good reason for people to think this way. Cigna in the US developed an algorithm that can deny claims directly without reviewing medical records. UnitedHealth Group stops paying for care as soon as the time limit set by its algorithm expires, completely ignoring the opinions of the treating doctors. The business model of traditional insurance has always been: first collect customer funds, take a high commission, then set up barriers at every level to hinder claims settlement.
Today, bank deposits are insured by the Federal Deposit Insurance Corporation (FDIC), but the coverage limit is only $250,000, a standard set in 1934 that has hardly been adjusted. Brokerage accounts are protected by the Securities Investor Protection Corporation (SIPC), with a limit of $500,000; once account assets exceed that amount, the protection becomes meaningless. The public perception of protection is far weaker than reality, with coverage limits set unilaterally by the insurance companies.
DeFi insurance could have completely solved this pain point: eliminate intermediaries. Payouts would be executed automatically as long as the smart contract's preset conditions are triggered, completely removing the possibility of malicious claim denials.
But the reality is that almost no one buys it. Insurance premiums would heavily erode investment returns. After deducting premiums, the remaining returns simply cannot match the investment risks users take.
This article will explain this market reality and the core root cause of why it's difficult to reverse this dilemma, even though everyone wants to solve this problem.
Nexus Mutual is currently the largest DeFi insurance provider. Since its launch in 2019, its cumulative total claims paid amount to just over $18 million.
Data source: Dune Analytics
In April 2026, Kelp DAO suffered a hack, resulting in losses as high as $292 million. This single theft amount is equivalent to 16 times the total claims paid by this leading insurance institution over seven years.
This is in stark contrast to the current state of traditional insurance which denies claims aggressively. Traditional insurance collects high premiums but goes out of its way to block payouts; meanwhile, DeFi insurance has meager premium income, rooted in the fact that almost no investors are willing to insure.
Traditional insurance can operate stably because its risks are uncorrelated. One house fire doesn't cause damage to other houses. An insurance company can sell policies to 1 million users; a single fire claim can be covered by the premiums collected from everyone. But DeFi lacks this risk isolation mechanism: security incidents like oracle failures or cross-chain bridge vulnerabilities can have a chain reaction impacting all liquidity pools and lending protocols built on top of that underlying asset. The USDC depeg event in March 2023 affected all protocols using USDC as collateral that day. For DeFi insurance pools, the risks are strongly correlated. Insurers can only bet that losses from security incidents are manageable and that the insurance pool funds are sufficient to cover them.
In March 2023, Euler Finance was hacked for $197 million, and the contagious risk spread rapidly: Angle Protocol lost $17 million due to holding Euler's liquidity tokens, Yield Protocol urgently shut down its business, and several other platforms like Inverse Finance were also affected.
Once a protocol has a security vulnerability, it often affects multiple projects. An extreme one-day incident could even directly deplete an insurance pool's entire reserve for payouts.
I have compiled the current premium rates for Nexus Mutual and InsurAce, comparing them to the native annual yield of the protocols they insure: The annual yield for USDC deposits on Aave V3 is about 3.14%, with insurance premium rates ranging from 1.5% to 2.5%. After deducting premiums, the net return is only 0.6% to 1.6%. Investors take on on-chain security risks, only to end up with a return slightly higher than ordinary bank savings.
The yield situation is similar for Morpho, Compound, and Spark, with native annual yields of 3.5% to 4%. Premiums eat up one-third to half of the returns. Although there is still a slim profit, the cost-effectiveness is extremely low.
Maple Finance's institutional lending pools offer annual yields of 4.77% to 4.90%, but insurance premium rates are as high as 3% to 6%. The net return after insurance ranges from -1.1% to 1.9%. Ethena staking offers an annual yield of 3.6% to 4%, with premiums also at 3% to 6%, resulting in a net return of -2.4% to 1%. Buying insurance on these two types of platforms could even result in investors losing their principal in extreme cases.
Only the original MakerDAO (Sky) shows impressive performance. Its savings product offers a 3.6% annual yield, with the lowest insurance premium rate being only 0.11%. The market widely recognizes it as the lowest-risk asset in DeFi. After insurance, the net return remains between 2.8% and 3.5%, preserving the majority of the earnings.
Premium pricing strictly corresponds to risk levels, but premiums for emerging platforms are too high, directly consuming the high returns users seek when entering the market.
