Why don't people buy DeFi insurance?

Original Title: Nobody Buys DeFi Insurance
Original Author: Thejaswini M A, Token Dispatch
Original Translation: Luffy, Foresight News

Original Author: Rhythm BlockBeats

Original Source:

Reprint: Mars Finance

"Insurance is a pure scam." This is almost the consensus of the entire market.

Thinking this way is not unreasonable. Cigna has developed an algorithm that can deny claims without reviewing medical records. UnitedHealthcare stops paying for care after a preset algorithm time expires, completely ignoring the attending physician's diagnosis. The business model of traditional insurance has always been: first collect customer funds, take a high cut, then set up layers of obstacles to block claims.

Now, bank deposits are insured by the FDIC, but the payout limit is only $250k, which has hardly been adjusted since its establishment in 1934. Brokerage accounts are protected by SIPC, with a limit of $500k. Once account assets exceed that value, protection is essentially void. The protection perceived by the public is far less than reality, and payout limits are set unilaterally by insurers.

DeFi insurance was supposed to completely solve this pain point: remove middlemen, and as long as the preset conditions of the smart contract are triggered, claims are executed automatically, eliminating any room for malicious denial.

But the reality is almost no one buys it. Insurance premiums significantly erode investment returns. After deducting premiums, the remaining returns simply cannot match the investment risk users take on.

This article explains the current market situation and the core reasons why it is hard to reverse even though everyone wants to solve it.

Nexus Mutual is currently the largest DeFi insurance provider. Since its launch in 2019, its total claims paid amount to only over $250k.

In April 2026, Kelp DAO suffered a hacker attack, losing up to $292 million. This single theft amount is 16 times the total claims paid by this leading insurance company in seven years.

This starkly contrasts with traditional insurance's aggressive denial of claims. Traditional insurance charges high premiums but does everything to block claims; DeFi insurance has meager premium income, primarily because almost no investors want to buy coverage.

The stable operation of traditional insurance relies on risks being uncorrelated. One house catching fire does not cause neighboring houses to burn. Insurers can sell policies to 1 million users, and a single fire claim can be covered by all premiums. But DeFi lacks such risk isolation: security events like oracle failures or cross-chain bridge vulnerabilities can chain-react and affect all capital pools and lending protocols built on the underlying asset. In March 2023, the USDC depeg event affected all protocols that used USDC as collateral that same day. For DeFi insurance pools, risks are highly correlated. Underwriters can only bet that losses from security incidents are controllable and that the pool's funds are sufficient to cover them.

In March 2023, Euler Finance was hacked for $197 million, causing chain risk to quickly spread: Angle Protocol lost $17 million due to holding Euler liquidity tokens, Yield Protocol urgently shut down business, and Inverse Finance and several other platforms were also affected.

Once a protocol has a security vulnerability, it often affects multiple projects. An extreme single-day incident could even drain the entire insurance pool's claim reserves.

I compiled current premium rates from Nexus Mutual and InsurAce, comparing them to the native annualized yields of the protocols they cover: Aave V3's USDC deposit annualized yield is about 3.14%, with insurance premiums ranging from 1.5% to 2.5%. After deducting premiums, net yield is only 0.6%–1.6%. Investors take on-chain security risks for a final return only slightly higher than ordinary bank savings.

Morpho, Compound, and Spark have similar returns: native annualized yields of 3.5%–4%, with premiums eating one-third to half of the yield. Although there is still a thin profit, the cost-performance ratio is extremely low.

Maple Finance's institutional lending pool has an annualized yield of 4.77%–4.90%, but insurance rates are as high as 3%–6%, resulting in net yields of -1.1% to 1.9%. Ethena's staking annualized yield is 3.6%–4%, with similar premiums of 3%–6%, net yield -2.4% to 1%. For these two platforms, investors may even see principal losses in extreme cases.

Only original MakerDAO (Sky) performs well. Its savings product yields 3.6% annualized, with the lowest insurance rate of only 0.11%. The market generally considers it the least risky asset in DeFi. After insurance, net yield remains 2.8%–3.5%, retaining most of the return.

