Profits are drained by premiums, underwriting capital is severely insufficient, and systemic risk remains unresolved.

Written by: Thejaswini M A

Translated by: Luffy, Foresight News

"Insurance is purely a scam," this is almost everyone's consensus in the market.

It makes sense that people think this way. Citigroup developed an algorithm that can directly deny claims without reviewing medical records. UnitedHealth stops paying for nursing care as soon as the algorithm-defined timeframe expires, completely ignoring the attending physician's treatment advice. The traditional insurance business model has always been: first collect customer funds, pocket a high commission, and then set thresholds to obstruct claims.

Today, while bank deposits are protected by the Federal Deposit Insurance Corporation (FDIC), the payout limit is only $250,000, a standard that has hardly been adjusted since it was established in 1934. Broker accounts are protected by the Securities Investor Protection Corporation (SIPC), with a limit of $500,000; if account assets exceed that amount, the protection becomes meaningless. The protection recognized by the public is far less than reality, and the payout limit is entirely set unilaterally by the insurance companies.

DeFi insurance was expected to completely solve this pain point: eliminating intermediaries, as long as the preset conditions of the smart contract are triggered, payouts are executed automatically, thoroughly eliminating the space for malicious claim denials.

But the reality is that almost no one is buying it. Insurance premiums will greatly erode investment returns; after deducting the premiums, the remaining returns cannot match the investment risks borne by users.

This article will explain the current market situation and why, even if everyone wants to solve this problem, it is challenging to reverse the core root of the predicament.

Nexus Mutual is currently the largest DeFi insurance provider, and since its launch in 2019, its total claims paid amount to just over $18 million.

Data Source: Dune Analytics

In April 2026, Kelp DAO suffered a hacking attack, losing as much as $292 million. The amount stolen in this incident is equivalent to 16 times the total claims payout of this leading insurance institution over seven years.

This starkly contrasts with the traditional insurance's rampant claim denial situation. Traditional insurance collects high premiums but goes to great lengths to hinder claims payout; whereas DeFi insurance has meager premium income, the root cause is that almost no investors are willing to insure.

Traditional insurance operates stably because the risks are uncorrelated. A house catching fire does not damage the houses of other residents. Insurance companies can sell policies to 1 million users, and a single fire claim can be fully covered by all premiums collected. However, DeFi lacks such a risk isolation mechanism: oracle failures, cross-chain bridge vulnerabilities, and other security incidents can have a cascading impact on all funding pools and lending agreements built on that underlying asset. During the USDC de-pegging event in March 2023, all protocols using USDC as collateral were affected. For DeFi insurance pools, risks are highly correlated; the insurer can only bet that losses from security incidents can be controlled and that the insurance pool funds are sufficient to cover them.

In March 2023, $197 million was stolen from Euler Finance, resulting in rapid cascading risks: Angle Protocol lost $17 million due to holding Euler’s liquidity tokens, and Yield Protocol urgently halted operations, affecting several other platforms, including Inverse Finance.

Once a protocol has a security vulnerability, it often impacts multiple projects, and extreme single-day incidents can directly deplete all payout reserves of the insurance pool.

I compiled the current premium rates of Nexus Mutual and InsurAce and compared them with the native annualized returns of their insured protocols: Aave V3 has an annualized yield of about 3.14%, with insurance premiums ranging from 1.5%–2.5%, leaving a net return of only 0.6%–1.6% after deducting premiums. Investors are taking on on-chain security risks, while their final returns are only slightly higher than regular bank savings.

Yield conditions for Morpho, Compound, and Spark are similar, with native annualized yields of 3.5%–4%, and premiums eating up one-third to half of the yield. Although there are still slight profits, the cost-performance ratio is extremely low.

Maple Finance's institutional lending liquidity pool has annualized yields of 4.77%–4.90%, but the insurance rates are as high as 3%–6%, resulting in net returns after insurance ranging from -1.1% to 1.9%. Ethena's staking annualized yield is 3.6%–4%, with similar insurance premiums at 3%–6%, leading to net returns of -2.4% to 1%. Purchasing insurance on these two types of platforms could, in extreme cases, result in losses on the principal for investors.

Only the original MakerDAO (Sky) shines. Its savings product has an annualized yield of 3.6%, and the lowest insurance rate is only 0.11%, widely recognized as the lowest risk target in DeFi. After insurance, the net yield remains at 2.8%–3.5%, allowing most of the gains to be retained.