Crypto investors choose to forgo insurance not out of laziness or recklessness. They understand that in most cases, buying insurance is equivalent to zeroing out their returns. Even if all DeFi depositors collectively decided to purchase full coverage tomorrow, the entire industry would be unable to meet the demand: Nexus Mutual's total pool size is about $81.56 million. The entire industry's effective coverage capacity is at most a few hundred million dollars, while the total value locked (TVL) in major protocols amounts to hundreds of billions. The gap between supply and demand is astronomical.
A major security incident on the scale of Kelp DAO would directly drain the vast majority of the industry's insurance reserves in a single claim.
The historical total claims of $18 million precisely expose the fragility of the industry's capital pools. The entire market has never experienced a major risk event severe enough to break through the underwriting reserves.
After a user submits a claim request to Nexus Mutual, it must be voted on by all token-holding members of the platform to decide whether to pay. Members who vote to approve a claim risk having their own assets directly impaired if the claim is ultimately not paid. This mechanism naturally fosters a tendency to deny claims. Traditional insurance specifically employs underwriters and claims adjusters to balance conflicts, whereas DeFi insurance design merges all responsibilities onto the same group.
Before the 2008 financial crisis, financial risk pricing agencies generally believed a nationwide housing price collapse in the US was impossible, mainly because they had never experienced it. Insurance giant AIG massively sold risk protection contracts, but when the market crisis truly erupted, it was completely unable to pay.
Before the US government introduced FDIC deposit insurance, ordinary depositors had no safety net for their assets. The Great Depression forced the government to mandatorily implement bank insurance, making it a mandatory operating cost for banks.
In the DeFi field, no one can force protocols like Aave or Morpho to buy insurance. Smart contract deployment is completely permissionless; there is no entity that can mandate projects to configure risk coverage. This also leads to a lack of a safety net mechanism to withstand extreme market conditions in the industry.
The three largest claims in Nexus Mutual's history are: approximately $7.3 million paid in two batches for the FTX collapse, $5 million for the TribeDAO hack, and $3.4 million for the Euler Finance hack. The sum of these three amounts is almost equivalent to the platform's seven-year cumulative claims total of $18.6 million.
Now this mutual insurance platform is shifting towards pre-risk prevention. It has partnered with security audit firms like Immunefi, Cantina, and Sherlock to launch bug bounty protection products. Protocols only need to bear 20% of the critical bug bounty, with Nexus Mutual covering the remaining funds, proactively incentivizing white-hat hackers to find vulnerabilities to avoid theft incidents at the source. At the same time, Nexus Mutual is working on compliant insurance securitization, attempting to connect crypto risks to reinsurance capital pools, introducing larger external capital to supplement underwriting capacity.
Cantina went a step further in March 2025, launching an independent native protocol protection product. Even if a vulnerability is not discovered early by bounty hunters, users can still receive payouts if the protocol is hacked.
Both of these transformation moves essentially acknowledge a core reality: On-chain capital is insufficient to cover on-chain risks. Three inherent flaws cannot be eliminated: insurance pools are too small, risks are highly correlated, and the same group that adjudicates claims also provides the capital.
Nexus Mutual has $81.56 million in total value locked according to DeFiLlama, accounting for 85% of the DeFi insurance market share. Other peers continue to shrink: InsurAce peaked at $150 million TVL, now only $132,000 left; after the 2022 UST depeg, it only settled one major claim. Sherlock's pool shrunk from $60 million to $505,000 within a year. Unslashed Finance has millions of dollars trapped in old, un-updated code since late 2024. Other insurance projects have either shut down completely or pivoted to different business models.
A lighthouse warns all ships of hidden reefs, but it cannot charge passing vessels a usage fee, so it's hard for anyone to voluntarily fund its construction. The benefits are shared by all, but the cost is borne solely by the builder.
The value of DeFi insurance lies precisely in preventing the spread of chain-reaction liquidation crises. Assets in the crypto market are highly interconnected. Only when everyone insures simultaneously can overall market stability be maintained. But if everyone expects others to buy insurance as a backstop while they themselves are unwilling to bear the premium cost, ultimately no one will buy insurance, and the risk protection system will be meaningless. Protection without anyone actively providing a safety net ultimately cannot safeguard any assets.
