NewsFlash Articles Data Fundraising Skill&API

Why Isn't Anyone Buying DeFi Insurance?

Read this article in 15 Minutes

DeFi insurance was originally seen as a way to use smart contracts to address traditional insurance claim issues. However, in reality, due to high risk correlation, premium erosion, underfunded capacity, and claims mechanism flaws, it has always been difficult to form an effective market.

Original Title: Nobody Buys DeFi Insurance
Original Author: Thejaswini M A, Token Dispatch
Original Translation: Luffy, Foresight News

"Insurance is nothing but a scam," this is almost a consensus among everyone in the market.

This perception is not entirely unfounded. The American insurance company Cigna has developed an algorithm that can deny claims without even reviewing the medical records. UnitedHealthcare, at the algorithm's predefined time, stops coverage payments disregarding the treating physician's medical advice. The traditional insurance business model has always been to collect customer funds, withhold a significant portion, and then create multiple barriers to claims.

Although bank deposits are insured by the Federal Deposit Insurance Corporation (FDIC), the coverage limit is only $250,000, a standard set in 1934 and rarely adjusted since. Brokerage accounts are protected by the Securities Investor Protection Corporation (SIPC) with a limit of $500,000; once the account assets exceed this amount, the protection becomes virtually meaningless. The perceived level of protection by the public is far below reality, and the claim limit is unilaterally determined by the insurance companies.

DeFi insurance was expected to completely address this pain point: removing intermediaries so that when the predefined conditions of a smart contract are met, the payout is automatically executed, eliminating any room for malicious denial of claims.

However, the reality is that almost no one is buying. Insurance premiums substantially erode investment returns, and after deducting the premium, the remaining returns cannot possibly match the investment risk undertaken by the user.

This article will explain the current state of the market and why, even though everyone wants to solve this problem, it is difficult to reverse the core root of the dilemma.

Nexus Mutual is currently the largest DeFi insurance provider. Since its launch in 2019, the total claims paid amount to just over $18 million.

Data Source: Dune Analytics

In April 2026, Kelp DAO fell victim to a hack, suffering a loss of up to $292 million. The stolen amount from this single incident is equivalent to 16 times the total claims paid by this leading insurance company over seven years.

This extreme contrast with the current state of traditional insurance's aggressive claims denial. Traditional insurance charges high premiums but goes to great lengths to obstruct claims, while DeFi insurance, with minimal premium income, fundamentally struggles due to the lack of investors willing to take out policies.

Traditional insurance is able to operate stably because the core lies in the lack of correlation between risks. If one house catches fire, it will not affect other houses in the neighborhood. An insurance company can sell policies to 1 million users, and a single fire claim can be completely covered by all premiums collected. However, DeFi lacks this risk isolation mechanism: events such as oracle failures, cross-chain bridge vulnerabilities, and other security incidents can have a cascading impact on all liquidity pools and lending protocols built on top of the affected underlying asset. In March 2023, the USDC depegging event resulted in all protocols using USDC as collateral being affected on the same day. For DeFi insurance pools, risks are highly correlated, and the underwriter can only bet that the losses from a security incident are manageable, with the insurance pool funds sufficient to cover them.

In March 2023, Euler Finance was hacked for $197 million, and the cascade of risks quickly spread: Angle Protocol suffered a $17 million loss due to holding Euler LP tokens, Yield Protocol halted operations urgently, and other platforms like Inverse Finance were also impacted.

Once a protocol experiences a security vulnerability, it often affects multiple projects, and a single-day extreme event can even directly deplete the entire insurance pool's reserve for claims.

I have compiled the current premium rates for Nexus Mutual and InsurAce, comparing them to the native annual percentage yield (APY) of their underwritten protocols: The USDC savings APY in Aave V3 is approximately 3.14%, with insurance premium ranges of 1.5%-2.5%. After deducting the premium, the net yield is only 0.6%-1.6%. Investors are taking on on-chain security risks, with the final net yield slightly higher than a regular bank savings account.

Morpho, Compound, and Spark have similar earnings, with native APY ranging from 3.5% to 4%. The premium eats up one-third to half of the earnings, resulting in meager profits, making the cost-effectiveness extremely low.

Maple Finance's institutional lending pool offers an APY of 4.77%-4.90%, but the insurance premium rate is as high as 3%-6%, resulting in a net yield after insurance of -1.1% to 1.9%. Ethena's staking APY is 3.6%-4%, with premiums also at 3%-6%, leading to a net return of -2.4% to 1%. Purchasing insurance on these platforms could, in extreme cases, result in investors experiencing losses of their principal.