Premium pricing strictly corresponds to risk levels, but premiums on emerging platforms are too high, directly consuming the high returns that users seek.

Crypto investors choose not to insure not out of laziness or recklessness. They understand that in most cases, buying insurance equates to zero returns. Even if all DeFi depositors decided to fully insure tomorrow, the entire industry would be unable to handle the demand: Nexus Mutual's total pool is about $81.56 million, and the industry's effective coverage capacity is at most a few hundred million dollars. Meanwhile, the TVL of major protocols is hundreds of billions, an enormous supply-demand gap.

If a large security incident like Kelp DAO occurs, a single claim could drain most of the industry's insurance reserves.

The $18 million in historical claims precisely exposes the fragility of the industry's capital pool. The entire market has never experienced a massive risk event that could break through underwriting reserves.

When a user files a claim with Nexus Mutual, the decision on whether to pay out is made by a vote of all platform token holders. Members who vote for the claim will see their own assets directly affected if the claim ultimately fails. This mechanism naturally encourages a tendency to deny claims. Traditional insurance has dedicated underwriters and claims adjusters to balance conflicts, while DeFi insurance design merges all responsibilities into the same group.

Before the 2008 financial crisis, financial risk pricing agencies generally believed that a nationwide housing price collapse was impossible because they had never experienced it. Insurance giant AIG sold large volumes of risk protection contracts but was completely unable to pay when the crisis actually hit.

Before the U.S. government introduced FDIC bank deposit insurance, ordinary depositors had no safety net for their assets. The Great Depression forced the government to mandate bank insurance, making it a hard cost of banking operations.

In DeFi, no one can force protocols like Aave or Morpho to buy insurance. Smart contract deployment is completely permissionless, and no entity can mandate that projects allocate risk protection. This also leaves the industry without a mechanism to withstand extreme market events.

The three largest claims in Nexus Mutual's history are: FTX collapse (two batches totaling about $7.3 million), TribeDAO hack ($5 million), and Euler Finance hacker attack ($3.4 million). The sum of these three claims almost equals the platform's total claims of $18.6 million over seven years.

Now, this mutual insurance platform is shifting to proactive risk prevention. It has teamed up with security audit firms like Immunefi, Cantina, and Sherlock to launch bug bounty protection products. Protocols only need to pay 20% of critical bug bounties, with Nexus Mutual covering the rest, incentivizing white-hat hackers to find vulnerabilities early and prevent theft. At the same time, Nexus Mutual is planning compliant insurance sub-accounts, aiming to connect crypto risk with reinsurance capital pools and bring larger external capital to enhance underwriting capacity.

In March 2025, Cantina went a step further by launching an independent native protocol protection product. Even if a vulnerability is not found by bounty hunters before an attack, users can still get compensated after a protocol is hacked.

Both transformations essentially acknowledge a core reality: on-chain funds are insufficient to cover on-chain risks. The insurance pool is too small, risks are highly correlated, and the group that decides claims is also the group that provides funds. These three fundamental flaws cannot be eradicated.

Nexus Mutual's TVL, as tracked by DeFiLlama, is $81.56 million, accounting for 85% of the entire DeFi insurance market. Other players continue to shrink: InsurAce peaked at $150 million TVL, now only $132k, and has made only one major claim since the UST depeg in 2022; Sherlock's pool shrank from $60 million to $505k within a year; Unslashed Finance had millions of dollars locked in old code that stopped being updated by the end of 2024. The remaining insurance projects have either completely shut down or pivoted to other business tracks.

A lighthouse warns all ships of hidden rocks, but cannot charge passing vessels a fee, so no one is willing to build it voluntarily. Benefits are shared by all, but costs are borne by the builder alone.

The value of DeFi insurance is to prevent the spread of chain liquidation cascades. Since crypto market assets are highly interconnected, only when everyone insures simultaneously can overall market stability be maintained. But if everyone expects others to cover the cost while they avoid paying premiums, then no one will buy insurance, and the risk protection system will be ineffective.

Protection that no one voluntarily underwrites will ultimately protect nothing.