A primer on the insurability of decentralized finance (DeFi)

Abstract

Decentralized finance (DeFi), a blockchain-based form of alternative financial markets, has gained significant public attention in recent months. Despite its relatively short history, DeFi offers a range of opportunities for designing and transferring digital assets. This establishes market structures that bear resemblance to traditional financial markets. Notably, the landscape of DeFi projects has expanded to include insurance protocols that offer DeFi-inherent mechanisms for hedging DeFi-specific risks, particularly those associated with smart contracts. These insurance protocols aim to provide similar value propositions as traditional insurance, namely the minimization and transfer of risks in exchange for a premium. However, it is crucial to acknowledge that most of these risk transfer protocols are strongly dependent on subjective expectations and decentralized governance structures. This article aims to develop a taxonomical understanding of DeFi insurance. Moreover, it seeks to assess the insurability of risks related to smart contracts. By doing so, this study contributes to the emerging body of knowledge surrounding DeFi insurance, paving the way for further research and analysis in this evolving field.

1 Motivation and contribution

Since the beginning of the digital century, new challenges and prospects for the insurance industry related to new technological opportunities are discussed in different contributions (O’Hare, 1994; Bernheim, 1998; Punter, 2002; van den Berghe, 1998). Blondeau (2001) provides a particularly pertinent prediction: “We can bet that the Internet, for example, will be a mature technology within the next ten years and that it is changing the picture both in terms of demand and insurance risk” (Blondeau (2001), p. 151).

Today, the insurance industry faces a new challenge in the form of decentralized finance (DeFi), which introduces risks that are intangible and cannot be assessed using conventional actuarial methods. Unlike traditional insurance policies, DeFi insurance centers around digital contracts known as “smart contracts.” At present, DeFi insurance is in its nascent stage, with considerable scope for further development and exploration.

Figure 1 depicts recent developments of the total value locked (TVL)¹ in DeFi and its share covered by insurance policies of Nexus Mutual (Karp & Melbardis, 2017), one of the leading protocols for smart contract insurance as of early 2022.

Fig. 1

Overall TVL and TVL in DeFi covered by Nexus Mutual in %/TVL (data sources: Nexustracker (2022), DeFiLlama (2022))

The level of coverage exhibited significant variability, ranging from less than 0.01% to slightly below 1.6% during 2020 and 2021. A notable downward trend can be observed, starting from the second quarter of 2021 until the beginning of 2022. In January 2022, Nexus Mutual covered approximately 0.7% of all assets locked in DeFi. One reason for the strong downward trend of the TVL coverage ratio might be the continued exponential growth of TVL relative to the risk-bearing capital provided. While the TVL was still approximately USD 17 billion in November 2020, over USD 250 billion was observed for November 2021 (Statista, 2021), depicting a growth in no way comparable to Nexus Mutuals capitalization.²

On May 12, 2021, Nexus Mutual recorded its peak annualized premiums in force, reaching approximately USD 33.6 million.³ This amount corresponds to approximately 20% of the non-life gross premiums written in Nicaragua in 2020, which is the country with the lowest non-life written gross premiums globally, as illustrated in Table 1.

Table 1 Non-life insurance business written in selected OECD and non-OECD countries in 2020 (data source: OECD (2022))

In comparison to the top 5 countries in terms of written non-life premiums, the premiums written by Nexus Mutual are relatively insignificant. Despite the exponential growth of insurable risk in DeFi, the contribution of DeFi insurance to the global non-life insurance market remains limited. However, an examination of historical data regarding previous exploits within various DeFi settlement layers shows the significance of potential risks. Hence, the practical importance of risk transfer within DeFi increases alike. This paper aims to start a discussion on selected aspects of DeFi insurance by combining taxonomical considerations and empirical observations, and contributes threefold to its exploration. First, it presents a brief theoretical introduction to DeFi insurance in comparison with traditional lines of insurance. Second, it outlines a taxonomical framework for an advanced understanding of currently operating insurance protocols and potentially transferrable risks associated with DeFi. Third, it discusses the inherent insurability of a subset of those risks, smart contract risks, as the empirically most prevalent DeFi risk.

This study primarily concentrates on the DeFi asset category of utility tokens and the associated interaction with smart contracts, but also on payment tokens in direct connection with the settlement layers on which DeFi applications are executed. It is important to note that other asset categories such as security tokens, non-fungible tokens (NFTs), and other on-chain⁴ asset types, particularly those associated with real-world commodities, which have gained significant attention in recent months, are beyond the scope of this analysis.⁵

Following a brief introduction to related works in Sect. 2, Sect. 3 offers a focused thematic introduction that enables an in-depth discussion of DeFi insurance in subsequent sections. Section 4 presents a taxonomy that aligns with a prototypical insurance value chain and compares risk transfer in DeFi to traditional insurance lines. Section 5 delves into the examination of the general insurability of smart contract risks, in which the new taxonomy serves as a framework for this analysis. Finally, Sect. 6 concludes the study by summarizing the findings and highlighting potential areas for future research.

2 Related work

This paper is an interdisciplinary contribution at the intersection of insurance theory, computer science, and finance. Its primary objective is to address the research gap in the relatively unexplored domain of DeFi-inherently organized risk transfer facilitated through DeFi protocols. The contribution aligns with the growing body of literature dedicated to exploring DeFi, often referred to as the “lego of finance” (Popescu, 2020). Schär (2021) offers a comprehensive description of DeFi’s architecture, providing valuable insights into the current market landscape and its rapid development, while also addressing the overall risk perspective. Werner et al. (2021) deliver a delineation of the DeFi ecosystem regarding different dimensions, and outline open research challenges.

First, this analysis focuses on the transferability of risks associated with smart contracts, which encompass a wide range of consumer-oriented financial applications deployed on permissionless blockchain technologies (Jensen et al., 2021). Recent years have witnessed several discussions not only on the opportunities presented by smart contracts (Chen & Bellavitis, 2020), but also on their associated risk profiles (Chang et al., 2022). Atzei et al., (2017) provide an overview of past attacks on blockchain, EVM (Ethereum Virtual Machine), and the Solidity programming language, emphasizing the discrepancy between intended behavior and actual execution of smart contracts. Furthermore, various mitigation measures, such as formal verification (Almakhour et al., 2020; Osterland & Rose, 2020; Singh et al., 2020), game-theoretic methods (Zhang et al., 2019), and multi-bot approaches (Viglianisi et al., 2020), are already analyzed in literature. The inherent capability for risk transfer within DeFi remains an important consideration, especially considering the overall systemic fragility (Lehar & Parlour, 2022) of DeFi.

Second, the risks associated with DeFi partially overlap with those of general cyber and IT risks covered in typical cyber insurance. The main findings from seminal works on IT and cyber insurance, such as Richards (1986), Biener et al. (2015), Bodin et al. (2018), Kshetri (2020), and Peters et al. (2018), help to identify the precise differentiators between these fields.

Third, considering the organizational structure, DeFi risk transfer embodies a distinct technology-driven form of decentralized insurance, as conceptualized by Feng et al. (2023), operating without the need for legal recourse or regulatory intervention. The organizational perspective presented in this paper is not an isolated concept, but rather aligns with the notion of emerging competitive financial markets and the associated analysis of risks and opportunities (Auer et al., 2023).

Fourth, this contribution is concerned with the question of the extent to which the risks discussed can be classified as insurable in the inherently existing organizational form of insurance protocols. The discourse surrounding the insurability of risks is addressed in earlier publications (Berliner, 1982, 1985; Mehr & Cammack, 1976; Schmit, 1986). This paper extends the debate by emphasizing an overarching perspective on the insurability of smart contract risks. The discussions on insurability lie at the core of fostering a harmonized societal progress (Stahel, 2003).

Fifth, the objective of this paper is to provide a structured framework for understanding the intricacies of DeFi-related risk transfer within a specific subset of risks. It contributes to the growing body of literature addressing DeFi-inherent risk transfer, alongside works by Cousaert et al. (2021) and Nadler et al. (2022). However, it is important to distinguish this paper from contributions that discuss smart contracts as a supportive element within broader traditional insurance domains. Contributions such as those by Kar and Navin (2021), Abramowicz (2019), and Gatteschi et al. (2018) explore the integration of smart contracts in traditional insurance contexts with a wider scope.

