The Unacceptable Risk of DeFi Insurance
Blockchain technology holds great promise as a reducer of transactional friction through disintermediation of traditional trust mechanisms; we’ve just begun to discover the many ways that confidence in math can compensate for counterparties’ lack of confidence in each other.
Public blockchain technology, as applied to finance, has gained the catchall label of decentralized finance, or DeFi, and it’s gained a lot of momentum: there are exchanges, lenders, borrowers, derivatives and many other applications in the rapidly growing DeFi ecosystem, which is estimated to be about 2 percent of the overall crypto landscape. Crypto purists are intent on building on-chain analogs for the entire financial system and beyond. While that is an understandable goal with many benefits, there’s at least one application that is not yet ready: DeFi insurance.
The theory of DeFi insurance is straightforward: the insured pays premiums into a pool and a smart contract is created which uses an oracle (a mutually agreed-upon, objective source of truth) to decide whether some coverage criteria have been met, which in turn does or does not programatically trigger a payout to the beneficiaries of the contract. In the case of earthquake insurance, for example, the smart contract might look at public USGS data to determine whether a point on a map experienced seismic activity above a specific magnitude, and automatically pay out based on that. In those cases where such a parametric determination of truth is possible, DeFi insurance is truly a killer application of the blockchain.
In cases where this is not possible, meaning, oracles can’t make the determination – such as to what degree an earthquake actually damaged a building – members of the DeFi pool review and vote on claims. The problem here is that members of the pool and the insured have misaligned incentives that favor the pool rejecting claims.
In cases where claims are unjustly rejected in the traditional insurance world, the insured can look to the courts for redress. In the DeFi space, such recourse doesn’t exist.
This is the DeFi insurance governance problem and it’s a big one – but it’s not even the biggest, which comes into play even before the policy is written: the actuarial problem, which is a particularly acute one when it comes to the protection of cryptoassets.
In order for the economics of insurance to work, the future must be predictable to a high degree of reliability – something that’s only possible when many similar past events are known to a high degree of accuracy. Precisely knowing how often an insurable event has occurred makes it easier to anticipate how likely it is to happen again and this informs underwriting decisions. This is only possible in the presence of large amounts of historical data which, for example, the automobile industry enjoys access to, but which the blockchain space as of yet does not.
Sure, $4 billion in crypto was stolen from custodial wallets in 2021 and many billions more during the previous decade, but the scores of security breaches behind these losses is not a large enough sample size to be actuarially meaningful.
To make up for that lack of actuarial data, experts need to conduct labor-intensive investigations of the human, technological and operational risks that define a platform, in order to make sound underwriting decisions. To do otherwise is to write policies that fail to accurately apprehend risk, resulting in poor outcomes for the insurer or the insured, and likely both.
Given the inability of DeFi to fill the actuarial gap, one of two things will necessarily happen. Either DeFi policies will be forced to cover all possible risks, or an extremely narrow slice of them.
The economics of this duality allows for only three possible outcomes:
- Comprehensive coverage only made possible by unreasonably high premiums – on the order of 50-100% of the insured asset value annually.
- Narrow coverage that is reasonably priced but useless due to how little risk (if any) is actually covered.
- Comprehensive coverage that is priced reasonably but which exposes the DeFi insurance pool to a degree of risk that will inevitably threaten its solvency.
When those are the rules of the game, the only sound option is not to play. And indeed, in the case of insurance for cryptoassets, overwhelmingly there is very little game to be found, as traditional insurers recognize that their lack of actuarial data and specialized knowledge makes this space a non-starter for them. This is understandable, considering the significant losses resulting from the insurance industry’s early rush to sell cyber policies without the resources needed to make sound underwriting decisions.
Meanwhile, investors are awarding most any project sporting the DeFi sobriquet with an unreasonable amount of resources in the belief that every corner of finance deserves to be mirrored on-chain. The simple fact is, that’s not the case: there is simply no way at this nascent stage of DeFi to be able to create a meaningful and sustainable insurance solution for the theft or loss of cryptoassets that exists solely on-chain.
The continued irrational exuberance for DeFi insurance threatens the larger crypto ecosystem for two reasons.
First, it denies resources to projects that actually can de-risk crypto, and in so doing, pave the way for larger players that would invest more into the space, if they could do so without exposure to excessive losses due to theft or technology failure.
Second, it gives the broader market the false impression that cryptoassets are being protected, when in reality, current capacity sits at around $5 billion – a true drop in the bucket of (what once was and most certainly will be again) multi-trillion dollar sector.
Does all this mean that there cannot be on-chain insurance solutions? Thankfully, no.
While there are deep structural flaws to overcome, it is possible, especially when tackled by cryptonatives. Whatever the result, it must be one in which the solution is grounded in a reasonable legal jurisdiction, has independent claims oversight, and allows for rigorous underwriting, policy design, and claims adjusting. Indeed, Evertas is working to devise just such a solution.
Such a schema would represent the biggest transformation the insurance industry has experienced in generations, as it would bring about a genuine melding of the newest and oldest business technologies into something both revolutionary and sustainable. Until then, the risk of purely DeFi “insurance” remains an unacceptable and unsustainable one.