Premium pricing strictly corresponds to risk levels, but the premiums of emerging platforms are excessively high, directly consuming the high returns that users seek when entering.

Crypto investors choose to forgo insurance not out of laziness or recklessness; they know that in most cases, purchasing insurance is equivalent to a total loss of returns. Even if all DeFi depositors were to choose full insurance tomorrow, the entire industry lacks the capacity to meet the demand: Nexus Mutual has a total capital pool of about $81.56 million, while the effective insurance capacity of the entire industry is a few hundred million dollars, while major protocols have locked assets amounting to hundreds of billions, creating a stark contrast in supply and demand.

If a major security incident of Kelp DAO's level were to occur, a single claim would directly deplete most of the insurance reserves in the industry.

The $18 million historical total claims amount precisely exposes the vulnerability of the industry's funding pools; the entire market has never experienced a catastrophic risk event that could breach the insurance reserves.

When a user initiates a claims request to Nexus Mutual, it requires voting by all platform member holders to decide whether to approve the claim. Members who vote in support of the claim; if the claim ultimately fails to be paid, their own assets will be directly affected. This mechanism inherently induces a tendency to deny claims. Traditional insurance specifically establishes underwriters and claim adjusters to balance conflicts, while DeFi insurance merges ownership and responsibilities into the same group by design.

Before the 2008 financial crisis, financial risk pricing agencies generally believed that a nationwide housing price collapse was impossible, as they had never experienced it. Insurance giant AIG sold risk protection contracts on a massive scale, but when the market crisis genuinely erupted, it was completely unable to pay out.

Before the U.S. government introduced FDIC bank deposit insurance, ordinary depositors had no asset safety net. The Great Depression forced the government to mandate bank insurance, making insurance a hard cost of banking operation.

In the DeFi space, no one can force protocols like Aave and Morpho to purchase insurance; smart contract deployment actions are entirely permissionless, and there is no entity that can forcibly require projects to configure risk protection. This also leads to the lack of a bottom mechanism to withstand extreme market conditions.

Nexus Mutual's three largest historical claims are: approximately $7.3 million paid in two installments due to the FTX collapse, $5 million paid due to TribeDAO being hacked, and $3.4 million paid to Euler Finance for the hacking incident. The combined amount of these three claims is almost equal to the total claims amount of $18.6 million accumulated over seven years by this platform.

Now this mutual insurance platform is shifting towards proactive risk prevention, collaborating with security audit firms like Immunefi, Cantina, and Sherlock to launch a bounty protection product for vulnerabilities, where the protocol party only needs to bear 20% of the key vulnerability bounty, and the remaining funding is covered by Nexus Mutual, incentivizing white-hat hackers to investigate vulnerabilities and preventing theft incidents from the source. Meanwhile, Nexus Mutual is planning to launch compliant insurance sub-accounts, attempting to link crypto risks to reinsurance capital pools and introduce larger external capital to boost underwriting capacity.

Cantina will take a step further in March 2025, launching independent native protocol protection products, which will allow users to still receive payouts after a hack even if the vulnerability was not discovered in advance by bounty hunters.

These two transformation moves essentially acknowledge one core reality: on-chain capital is insufficient to cover on-chain risks. The insurance pool's size is too small, risks are highly correlated, and the decision-making entities for claims and funding providers are the same group—three severe flaws that cannot be eradicated.

Nexus Mutual has locked assets amounting to $81.56 million, accounting for 85% of the entire DeFi insurance sector's market share according to DeFiLlama statistics. Its peers have continuously shrunk in scale: InsurAce peaked at $150 million but currently has only $132,000 left, having completed just one major claim after the UST de-pegging in 2022; Sherlock's funding pool shrank from $60 million to $505,000 within a year; Unslashed Finance has millions locked in outdated code that halted updates at the end of 2024. Other insurance projects have either completely shut down or changed their business tracks.

A lighthouse warns all ships of hidden reefs but cannot charge passing vessels for its use; therefore, it is difficult for anyone to voluntarily fund its construction. The benefits are shared by all, while the costs are borne solely by the builders.

The value of DeFi insurance lies in preventing a cascading liquidation crisis from spreading. The crypto market assets are highly interconnected, and only by having everyone simultaneously purchase insurance can overall market stability be maintained. However, if everyone relies on others to bear the insurance costs without being willing to take on the premium, ultimately, no one will allocate insurance, rendering the risk protection system ineffective. Without proactive support, there will ultimately be no protection for any asset.