3 Well-known principles in a different guise

Early forms of solidarity-based risk mitigation were prevalent in different social communities, such as trade associations and guilds, centuries ago (Swiss Re, 2017). The beginnings of modern insurance date back to the Great Fire of London in 1666 (Wuthrich, 2013). Today, insurance plays a decisive role in modern economies, facilitating the expansion of the economic possibilities of individuals and companies through better risk control and financial security, as discussed by Han et al. (2010), Liedtke (2007) and, in a solidarity-related sense, by Lehtonen and Liukko (2011). With the progressive development of monetary values and commercial activities in DeFi, risk transfer is increasingly demanded within the same domain. In line with contributions such as Schär (2021), DeFi is a collective term describing the establishment of code-based alternative financial markets based on various blockchain settlement layers. The main goal of DeFi is to reduce intermediaries in financial markets, to increase the authenticity and speed of monetary transactions, as well as to reduce frictions and improve the accessibility of financial services.

Schär (2021) depicts a comprehensive overview of all DeFi layers, including an economic perspective on the main DeFi applications and mechanisms. All individuals interacting with DeFi expose their digital assets (token) to a complex risk profile related to smart contracts. Smart contracts are a form of digital contracts deployed on a blockchain. Similar to traditional understandings, insurance and risk-hedging mechanisms in DeFi are intended to aggregate individual risks into larger liquidity pools. This increases the risk-bearing capacity of individuals and economic entities. Hence, DeFi insurance overall can be described as a well-known concept regarding purpose and economic relevance but is now hidden in a new guise in terms of the underlying risk transfer mechanism and insurance organization. Insurance protocols focus primarily on DeFi-inherent risks, but real-world risks such as flight delays and crop losses are also made insurable on-chain, such as those provided by Etherisc (2022).

3.1 Differentiation of DeFi insurance from traditional insurance lines

To disentangle the inherent novelty of DeFi insurance, the following section compares the policy-related characteristics of two major lines of traditional insurance, which address physical and digital risks related to information technologies, with DeFi insurance. Specifically, this analysis will delve into the question of why conventional IT insurance policies or cyber insurance policies currently do not or cannot take into account the newly identified risk vectors. In addition to this product-specific dimension, the degree of technological reliance of DeFi insurance is assessed and delineated from InsurTech projects as described by Neale et al. (2020). The product-based analysis considers three dimensions: the degree of formalization, risk exposure, and risk concentration, as shown in Fig. 2.

Fig. 2

Classification of digital insurance policy types

The degree of formalization refers to the organizational structure of the risk transfer, specifically whether it is managed through a central entity (the insurer) or through a decentralized form of organization. Risk exposure depicts whether predominantly real-world risks or digital-inherent risks are insured. Risk concentration indicates whether a specific central entity is affected by the risk or if the risk impacts various decentralized infrastructural entities.

Compared to conventional IT insurance as described by Richards (1986), DeFi differs in all three dimensions. Richards (1986) provides a list of insurable risks related to IT infrastructure, mentioning physical exposures such as access to the computer room or physical data backups as the most common central points of failure. DeFi insurance, on the contrary, deals solely with token-based digital assets that are primarily exposed to a complex digital risk profile, mostly decoupled from any physical possessions. This leads to differences in both risk concentration and risk exposure. Regarding the degree of formalization, in most cases, it is not possible to identify a liable legal entity responsible for claims settlement, as discussed in Sect. 4. In DeFi, transactional parties interact with each other through “on-chain” smart contract ecosystems, rather than through the legally secured and standardized structures found in conventional IT insurance.

Compared to cyber insurance, in line with the understanding of Biener et al. (2015), DeFi insurance shows crucial differences in two dimensions, as will be described with reference to Table 2.

Table 2 Comparison of organizational parameters between cyber and DeFi insurance policies

Cyber insurance incorporates the fact that physical hardware, such as computers, encounters additional digital risk profiles and digital attack vectors, following high levels of connectivity (Biener et al., 2015).

A common denominator of cyber insurance and DeFi insurance is related to risk exposure. Both lines cover risks induced by digital attack vectors, although the attacks on infrastructures typically protected with cyber insurance potentially entail more severe secondary implications of a physical or digital nature.⁶ This aspect will be further examined in Sect. 4, as it is evident that certain risks within the layer structure of DeFi are inherently encompassed within cyber policies.

A significant difference between the two lines of coverage is the degree of formalization, as well as the risk concentration. Formalization refers to “the act of giving something a fixed structure or form by introducing rules” (Oxford Learners Dictionary, 2023). In the context of insurance, this means above all clear insurance policy definitions and organizational structures, as well as, if applicable, a sound regulatory framework. Some risks in DeFi could arguably be categorized within cyber insurance policies, commonly found in the portfolios of most of the world's major insurers. However, insurance against new DeFi-inherent risks is not yet broadly⁷ offered by centralized insurers in the form of standardized products and, thus, mostly depends on informally organized, decentralized insurance protocols including internal and external dependencies. Risk transfer takes place in exactly the same environment in which the risks occur. For example, one of the main barriers to the replication of an existing policy line such as cyber insurance products in DeFi, or more generally for traditional insurers to offer coverage for DeFi-inherent risks, is the strong operational change required by the inherent characteristics of decentralized, public settlement layers such as Ethereum. Risk transfer for those inherent risks, on-chain, does not necessarily require (or even tolerate) a centralized insurance company, neither for premium determination nor for policy distribution.

Governance and sovereignty over insurance protocols usually require a decentralized design to be accepted by the community. This allows risk transfer at the level of protocols and, most importantly, facilitated and verified by the same cryptographic mechanisms as the insurable objects and associated interactions with smart contracts. Furthermore, the actuarial evaluation of DeFi risks poses a challenge for traditional insurers primarily in terms of the lack of historical data. Historical data are not available in sufficient length and detail. The most prevalent risk, smart contract risk, is also one of the most complex risks to be transferred, as Sect. 4.2 will outline. Overall, the result is a less formalized and decentralized market for risk transfer from the perspective of a traditional insurance understanding. Furthermore, corresponding legislation for DeFi insurance has not been established. Therefore, there is no key level of formalization either from the perspective of the risks covered or from the perspective of the controlling framework.

Risk concentration varies as well. In terms of cyber risks, mostly centralized elements, such as database systems, control systems or other risk locations at the interface between hardware and software, are insured. On the other hand, risk transfer in DeFi focuses on insuring smart contract risks within fully decentralized and public infrastructures such as the Ethereum blockchain. These infrastructures typically offer a high level of anonymity for both infrastructure and protocol users. In most cases, except for user wallets and crypto asset balances associated with their public keys or a smart contract account, no central risk location can be determined. In these scenarios, the only certainty lies in the fact that engaging with smart contracts exposes individual users to potential risks, specifically pertaining to token loss.

Finally, DeFi insurance sets itself apart from InsurTech ventures. Taking common definitions of InsurTech into account, DeFi insurance could be seen as a form of “disintermediary” InsurTech. Neale et al. (2020) describe a particular strategy type of InsurTech, the “disintermediaries”, as “[…] companies that compress the distribution chain, bypassing one or more parties in the insurance transaction” (Neale et al., 2020, p. 68). The operations of decentralized insurance protocols could fall into this category by definition since DeFi protocols offer, similar to the description of Neale et al. (2020), a risk exchange for non-complex, potentially high-volume risk transfers with automatic valuation of the risks. This will be further described in Sect. 4. However, DeFi insurance also changes the fundamental nature of risk transfer and pricing in these marketplaces due to the high degree of operational and governance-related decentralization. This increases both the complexity and the lack of replicability of the offered policies, apart from the independence from centrally organized transaction parties. Therefore, DeFi could represent a further development rather than a known form of InsurTech.

Hence, from a theoretical point of view, the inherent novelties of risk transfer within DeFi, and associated insurance capabilities compared to traditional lines of insurance as well as known forms of technological innovation in insurance, are manifested by both the prevalence of new risk profiles and different operational settings and requirements.