Only the original MakerDAO (Sky) stands out. Its savings product has an APY of 3.6%, with the lowest insurance premium rate at only 0.11%. It is widely considered by the market as the lowest-risk DeFi asset, maintaining a net yield of 2.8%-3.5% after insurance, with the majority of earnings preserved.

Premium pricing strictly corresponds to risk level, but the premiums on emerging platforms are too high, directly consuming the high returns that users pursue upon entry.

Crypto investors choosing to forego insurance is not out of laziness or recklessness. They are well aware that in most cases, purchasing insurance is equivalent to a net loss of returns. Even if all DeFi users were to uniformly opt for full coverage tomorrow, the entire industry would be unable to meet the demand: Nexus Mutual's total pool size is around $81.56 million, the industry's effective coverage capacity is at most a few billion dollars, while the total locked assets of major protocols amount to hundreds of billions, highlighting a stark supply-demand gap.

In the event of a large-scale security incident like the Kelp DAO, a single claim would directly deplete the vast majority of the industry's insurance reserves.

The $18 million total historical claims payout has ironically exposed the vulnerability of the industry's pool of funds. The entire market has never experienced a highly catastrophic event that is capable of depleting the insurance reserves.

After a user submits a claim to Nexus Mutual, a vote by all platform token holders is required to determine whether the claim should be paid out. Token holders who vote in favor of a claim and then the claim fails to be paid out will incur a direct loss of their assets. This mechanism inherently fosters a tendency to reject claims. Traditional insurance companies have dedicated underwriters and claims adjusters to balance these conflicts, while in DeFi insurance design, all ownership responsibilities are merged into the same group.

Before the 2008 financial crisis, financial risk pricing institutions generally believed that a nationwide housing market collapse in the U.S. was impossible, as they had never experienced it firsthand. Insurance giant AIG sold a large number of risk protection contracts, but when the market crisis actually erupted, they were completely unable to pay out.

Prior to the U.S. government introducing FDIC bank deposit insurance, ordinary depositors had no assets secured as a last resort. The Great Depression compelled the government to mandatorily implement bank insurance, making insurance a fixed cost of bank operations.

In the DeFi field, no one can compel protocols like Aave and Morpho to purchase insurance. Smart contract deployment is entirely permissionless, with no entity able to enforce risk protection requirements on projects, leading to a lack of mechanisms to withstand extreme market conditions.

Nexus Mutual's three largest historical claims were: FTX rug pull with two batches of payouts totaling around $7.3 million, TribeDAO hack with a $5 million payout, and Euler Finance hack with a $3.4 million payout. The combined total of these three claims is almost equivalent to the platform's accumulated $18.6 million in claims payouts over seven years.

Now, this mutual aid insurance platform is shifting towards preemptive risk control, collaborating with security audit firms such as Immunefi, Cantina, and Sherlock to introduce a bug bounty protection product. Protocols only need to bear 20% of the critical bug bounty, with Nexus Mutual providing the remaining funds as a backstop, proactively incentivizing white-hat hackers to discover vulnerabilities and prevent hack incidents. At the same time, Nexus Mutual is expanding into compliance insurance compartments, attempting to connect crypto risks with reinsurance pools, introducing larger external capital to supplement underwriting capacity.

In March 2025, Cantina took a further step and launched a standalone native protocol cover product. Even if a vulnerability is not discovered in advance by a bug bounty hunter, users can still receive compensation after the protocol is hacked.

These two transformational steps both fundamentally acknowledge a core reality: on-chain assets alone are not sufficient to cover on-chain risks. The insurance pool is too small, risks are highly correlated, and the claims adjudicator and capital provider are the same group, making it impossible to eliminate three major flaws.

Nexus Mutual, with $81.56 million in locked funds as per DeFiLlama, commands an 85% market share of the entire DeFi insurance track. Other peers have seen continuous shrinkage: InsurAce, which peaked at $150 million in locked funds, now only has $132,000, and since the UST debacle in 2022, has only settled one major claim; the Sherlock pool has shrunk from $60 million to $505,000 within a year; Unslashed Finance has millions of dollars stuck in outdated code that stopped receiving updates at the end of 2024. The remaining insurance projects have either closed down completely or pivoted their business track.

A lighthouse warns all passing ships of the reef but cannot charge a user fee to passing vessels, making it difficult for anyone to voluntarily contribute to building the lighthouse. While the rewards are shared by all, the costs are borne solely by the builder.

The value of DeFi insurance lies in preventing the propagation of a cascading liquidation crisis. With highly interconnected crypto market assets, only when everyone is simultaneously insured can overall market stability be maintained. However, if everyone expects others to provide insurance coverage while being unwilling to bear the premium costs themselves, eventually, no one will purchase insurance, rendering the risk protection system meaningless. Protection without proactive support from anyone cannot ultimately safeguard any assets.