"Insurance is purely a scam," seems to be the consensus of almost everyone in the market.
It's understandable why people think this way. Cigna in the US developed an algorithm that directly denies claims without reviewing medical records. UnitedHealth stops paying for care once an algorithm's timer expires, completely ignoring the attending physician's recommendations. The traditional insurance business model has always been: collect customer funds first, take a hefty cut, and then layer on hurdles to obstruct claims.
Today, bank deposits are insured by the FDIC, but the coverage cap is only $250,000, a standard set in 1934 and barely adjusted since. Brokerage accounts are protected by SIPC with a $500,000 limit. Once account assets exceed that amount, the protection is virtually useless. The perceived level of protection is far less than the reality, with payout caps set unilaterally by insurance companies.
DeFi insurance held the promise of solving this pain point entirely: eliminate intermediaries. As long as the pre-set conditions in the smart contract are triggered, payouts execute automatically, completely removing the possibility of malicious human denial.
But the reality is that almost no one is buying it. Insurance premiums heavily erode investment yields. After deducting premiums, the remaining returns simply don't match the investment risks users are taking.
This article explains this market reality and the core reasons why it's difficult to reverse this predicament, even if everyone wants to solve the problem.
Nexus Mutual is currently the largest DeFi insurance provider. Since its launch in 2019, its cumulative payout total is just over $18 million.
In April 2026, Kelp DAO suffered a hack, losing a staggering $292 million. This single theft amount is 16 times the total payouts made by this leading insurance institution over seven years.
This presents an extreme contrast to the current state of traditional insurance, which collects high premiums but does everything to obstruct claims. DeFi insurance has meager premium income, rooted in the fact that almost no investors are willing to buy coverage.
The core reason traditional insurance can operate stably is that risks are not correlated. One house catching fire doesn't cause damage to other houses. An insurance company can sell policies to 1 million customers, and a single fire claim can be covered by the collective premiums. But DeFi lacks this risk isolation mechanism: security incidents like oracle failures or cross-chain bridge vulnerabilities can chain-react and impact all liquidity pools and lending protocols built on that underlying asset. The USDC de-pegging event in March 2023 immediately affected all protocols using USDC as collateral on that day. For a DeFi insurance pool, risks are highly correlated. The underwriter can only bet that the losses from a security incident are controllable and that the pool's funds are sufficient to cover them.
In March 2023, Euler Finance was hacked for $197 million, and the chain risk spread rapidly: Angle Protocol lost $17 million due to holding Euler liquidity tokens, Yield Protocol shut down operations urgently, and other platforms like Inverse Finance were also affected.
Once a protocol has a security vulnerability, it often affects multiple projects. A single extreme incident in one day could directly deplete the entire payout reserve of an insurance pool.
I've compiled the current premium rates for Nexus Mutual and InsurAce, comparing them to the native annual percentage yield (APY) of the protocols they cover: The APY for USDC deposits on Aave V3 is about 3.14%. The insurance premium range is 1.5%–2.5%. After deducting the premium, the net yield is only 0.6%–1.6%. Investors take on on-chain security risks only to end up with a return slightly higher than an ordinary bank savings account.
The yield situations for Morpho, Compound, and Spark are similar, with native APYs of 3.5%–4%. Premiums eat up one-third to half of the yield. While there's still a tiny profit, the cost-performance ratio is extremely low.
Maple Finance's institutional lending pools offer an APY of 4.77%–4.90%, but the insurance premium rate is as high as 3%–6%. The net yield after insurance ranges from -1.1% to 1.9%. Ethena staking offers an APY of 3.6%–4%, with premiums also at 3%–6%, resulting in a net yield of -2.4% to 1%. Buying insurance on these two types of platforms can, in extreme cases, lead to investors losing their principal.
Only the original MakerDAO (Sky) stands out. Its savings product offers a 3.6% APY, with the lowest insurance premium being just 0.11%. It's widely recognized as the lowest-risk entity in DeFi. After insurance, the net yield remains at 2.8%–3.5%, preserving most of the returns.
Premium pricing strictly corresponds to risk level, but premiums for emerging platforms are too high, directly consuming the high yields users are seeking by entering the market.