3.2 A common fate: lack of historical data

In addition to the previously described differentiating features from established insurance lines, risk transfer and management in DeFi insurance entails a noteworthy commonality with operational risk management as categorized by Chorafas (2004). Both risk types show a crucial dependency on historical data to effectively assess and mitigate risk. As DeFi is a relatively new field, there are limited historical data points available to accurately assess risks. This lack of historical data in DeFi insurance makes it difficult to establish reliable actuarial models and pricing mechanisms, and demands alternative forms of risk and claim assessment. Analogous to DeFi insurance, a lack of comprehensive historical data has been affecting risk management related to operational risk, as described earlier by Fontnouvelle et al. (2003). Historical data are critical for operational risk management to analyze past events and understand their frequency, severity, and potential impact on business operations. While methods to mitigate the associated problems with respect to operational risk suggest, for example, the inclusion of external data (Guillen et al., 2007) or the use of (alternative) modeling such as Bayesian networks (Cowell et al., 2007), DeFi relies primarily on subjective methods and prediction-market-like structures, as presented in the following sections, especially in line with Karp and Melbardis (2017).

3.3 Market overview

DeFi protocols to date are neither regulated nor can be considered economic entities. Rather, most of the protocols available to date resemble decentralized risk marketplaces and mutual structures in various forms. Hence, those protocols might even represent a manifestation of a phenomenon termed “bancassurance” that is characterized by O’Hare (1994). At its core, it suggests a new era of competition for insurers from non-traditional entities. In the following section, current protocols are discussed in more depth. On the one hand, we describe risk transfer products offered by current insurance “providers” in DeFi. On the other hand, we describe the commercial development of the market-leading protocol Nexus Mutual (Karp & Melbardis, 2017) using empirical data on key insurance metrics.

Table 6 in the Appendix shows a selection of currently active insurance protocols. Looking at the competitive landscape, the number of insurance protocols is rather small, whereas the range of products shows a significant level of diversity, including direct coverage, primarily against smart contract exploits, oracle⁸ risks, counterparty risks, and price risks. Regarding risk assessment, almost all protocols require risk underwriters to stake protocol governance tokens or to provide dedicated liquidity for certain insurance liquidity pools. This implies that a consortium of risk underwriters, utilizing their own capital, assumes liability for the risks, thereby distributing the risks among the members. In terms of claim assessment, some protocols rely on automated forms using a combination of oracles and predefined triggers and actions, facilitated through smart contracts. Other protocols rely on centralized or decentralized subjective claim assessments. Both risk and claim assessment are described in more detail in Sect. 4.1.

Nexus Mutual has long used a hybrid model in terms of the organizational form: Nexus was a company limited by guarantee in the UK⁹ with approval by the Financial Conduct Authority (Bank of England) to use the word “mutual” in the company title, but at the same time operationally managed by its members under a decentralized governance structure on a smart contract basis. In terms of liquidity and economic success of the concept, the protocol recorded strong growth towards 2021, as shown in Table 7. Currently, it operates as a DAO without any legal recourse.

Table 7 compares key economic metrics of Nexus Mutual as of December 2020 with December 2021. Denoted in the relative token amount, the protocol shows remarkable growth of both the insurance organization in terms of active cover amount (+ 165%), premiums (+ 202%), as well as of community participation, expressed by total amount staked (+ 216%) and staking rewards (+ 287%). Similarly, capital efficiency, a crucial indicator for the operational economic efficiency of the protocol, significantly increased (+ 45.5%). Furthermore, the P/B ratio fell by approximately 57%, indicating, from a risk perspective, a decrease in market risk exposure. The strong scaling in terms of risk mass and available cover is therefore observable as an increase in absolute profits but at the same stabilization of market risk exposure. Table 8 refers to the economic dimension related to individual cover projects. For example, Nexus Mutual has an average project size in terms of active cover of USD 7.8 million at the end of 2021, while the average premium income for these projects is USD 361,000. At the same time, the average claim amount is USD 235,000, indicating an imbalance between the individual risks that could potentially materialize and the economic benefit. The total surplus of the protocol is on average approximately USD 950,000.

The data show remarkable capital movement related to DeFi-inherent risk transfer. However, in addition to the DeFi native offering, some protocols aim at insuring “real-world” risks on-chain without insurance intermediaries in traditional forms, such as Etherisc (2022) with crop and flight delay insurance. This creates new forms of competition in traditional insurance segments. While the latter is not the focus of this work, it shows a notable trend that traditional insurers should keep in mind. Individual projects, such as Nexus Mutual, show exponential growth rates and strong capital utilization while covering completely new risk profiles and should accordingly also be assessed from the perspective of traditional finance intermediaries.

4 A taxonomical framework for DeFi-inherent insurance

This section presents a taxonomy that organizes the fundamental elements and processes of risk transfer specific to DeFi. By considering various aspects of insurance organization and risk transfer, a comparative analysis between traditional approaches and DeFi-specific insurance concepts will be conducted. Additionally, the significance of these differences for the insurability of DeFi will be discussed in subsequent Sect. 5. Moreover, the section highlights the substantial reliance of risk transfer in DeFi on decentralized organizational roles and external dependencies for risk and claim assessment.

4.1 On the insurance organization

Prior works discuss that different organizational forms can control different internal stakeholder conflicts. Pottier and Sommer (1997) postulate that stock insurance companies are better at resolving owner-manager conflicts, whereas mutual forms are better at managing owner-policyholder conflicts. In DeFi, the governance and management of the insurance organization is, at its core, fully decentralized, both at the level of the organizational institution and at the level of the settlement logic.

First, the decentralization of the insurance institution will be described with the help of Fig. 3. It provides a comparison of the traditional insurance organization and DeFi insurance protocols as operated today based on an empirical screening of the governance structure of different insurance protocols.¹⁰

Fig. 3

Comparison of the traditional insurance organization with the organizational structure in DeFi, own figure

In traditional insurance, primarily two parties interact with each other: the insurant and the insurance company. All operational processes, such as premium determination or reimbursement decisions, are internal to the insurer and handled through centralized functions, for example, reimbursement decisions made by a claims department, as described in Olivieri and Pitacco (2011). In DeFi, the insurant most often obtains cover directly from a decentrally organized cover liquidity pool. Hence, operationally decisive roles are no longer centralized departments within the insurance company. Instead, consortia of claim and risk assessors, such as those described in Karp and Melbardis (2017), conduct claim and risk assessments through the lock-in (staking) of a dedicated amount of tokens in exchange for voting rights. The associated incentives and interests are initially located at the subjective level, but the roles are nevertheless partially interdependent with a 1:N dependency structure.

Risk assessors, as characterized by Karp and Melbardis (2017), use a set of public and private information to quantify the risk for a smart contract exploit and participate in the provision of a cover liquidity pool by staking their own capital. In return, they eventually participate in premium payments. This function is therefore most comparable to the traditional underwriting process for risks and must ensure that the required liquidity fits the risk profile of each smart contract considered for cover. Three major forms of risk assessment are observable throughout the protocols screened in Table 6. Staking-based risk assessment, in which decentralized agents with a personal capital stake carry out a risk assessment; expert-based risk assessment, in which dedicated experts with or without personal capital involvement carry out a risk assessment; and model-based risk assessment, in which insurance pricing is supplemented by objective risk models. Derivatives-based price risk-hedging options are a special case. Here, staking is first and foremost about risk-oriented liquidity provision (LP), which is either specified according to an alpha factor or falls into a simple long or short logic, where the liquidity providers either bet on falling or rising prices mid- to long term but do not specifically insure underlying technical risks such as smart contract risks.

Claim assessors replace centrally organized claim departments and participate in different forms of voting currently practiced throughout the major insurance protocols in Table 6. This voting determines the reimbursement decision regarding claims made by insurants. First, in community-based voting, the voting of several claim assessors takes place according to a predefined scheme and defined quorums. In this context, the participation condition for each claim assessor is similar to risk underwriting. To obtain voting rights for claim assessments, a claim assessor must provide a specific number of tokens to the protocol (lock-in/staking) and receives a return or a penalty payment depending on the voting behavior. Second, in an expert-based form, dedicated experts review claims and propose a decision based on their expertise and information. Both forms induce a situation in which the insurant’s decision to purchase cover is endogenously dependent, since the risk assessors stake determines the insurance premium, and claim assessors decide on the pay-out of a claim. Moreover, indemnity payment execution relies on technical guarantees in smart contracts instead of legal guarantees. Third, automatic payouts are enabled through trigger definitions and oracles that can verify if pay-out requirements for an insurance policy are fulfilled. This is mostly comparable to a parametric insurance contract. However, no distinction is made between different types of loss adjusters, such as company adjusters, adjustment bureaus, independent adjusters, or public adjusters, as Mehr and Cammack (1976) discuss related to traditional insurance organizations.

Both roles involve a significant reliance on subjective elements within the insurance organization. It is crucial that losses and risks associated with smart contracts are, at the very least, observable through a set of public information. This enables individuals to develop informed beliefs and make staking decisions based on their subjective risk expectations. The advantage of subjectivity in this context is difficult to modify. Objective on-chain data, accessible to all users, provides orientation. However, the evaluation of this information and its enrichment with off-chain data, such as discussions in online forums or media reports, remains entirely individual. Overall, a certain degree of subjectivity must be allowed to ensure the insurability of a fundamental set of risks, as will be further discussed in Sect. 5. At the same time, the organizational structure of DeFi insurance is only partially comparable to traditional understandings. Risk transfer in DeFi is accompanied by additional risk participation, requiring decentralized voting through a collective of anonymous users performing risk and claim assessment and inferring a lack of objective risk assessment due to data scarcity. Only by incorporating collective intelligence can risks be insured for which no historical information of any kind has been available to date and for which classic actuarial methods cannot be applied. To provide economically feasible cover products, the risks must be objectively observable and verifiable. Idiosyncratic risks with components of private information remain difficult to insure.

Second, the settlement logic of risk transfers, which consists of both the infrastructure used and the contractual settlement process, changes. In traditional insurance, the insurance policy is typically a contract between the insurer and the insured, precisely outlining terms and conditions as well as the associated coverage. The insured pays premiums in exchange for the insurers’ promise to cover specified risks. In the case of a loss event, a claim is filed through an ex ante agreed upon communication channel, and the insurant provides evidence of the loss.

Regarding the infrastructure used, settlement takes place entirely through centralized infrastructure and legacy systems. Traditional insurance relies on centralized infrastructure, in which insurance companies act as intermediaries underwriting policies, assessing risks and managing the claims process. In particular, insurance companies typically use their own proprietary software systems or third-party insurance platforms to manage policy administration, underwriting, claims processing and other operational aspects. DeFi insurance operates solely on decentralized blockchain platforms, in which smart contracts govern all insurance policies and related processes. Blockchain technology and smart contracts are leveraged to enable transparent, cryptographically secured, and decentralized transactions.

Regarding the contractual settlement process, traditional insurance mostly follows a discretionary settlement approach. Hence, the insurance company has discretion in evaluating claims through manual or (semi-)automated processes, and the settlement is typically based on policy terms, coverage limits, deductibles, and any applicable exclusions. DeFi insurance follows algorithmic settlement principles. The settlement amount in DeFi insurance is, in most cases, predefined within the insurance contract. It is based on objective parameters and data, such as the occurrence of a specific event, the data provided by oracles (external data sources), or a positive pay-out vote by a consortium of claim assessors. For any given trigger, claim evaluations and potential settlements are conducted according to the predefined rules, fully decentralized and partially automated.

In addition to the differentiating features discussed earlier, DeFi-inherent risk transfer offers comprehensive organizational benefits that require thorough assessment in terms of their relevance and applicability within the specific context. At the core of DeFi risk transfer are smart contracts as self-executing agreements governed by predefined rules and conditions (Ante, 2020). While risk transfer protocols themselves may, in certain situations, represent the risk they aim to insure against, smart contracts collectively provide a unique opportunity for cryptographically secured risk transfer that is executed as intended by all parties involved. This mitigates trust issues and simultaneously reduces transaction costs for the involved parties. The programmable nature of smart contracts enables customization to align precisely with the framework conditions of risk transfer, as described throughout this section. Furthermore, the replication of peer-to-peer insurance principles within these protocols contributes to the reduction of transaction costs. DeFi-inherent risk transfer operates without any central contracting party other than the smart contracts themselves and the governance constructs of the protocols.

In summary, users of DeFi-inherent risk transfer also benefit from enhanced transparency and auditability. All token or asset movements as well as smart contract interactions are traceable on-chain, and the outcomes are securely recorded in an immutable manner. Depending on the specific application context, this can be a crucial advantage in reinforcing trust and transparency within an insurance framework that holds significant importance. Section 5 will reevaluate the organizational advantages in regard to the insurability of DeFi-inherent risks.

4.2 On transferrable risks

The initial stage of any insurance undertaking involves the identification of risks that are insurable and financially viable for insurers to underwrite. However, in the context of DeFi, this process gains complexity through the multilayered risk profile faced by individuals engaging with DeFi. While this paper does not delve into an exhaustive examination of all individual risks, this section offers a concise overview of the primary risks associated with DeFi. Tables 9, 10, 11, and 12 depict empirical data on past exploits in the context of major DeFi blockchains, clustered by vulnerability categories and affected layers, until December 2021. The data set also includes some of the largest DeFi hacks in history, e.g., the PolyNetwork hack from 2021, exposing over USD 611 million, and a Compound Finance vault bug, which caused a loss of approximately USD 150 million. The individual sources (see notes to Tables 9, 10, 11, and 12) provide more details for the reader on specific events.

Figure 4 proposes, based on these empirical observations, an indicative DeFi risk cluster, supplemented by theoretical considerations for each layer. Furthermore, the matrix provides insights into the current definitory coverage of each risk cluster.

Fig. 4

Risk matrix for DeFi risks, own figure

The cluster “natively insurable” indicates that DeFi protocols offer a dedicated risk transfer mechanism for that particular risk. On the other hand, for risks clustered as “not natively insurable,” DeFi-inherent risk transfer mechanisms are not yet offered. In the third cluster, certain risks may align with the definitions outlined in cyber insurance policies, particularly those specified in Biener et al. (2015). The fourth cluster depicts risks primarily known from traditional finance, such as liquidity and counterparty risks.

The exogenous dimension of risks includes environmental influences and exogenous shocks in a broader sense. Exogenous risks arise from the interactions of DeFi with the external economy, with risks including oracle risks, infrastructure risks, regulatory risks, and others. These risks are particularly prevalent when information is to be transferred between the two worlds or regulatory or legal claims are to be asserted. Endogenous risk factors refer to risk profiles located within different technological layers of DeFi as described by Schär (2021), whose understanding of each layer is supplemented with a short discussion of layer-specific risks below. The clear distinction of risks depicted in the figure may not always be feasible in practice. However, in retrospect, incidents typically allow for the identification of a distinct root cause. In addition, it should be noted that the risks presented may have definitional overlaps with the understanding in the traditional finance literature as well as a DeFi-specific interpretation, but that the understanding of risks in Fig. 4 is based on a DeFi-specific root cause of risk manifestation.¹¹

The settlement layer harbors various risks such as 51%¹² and sybil attacks¹³ and, due to its composability structure, also has a significant impact on the functionality of the other layers. Another risk at this level is the issue of maximal extractable value (MEV),¹⁴ a Pareto-inefficient surplus generation strategy of miners, with secondary problems such as those described by Daian et al. (2020). In addition, cross-chain¹⁵ vulnerabilities prevail in the overall picture, which arise from cross-chain protocols connecting different settlement layers. This layer has the greatest DeFi inherency in terms of risks due to the technological characteristics of the blockchain(s) underlying DeFi. However, coverage of these risks in DeFi does not exist and would not be reasonable, as adverse events at this level would also directly affect the functioning of the insurance protocols. At the same time, none of these risks has been previously addressed in cyber insurance or in connection with financial markets in general.