Crypto investors choose to forgo insurance not out of laziness or recklessness; they understand that in most cases, buying insurance equates to zero returns. Even if all DeFi depositors decided to fully insure their assets tomorrow, the entire industry could not meet the demand: Nexus Mutual's total pool size is about $81.56 million. At most, the entire industry's effective coverage capacity is a few hundred million dollars, while the total value locked (TVL) across major protocols is hundreds of billions. The gap between supply and demand is astronomical.
A single large-scale security incident like Kelp DAO's could directly drain the vast majority of the industry's insurance reserves.
The historical payout total of $18 million precisely exposes the fragility of the industry's capital pools. The market has never experienced a catastrophic risk event severe enough to break through the underwriting reserves.
After a user submits a claim to Nexus Mutual, all token-holding members of the platform must vote to decide whether to pay out. Members who vote in favor of a payout risk having their own assets directly impacted if the payout ultimately fails. This mechanism naturally fosters a tendency to deny claims. Traditional insurance specifically employs underwriters and claims adjusters to balance such conflicts, while DeFi insurance design merges all responsibilities and rights into the same group.
Before the 2008 financial crisis, financial risk pricing agencies generally believed a nationwide housing price collapse in the US was impossible because they had never experienced one. Insurance giant AIG sold massive amounts of risk protection contracts, yet was completely unable to pay when the market crisis actually erupted.
Before the US government introduced FDIC deposit insurance, ordinary depositors had no safety net for their assets. The Great Depression forced the government to mandate bank insurance, making it a mandatory cost of doing business for banks.
In the DeFi space, no one can force protocols like Aave or Morpho to buy insurance. Smart contract deployment is completely permissionless. There is no entity that can compel projects to configure risk coverage, which also leads to the industry lacking a safety net to withstand extreme market conditions.
The three largest payouts in Nexus Mutual's history are: approximately $7.3 million paid in two batches for the FTX collapse, $5 million for the TribeDAO hack, and $3.4 million for the Euler Finance hack attack. Combined, these three amounts almost equal the platform's seven-year cumulative payout total of $18.6 million.
Now, this mutual insurance platform is pivoting towards proactive risk prevention. It has partnered with security audit firms like Immunefi, Cantina, and Sherlock to launch bug bounty protection products. The protocol only needs to bear 20% of the critical bug bounty, with Nexus Mutual covering the rest, incentivizing white-hat hackers to find vulnerabilities upfront and avoid theft incidents from the source. Meanwhile, Nexus Mutual is expanding into compliant insurance tranches, attempting to connect crypto risks to reinsurance capital pools, introducing larger volumes of external capital to supplement underwriting capacity.
Cantina took a step further in March 2025 by launching independent native protocol protection products. Even if a vulnerability isn't discovered early by a bounty hunter, users can still receive a payout if the protocol is hacked.
Both of these strategic pivots essentially acknowledge a core reality: on-chain native funds are insufficient to cover on-chain risks. The insurance pool size is too small, risks are highly correlated, and the claims adjudicators are the same group as the capital providers. These three inherent flaws cannot be eradicated.
Nexus Mutual has a TVL of $81.56 million according to DeFiLlama, holding an 85% market share of the entire DeFi insurance sector. Other players are continuously shrinking: InsurAce peaked at $150 million TVL, now only $132,000 remaining, completing only one major payout after the 2022 UST de-pegging; Sherlock's pool shrank from $60 million to $505,000 within a year; Unslashed Finance has millions trapped in old code that stopped updating in late 2024. Other insurance projects have either shut down completely or pivoted to different business models.
A lighthouse warns all ships of hidden reefs but cannot charge passing vessels a usage fee, making it hard for anyone to voluntarily fund its construction. The benefits are shared by all, but the cost is borne solely by the builder.
The value of DeFi insurance is precisely to prevent the spread of chain-reaction liquidation crises. Assets in the crypto market are highly interconnected. Only when everyone insures simultaneously can overall market stability be maintained. But if everyone expects others to buy insurance and bear the cost, unwilling to shoulder the premium themselves, eventually no one will purchase coverage, and the risk protection system becomes nominal. Protection with no one actively backing it ultimately safeguards no assets.