The asset layer is primarily affected by a new risk cluster connected to asset ownership and transfer, in particular, private key¹⁶ risks that can influence cryptographic sovereignty over DeFi assets. However, risks in interaction with the counterparties of the asset transfers (counterparty/issuer risk) or liquidity, and inflation and price risks, are also observed related to this layer. These are already familiar from traditional finance, but are manifested in DeFi with a new interpretation and new framework conditions.

The protocol layer is one of the most important layers from an insurance perspective, harboring solely DeFi-specific risks, as this element is not found in traditional financial markets. Insurants in DeFi are always dependent on the functionality and exploit resistance of smart contracts according to the definition of Szabo (1996), either primary (for direct contract calls and interactions) or secondary (via the application or aggregation layer). Recent contributions depict in much detail the characteristics and security mechanisms of smart contracts (Ante, 2020; Atzei et al., 2017; Singh et al., 2020; Wohrer & Zdun, 2018). Overall, smart contracts represent a completely new dimension of complexity for the provision of insurance solutions. Other risks at the protocol layer include economic exploits and governance risks related to smart contracts. However, their root cause is potentially a code-based issue rather than a conceptual issue.¹⁷

The application layer is naturally influenced by common IT risks. These risks consist of third-party script hijacking with malicious code injections, distributed denial of service (DDoS) or domain name system (DNS) attacks, and general attacks on the server or on clients through application programming interfaces (APIs).

The aggregation layer inherently harbors risks from the application layer, which are amplified through this layer by various forms of interconnectivity. Risks on this layer include single points of failure, phishing, and data breaches as well as scam and Ponzi schemes through bundled and managed access to DeFi applications.

The risks on the aggregation and application layer show analogies to cyber risks in terms of their definitions and characteristics and are mostly not covered through DeFi-inherent insurance offerings to date. For example, protection against traditional DDoS attacks¹⁸ falls within the spectrum of most cyber insurance policies and is not covered by any of the considered insurance protocols. Simultaneously, it becomes evident that certain aspects, specifically the protocol, asset, and settlement layers unique to blockchain, encompass new types of risks that have not yet been comprehensively addressed by existing insurance policies. While certain risks such as smart contract flaws and bugs are already considered natively insurable within the DeFi ecosystem, the insurability of risks associated with the settlement layer may not be straightforward, as the impacts of these risks are primarily observed on a transactional basis in the layers above. Exogenous risks also rarely fall within the scope of on-chain insurance protocols, with some exhibiting similar characteristics to elements of cyber insurance, while others represent residual risks such as regulatory risk. Oracles, on the other hand, are often considered since they are inherently linked to smart contracts and their behavior, allowing for a more precise definition of specific risks.

Based on the current empirical observations presented in Tables 9, 10, 11, and 12, certain layers and types of risks emerge as notably prominent. Among the layers and blockchain networks examined, the most quantitatively significant layer in terms of losses within the analyzed networks is the protocol layer with up to 80.97% of losses for Ethereum, where smart contract vulnerabilities exhibit the highest occurrence of exploit volumes. Notably, flash loans, as elaborated by Qin et al. (2021), pose a recurring issue within this layer, accounting for significant loss shares (8.73%; 33.34%; 3.98%) in the ecosystem in almost all considered settlement layers. Furthermore, another strongly prevailing category (4.28%; 24.10%; 70.45%; 0.55%) is the loss, leakage, or theft of private keys located at the asset layer. When considering the distribution of maximum individual risks, the aforementioned risk types also hold significant relevance in assessing tail risks based on these initial data. Risk manifestations commonly associated with traditional lines of insurance, such as scams, phishing, and system-related attacks such as DDoS attacks, scams and Ponzi schemes, play a rather subordinate role.

When comparing the risk matrix depicted in Fig. 4 with the cover types offered by the providers listed in Table 6, it becomes evident that conceptually, only a part of the overall risk profile is DeFi-natively coverable to date, specifically smart contract risks, private key thefts, oracle risks, asset price risks, and counterparty risks. However, these risks account for the largest risk profiles in relative terms. Complementarily, the emphasis of current insurance protocols primarily revolves around addressing endogenous forms of risks pertaining to the asset and protocol layer. The next subsection discusses how these risks are priced.

4.3 On actuarial methods and premium determination

According to Borch (1985), an insurance premium must fulfill two main purposes. First, there must be adequate compensation for the insurer’s acceptance of the transferred risk. Second, it must be acceptable to the insured. Hickman and Miller (1970) discuss early criticisms of insurance premium determination methods and provide related theoretical considerations. Tapiero and Jacque (1987) provide a formal link between insurance premiums and the expected cost of ruin in mutual insurance settings, which is helpful for assessing the fairness of premiums in a hybrid mutual insurance setting. Nendel et al. (2021) discuss the structure of premium principles in a general setting with model uncertainty.

Figure 5 compares the pricing structure for both lines of insurance, traditional and DeFi-based, starting with the traditional understanding according to Olivieri and Pitacco (2011).

Fig. 5

Comparative analysis of the pricing mechanisms, own figure

In traditional (centralized) insurance markets, exogenous factors such as the statistical basis, the interest rate, and the profit and loss expectations of the insurer are, among other factors, used to determine an appropriate premium using ex ante defined formulas. Together with this determination, the market situation and demand-related metrics, i.e., competition and price sensitivity of customers, the cover premium is determined. Through this objective approach, fair premiums can be calculated, considering objective and historical data.

Pricing for decentralized insurance offerings follows a different approach, depending on the form of risk assessment described in Sect. 4.1. The model-based form of risk assessment closely resembles the traditional mechanism as described by Olivieri and Pitacco (2011) with a calculation principle defined exogenously and ex ante by the model. For staking-based and expert-based risk assessment, the pricing of the insurance contract is mostly determined endogenously and ex post via prediction markets for smart contract security, facilitated by risk assessors, or through a consortium of experts. The aim is to involve individual agents with relevant knowledge in the subjective risk analysis to determine an optimal premium, despite the scarcity of historical data and objective actuarial metrics.

Hence, the insurance premium for each offered smart contract cover is a judgment-based outcome, with the market which is a price taker and demand for insurance services being regulated through a token bonding curve at the protocol level. Karp and Melbardis (2017) provide a practical example for the endogenization of premium determination. The pricing mechanism of protocol version 1 (V1) can be found in the code repository of Nexus Mutual.¹⁹ The cover price \({P}_{\beta ,{T}_{i}}\) for an individual insurant \(\beta\) with coverage amount \({I}_{\beta ,{T}_{i}}>0\) for a duration of \(\Delta t>0\) is given in a generalized form by

$${P}_{\beta ,{T}_{i}}\left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)={R}_{{T}_{i}}\times \left(1+\delta \right)\times {I}_{\beta ,{T}_{i}}\times\Delta t$$

$$\mathrm{with} \space {R}_{{T}_{i}}=\mathrm{max}\left(\mathrm{SRCL} , 1-{\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}\right).$$

The staking factor \({R}_{{T}_{i}}>0\) determines the premium via the (net) aggregate staking amount \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\in {\mathbb{R}}\) provided by \(n\in {\mathbb{N}}\) risk assessors for a specific insurable protocol \({T}_{i}\). \(\delta >0\) depicts a surplus margin. The actual premium is restricted to an ex ante defined interval. SRCL defines the lower bound (“staked_risk_cost_low” in the concept of Karp and Melbardis (2017)) of the risk factor which independently holds for sufficient stakes provided. Furthermore, the shape and elasticity of the bonding curve are determined through elasticity factor \(b>0\) and the low risk cost limit \(\pi >0\), the influence of which are explained in more detail below. Table 3 delivers more details on each variable.

Table 3 Variable characteristics in Nexus Mutual derived from NexusMutual Gitbook (2022)

The variables show differences regarding endogeneity and exogeneity, as well as their temporal determination ex ante and ex post protocol deployment. Initially, exogenous variables, which remain unaffected throughout the risk transfer process, are specified. Those variables, characterized by their static nature, are defined ex ante, i.e., before or upon deployment of the insurance protocol. Typically, modifications to these variables require decentralized governance decisions involving a specific quantity of governance token holders. This reflects the necessity of community-based decision-making for any truly decentralized insurance protocol. Conversely, endogenous variables, such as the risk factor, staking amount contributed by risk assessors and the cover premium, are established incrementally during the risk transfer process through the supply and demand of risk capital, and mostly ex post of the protocol deployment.²⁰ Only their provisioning rules and effects are specified ex ante within the smart contract structures. Now, we take a look at further dynamics of the premium determination. For a situation in which the risk factor has reached the lower bound, hence \(SRCL\ge 1-{\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}\), we obtain

$$\frac{\partial {P}_{\beta ,{T}_{i}}\left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)}{\partial \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i} }\right)}=0.$$

For the following analysis, we particularly focus on the behavior of \({R}_{{T}_{i}}\) within its ex ante defined interval; hence, we assume \(\mathrm{SRCL}< 1-{\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}\). The first derivative for this interval is given as

$$\frac{\partial {P}_{\beta ,{T}_{i}}\left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)}{\partial \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i} }\right)}=-\frac{\left(1+\updelta \right)\times {I}_{\beta ,{T}_{i}}\times\Delta t\times {\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}}{b\times \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)}\le 0.$$

Theoretically speaking, the more secure the risk assessors classify a smart contract, the more risk capital \({L}_{\alpha ,{T}_{i}}\) is provided for risk underwriting. This lowers the price \({P}_{\beta ,{T}_{i}}\) depending on the elasticity \(b\) and the low risk cost limit \(\pi\).²¹ Figure 6 highlights the relevance of \(\pi\) in shaping the transition of dynamic premium determination towards the low-risk premium range.

Fig. 6

Pricing structure of Nexus Mutual V1 under varying risk thresholds for \(\delta =0.05, b=7, {I}_{\beta ,{T}_{i}}=1000, \mathrm{SRCL}=0.02\)

We obtain the following cross partial derivative:

$$\frac{{\partial }^{2}{P}_{\beta ,{T}_{i}}\left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)}{\partial \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)\partial \pi }=\frac{\left(1+\updelta \right)\times {I}_{\beta ,{T}_{i}}\times\Delta t\times {\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}}{{b}^{2}\times \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)\times \pi }.$$

As the low risk cost limit increases, there is a corresponding decrease in the cross partial derivative with respect to \(\pi\) for all \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\) \(>0\). Furthermore, the larger \(\pi\) the larger the premium for each level of \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\) as well as the interval of direct dependence of the premium on the staking amount until the SRCL lower bound has been reached. This result is in line with the lower relative change for increasing \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\).

Figure 7 shows the dependence of the price curve under varying elasticity factor \(b\). The corresponding cross partial derivative is given by

Fig. 7

Pricing structure of Nexus Mutual V1 under varying elasticity factor, \(\delta =0.05, \pi =7000, {I}_{\beta ,{T}_{i}}=1000, \mathrm{SRCL}=0.02\)

$$\frac{{\partial }^{2}{P}_{\beta ,{T}_{i}}\left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)}{\partial \left(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\right)\partial b}=\frac{\left(1+\updelta \right)\times {I}_{\beta ,{T}_{i}}\times\Delta t\times {\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}\times \left(b+\mathrm{log}\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)\right)}{{b}^{3}\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}.$$

The elasticity factor \(b\) exhibits a negative effect on the relative price change as the parameter \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\) undergoes variation, as well as on the premium for each fixed level of \(\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}\). With an increasing elasticity factor, changes in the staking amount exert diminishing relative effects compared to the scenario without such changes. This is true as long as

$$\frac{\left(1+\updelta \right)\cdot {I}_{\beta ,{T}_{i}}\times\Delta t\times {\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)}^\frac{1}{b}\times \left(b+\mathrm{log}\left(\frac{\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}{\pi }\right)\right)}{{b}^{3}\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}}>0,$$

which is the case for

$$\sum_{\alpha =1}^{n}{L}_{\alpha ,{T}_{i}}>{e}^{-b}\times \pi \; \forall \; \updelta >-1 ,\pi >0 , b>0, { I}_{\beta ,{T}_{i}}>0.$$

The interval for which this condition holds changes with varying \(b\) and low risk cost limit \(\pi\). In general, if the risk assessors are not convinced of the safety of a smart contract, a cover will not be offered, or only with a significant risk premium due to particularly low capital provisioning.

This example prototypically reflects the transition from ex ante defined insurance premiums determined by actuarial methods and historical data to pricing via subjective beliefs and the associated staking of risk capital. In turn, this pricing method depicts a prediction market for risk valuation with different endogenous dependencies. Last, it should be considered that the staking amount \({L}_{\alpha ,{T}_{i}}\) could entail different inherent definitions. For example, protocols such as Nexus Mutual²² introduce a net factor that considers pending staking withdrawals, and hence, dynamizes staked capital and its endogenous dependencies further.

4.4 On operational administration of transferred risks

Finally, the operational level of risk transfer, as depicted in Fig. 8, will be compared between traditional lines of insurance and DeFi.

Fig. 8

Operational risk transfer mechanisms in comparison

In the common understanding of insurance, as described in Olivieri and Pitacco (2011), individual risks are initially transferred to insurers, which are considered risk pools from a risk transfer perspective. Since some risks are too large or too difficult to quantify to be covered by a single insurer, secondary and alternative risk transfers, such as the availability of reinsurance or insurance-linked securities (ILS), can facilitate the transfer by involving further entities with higher risk-bearing capacities or by distributing the risks to other market participants with different risk preferences.

In DeFi, primary risk transfer follows a traditional approach. Initially, individual risks are pooled in various cover liquidity pools. However, a cover liquidity pool does not represent a single liable entity within the risk transfer structure. The risk-bearing capacity of the liquidity pool is solely provided by risk assessors who delegate their personal token capital for risk assessment through staking. The primary transfer structure to the cover liquidity pool shares similarities with risk transfer to a special purpose vehicle (SPV), where the SPV holds capital from a diverse set of investors and issues instruments similar to cat bonds to those investors.

The secondary transfer takes place from the cover liquidity pools to risk assessors. The insurant transfers risk primarily to the cover liquidity pool, which itself has no inherent risk-bearing capacity, and the risk assessors in turn support the cover liquidity pool through an aggregation of individual risk-bearing capacities and not exclusively for an individual risk as the counterparty. In principle, this is most comparable to the ownership concept of a traditional insurance mutual, such as that described by Albrecht and Huggenberger (2017), Cass et al. (1996) and Talonen (2016), but with key differences in the guarantee and structure of risk-bearing capacity. Practically, one can compare this approach to, e.g., Lloyds of London, where different underwriters provide risk capital for specified risk profiles and subsequently underwrite risks, whereby risk assessors are comparable to underwriters, but with no central organizational structure keeping in mind the arguments from Sect. 4.1. Reinsurance or tokenized ILS could also be an option for DeFi insurance to increase risk-bearing capacities while maintaining high capital efficiency. In summary, the operational administration of risks in DeFi insurance is not fundamentally different from traditional lines, but the operational “responsibilities” differ considerably in some aspects from the traditional understanding.

5 Discussion on insurability

This section follows up on the comparison in Sect. 4 and aims to start a discussion on the insurability of smart contract risks as the most prevalent risk class in DeFi. The discussion aligns with the classification of insurability according to Biener et al. (2015) citing Berliner (1982), considering additional insurability factors such as described by Schmit (1986) citing different secondary sources, as well as Mehr and Cammack (1976). Table 4 presents an overview of the insurability criteria discussed in the following.

Table 4 Aggregated list of insurability criteria

A1 (Large number of similar exposure units)—The relevance of this criterion results from the law of large numbers (LLN) and the applicability of the central limit theorem (CLT) as described by Le Cam (1986). However, empirical observations on this in relation to DeFi insurance are difficult to obtain. A first approximation is provided by historical data on Nexus Mutuals operations. Utilizing information from Table 8, one can obtain a rough estimate for the number of theoretical individual risks by estimating total cover amounts per project and comparing them with average claim sizes, i.e., realized risks, as shown for 2021. As shown in Table 5, this ratio infers that approximately 33.2 individual risks have been aggregated on average in a cover liquidity pool of Nexus Mutual. However, this represents only a particularly rough approximation and not a reliable forecast, which would require greater data availability and a longer data time span.

Table 5 Indications on individual risk units for Nexus Mutual

While further empirical investigation is needed as different protocols accumulate more historical data, it appears that the number of exposure units currently pooled in insurance protocols is relatively small or that at least risks that become imminent could affect a disproportionately large part of the risk pools. There could be two primary reasons for this. First, insurance in DeFi still has a low adoption rate, as discussed in Sect. 1. Second, conservative capital efficiency necessitates a disproportionately high collateral requirement to scale cover offerings. The convergence towards the applicability of the Central Limit Theorem (CLT) and the associated benefits in risk management within the insurance protocol inevitably involves a substantial capital commitment that is currently missing. Simultaneously, further scaling in terms of risk pooling solely for homogeneous risks may not always be desirable. In the event of a smart contract exploit, all risks within a pool are inevitably exposed to potentially similar loss likelihoods. As the number of insured risks increases, the potential loss that the entire protocol may need to settle increases alike. Therefore, achieving further scaling necessitates risk diversification through the aggregation of different risks, such as different smart contracts or risk categories, within a cover liquidity pool. Whether small sample sizes are finally sufficient for the applicability of CLT and, consequently, provide a better understanding of the average expected loss is a strongly subjective discussion, with the underlying discussion on necessary sample sizes being as old as CLT itself. Canals and Canals (2019) cite various secondary sources that postulate a sample size of 25–30 to approximate the validity of the CLT. However, authors such as Chang et al. (2006) cast early doubt on those sample size requirements. If these values are taken as a benchmark, at least Nexus Mutual would have a good chance of ensuring actual insurability regarding this criterion. However, particularly considering the following criterion A2, the structure of the risk aggregation and the size of individual risks raises doubts as to whether this criterion can be fully met at the current level. Furthermore, one should only carefully exploit LLN and CLT if the involved risks are not too heavy tailed, which requires further observations and analysis in the case of DeFi insurance.

A2 (Independence among exposure units)—As Biener et al. (2015) summarize, this condition is closely related to the LLN and CLT. The authors describe a violation of the condition for cyber risks, and a similar situation prevails for smart contract risks. While users purchasing coverage for the interaction with a specific smart contract are presumably independent of each other, i.e., the behavior of insurant A is not highly correlated with effects on insurant B, elements that can cause a potential loss overlap are inherent dependencies in each cover liquidity pool and similarity factors between different protocols. Cover liquidity pools often group identical risks, such as insurance of individual users in interaction with a specific lending protocol. In turn, this also infers that in the event of a loss in one protocol, all risks in the cover liquidity pool are potentially realizable because all users access and rely on the same code base. Furthermore, cross-protocol correlations cannot be ruled out at the current state of knowledge, e.g., code similarity factors due to protocol forks.²³ This inevitably leads to a contradiction with one of the most important conceptual hypotheses in DeFi insurance: independence of risks. The liquidity and risk management of each protocol should therefore maintain operations of different mixed cover pools to achieve a higher level of independence in the overall risk profile and to ensure adequate fulfillment of this insurability criterion, given the high level of DeFi composability in practice, as described by Schär (2021) and Popescu (2020). If achieving risk diversification and a mix of risks is not feasible, it is advisable to conduct ex ante checks for code similarity factors and consult additional audits. These measures help to assess the risk associated with dependencies between risks within and across the liquidity pools, and hence to increase the insurability of smart contract risks within a specific cover liquidity constellation.

A3 (Calculable expected loss in monetary values)—In the context of this criterion, Schmit (1986) mentions two potential dimensions of indefiniteness influencing the calculability of expected losses: knowledge of the risk and knowledge of the (monetary) consequence. For smart contracts, it is almost impossible to determine ex ante which potential combinations of code flaws could lead to which exploits or how severe the consequences would be. The use of ex post information on possible vulnerabilities is also limited in a dynamic risk environment such as DeFi. The main reason for this, as with other code development projects, is that a bug fix does not necessarily promise immunity against similar future bugs, as demonstrated by the Parity MultiSig hack(s).²⁴ However, interactions with token and smart contracts potentially always have direct or indirect monetary consequences as a result of a bug. As stated in Sect. 3.2, the scarcity of data must be compensated by manual or alternative analyses of DeFi-inherent risks to enable feasible risk transfer. The gap created by the lack of historical experience with DeFi protocols inevitably leads to a situation in which either all risks must be assessed in aggregate form or the actual coverage must be limited to marginal subsets of risks, e.g., usage of specific code components. In those cases, the application of actuarial methods based on other information values could deliver reliable estimates. If the former option is adopted, this strongly impacts premiums (see M7).

What can be defined by the empirical observations to date, however, are general risk vectors of smart contracts, which are addressed, among others, by Atzei et al., (2017) and Sayeed et al. (2020). The probability of loss and the loss consequence are nonetheless more difficult to assess due to the high diversity of risks, as shown in Fig. 4. Hence, only the (maximum) consequence of a smart contract risk can be delimited: Only as much can be lost as was used by the individual in the interaction with the contract (see also criterion A5). Therefore, the insurability of smart contract risks remains dependent on individual underwriting by risk assessors or through secondary risk transfer mechanisms described in Sect. 4.4. Provided that data availability changes and sufficient data on smart contract vulnerabilities and associated losses have been collected, the use of proper statistical models to estimate expected losses would be desirable. First and foremost, Monte Carlo simulations could be used for a more precise assessment of the expected risks in each cover liquidity pool. Furthermore, the use of machine learning and artificial intelligence methods, combined with code-based knowledge of the potential behavior of a smart contract, could also benefit insurability with regard to A3.

A4 (Loss: definite (time, place, amount, cause), accidental/random, large)—These attributes are frequently addressed by different authors and depict an essential dimension in assessing insurability. The first characteristic is fulfilled regarding DeFi risks. Through transparent on-chain data, the exact time (in block time and in real time), transfer amounts and affected wallet IDs (places) can be identified. Furthermore, general smart contract vulnerabilities can also usually be analyzed ex post, delivering reasonable causes for an exploit.

The second characteristic is a double-edged sword with regard to smart contract risks. First, the general occurrence of smart contract risk seems to be subject to a high degree randomness, as numerous factors that cannot be controlled ex ante can independently lead to exploits. The agent has no control over the behavior of a deployed smart contract, or similar to Mehr and Cammack (1976), the risk is beyond the control of the individual. On the other hand, randomness (see also A1 and A2) within the portfolio of risks is to some extent undermined by the operational setup of most insurance protocols. Pooling similar risks, or categories of protocols, entails strong correlation and a correspondingly low degree of randomness within a cover liquidity pool. If something happens to a specific contract, it is likely that many or all users of the contract will be affected. Accordingly, all risks transferred to the cover liquidity pool will be at risk of realization. Randomness can therefore be assumed at the level of individual losses but not at the level of cover liquidity pools.

The third criterion follows a highly subjective assessment. The exploits observed so far provide an indication of whether smart contract risks are large enough in line with Mehr and Cammack (1976). The average ETH holding per address without the top 50 addresses has been ~ 1.59 ETH (ConsenSys, 2018). The average amount at risk in a hack or malfunction according to the data used for Tables 9, 10, 11, and 12 is over 8500 ETH, a factor of over 5300 compared to average individual holdings, illustrating the significance of the amounts lost in single exploits so far. Since protocols in particular often hold large amounts of user funds, these aggregate risks can certainly be described as large enough to be considered for insurance. Henceforth, it can be stated that this dimension of insurability is fulfilled with restrictive assumptions regarding the underlying cause of exploits and malfunctions, as well as operational setups due to high cover pool internal correlations.

A5 (Limited risk of catastrophically large losses)—This criterion includes various interpretations of risk limits that an insurance policy can internalize. Berliner (1982) describes a maximum possible loss (MPL), referring to both a subjective and an objective component. The objective component depicts the maximum risk that can occur within a risk profile, which can be determined recursively as depicted in Tables 9, 10, 11, and 12. The subjective component looks at the risk that an insurance company needs to cover in the event of risk manifestation. Current insurance options are protected by the cover limit selected by the insurant and implemented in the protocol-specific liquidity requirements or cover availability factors (see M8). Accordingly, even a large loss does not directly endanger the protocols’ overall liquidity. In the case of large exploits, however, depending on the specific insurance protocol, claims within one cover liquidity pool may only be settled on a pro rata basis. This would be comparable, for example, to the pro rata settlement of creditors’ claims in the event of a company’s insolvency. Often, this correlation can also be observed indirectly via the price development of protocol-specific governance tokens, which indicate the value of an internal clearing unit of the insurance protocol. In summary, a MPL can be objectively defined, whereas the subjective interpretation in the sense of Berliner (1982) inevitably infers partial insurability rather than actual full insurability considering a low degree of randomness within each cover liquidity pool (see A2 and A4).

A6 (Controllable exposure to information asymmetry/moral hazard)—This criterion considers the behavior of the insurant under information asymmetry and the insurer’s control over it. Under certain circumstances, the insurant obtains insurance not only to cover actual risks but also to obtain protection other than against losses. Smart contract cover is affected by moral hazard as well, and the discussion of this criterion is one of the most challenging. Berliner (1982) lists three main categories of risk potentially susceptible to moral hazard, as described below:

Category 1

Risk category consisting of “natural risks” in which the occurrence and the amount of losses are independent of the will of any human beings. Example: Hurricanes, hail

Category 2

Risk category consisting of risks which are dependent on human beings, in the occurrence of which, however, no one has an interest. Example: Motor third-party liability

Category 3

Risk category consisting of risks which are dependent on human beings, some of whom may have an interest in the occurrence of a loss event. Example: Fidelity insurance, disability insurance (Berliner, 1982, p. 72)

Category 1 is less susceptible to moral hazard overall and in DeFi insurance, as the insured individual cannot influence the probability of smart contract risks occurring. Whereas Category 2 is generally affected by moral hazard, in DeFi, there is little incentive to exert harmful influence since the occurrence of the risk is, in most cases, not in the interest of the individual. Category 3 is directly susceptible to moral hazard in DeFi, as the insured individual can and would influence the risk through individual behavior related to protocol usage and the disclosure of private information on possible weaknesses.

Moral hazard in DeFi insurance primarily arises between the insurant and other protocol participants, with the consequences passed on directly to the claim assessor and indirectly to the risk assessor. The claim assessor must verify whether the insured is telling the truth based on his own information, while providing tokens to obtain claim assessment rights. The risk assessor is indirectly involved since fraud on the part of the insured with a pay-out vote by the claim assessor reduces the risk assessor’s staked capital.

The moral hazard problem is most pronounced in a situation in which a user acts as both risk and claim assessor. This is possible given weak identities, as they occur in the case of public keys in DeFi and if the user is providing risk capital for both roles. In this situation, the claim assessor would be strongly incentivized to protect his risk assessment stake by voting against the pay-out. At the same time, the informative value of on-chain data is objectively equal to all parties involved. However, not all parties have the same possibility to use or interpret the information.

Moreover, information asymmetries related to the functionality and behavior of deployed contracts open up a second dimension of moral hazard between the insured and the smart contract itself, even though in most cases, no legal, liable entity can be established around the smart contract to react actively to this issue. If a smart contract has been published open-source, it can be easily converted to EVM bytecode and compared to the actual deployed code to verify the correct code deployment. The reverse case is much more complicated.

The underlying problem with the second case is to understand the true nature of smart contracts despite potential discrepancies between publicly available smart contract code and its deployed version, a problem particularly related to the Ethereum settlement layer. First, the dimension and extent of this problem should be addressed. According to Li et al. (2020), less than one percent of smart contracts deployed to date are “open-source”, i.e., are available with accessible and readable source code. While the authors are solely referring to the number of etherscan.com verified contracts, the total number of open-source deployed contracts through repositories such as GitHub is probably larger. In addition, the consideration of TVL in the relationship between open-source contracts and unverifiable contracts should be considered. If 99% of the TVL is locked on a settlement layer in open-source deployed and verifiable contracts and only 1% in a protocol with a hidden code, then the problem dimension is certainly different than in the opposite situation. Nonetheless, a significant residual risk persists regarding the true behavior and nature of contracts in a substantial share of active protocols. Only the EVM bytecode is transparent and visible to everyone, providing limited insight. To gain a comprehensive understanding of the remaining contracts, appropriate decompiling tools must be utilized to decompile the EVM bytecode, although these tools frequently generate errors. Theoretically, decompiling the EVM bytecode allows for a rough understanding of how the contract operates. However, variable names are not preserved during decompiling, and while rough dependencies between variables can still be discerned, it becomes challenging to reconstruct the overall picture and behavior within a protocol containing numerous individual codes. As a result, the EVM bytecode offers limited assistance in reducing information asymmetries, unless substantial advancements are made in the decompiling tools market. Additionally, “dry runs” could reveal whether expected execution and state changes occur within a specific protocol, making the behavior observable but not unequivocally documented. A noteworthy concern applies to any open-source smart contract code, even if the full code base is available. The availability of the entire code does not guarantee a comprehensive understanding of the contract's behavior and true nature. If the code is convoluted or extensively written in assembler language, the public information available to mitigate information asymmetry is relatively limited. In addition, smart contract data could be inaccessible for some parties due to high access costs (e.g., through the requirement to operate a full node).

In conclusion, information asymmetry cannot be completely mitigated in both of the described constellations, neither between insurant and the insurable object (smart contract) nor between insurant and insurer (protocol). Accordingly, a residual risk remains for each insurance protocol or insurer. Hence, the fundamental requirement for the insurability of smart contract risks is that they are published as open-source, ensuring the best possible fulfillment of this criterion. However, due to the governance and incentivization challenges inherent in DeFi insurance protocols, a complete inherent mitigation of moral hazard remains challenging.

M7 (Affordable premium)—Due to the mechanisms of the price bonding curve explained in the previous section, premiums of more than 50% of the insured sum have been observed in the past, e.g., with cover for the “Trader Joe” protocol offered at an annual premium of 53.88% for cover purchased via Nexus Mutual on February 10, 2022. In the traditional argumentation, this would be equivalent to a fair premium definition in which the insurer expects with sufficient certainty the loss of approximately half of the hedged assets. This seems relatively high compared to the vast majority of insurance categories in traditional lines. Insurance is not always obtained at such high rates, but the pricing mechanism ultimately serves to protect the liquidity pool itself, hence impacting the affordability for insurants.

At the same time, the metrics cannot be directly compared with traditional insurance lines, since the risk assessment and premium determination differ, as described in Sect. 4. Hence, the validity of this criterion for DeFi insurance is limited by the endogeneity of premium determination, considering solely the cover amount, in combination with a lack of centralized control as described before.

M8 (Cover limits)—This criterion, described in particular by Berliner (1982), is concerned with the establishment of liability limits within the insurance policy. Under certain circumstances, cover limits can shift a risk from the uninsurable to the insurable area, as described in the geometric model of Berliner (1982). First, the general cover limit in a parametric insurance policy as offered in most insurance protocols in DeFi is determined by the initial sum insured. No more is paid out than agreed upon in the contract; hence, no tail risks above the cover amount need to be considered by the insurer in this setting, although the protocol must consider the proportional liquidity requirement in portfolios with similar risks. In addition, some protocols introduced proof-of-loss methods to objectively verify the loss. At the same time, only as much insurance cover is provided as enabled by the protocol economics based on the amount of risk capital provided. Hence, there is an ex ante limit on the potentially obtainable insurance coverage and an ex post limit on compensation in the event of a loss. The criterion is therefore met in the vast majority of cases.

M9 (Economic feasibility (feasible business case))—Schmit (1986) describes economic feasibility as an aggregate of various other prerequisites of insurance, in particular characteristics of loss distributions, moral hazard, and the occurrence of catastrophic losses. First, a feasible business case related to the transfer of smart contract risks is hampered by the scarcity of historical data. The premium determination is based on the previously described risk assessment, with additional consideration of a margin as described in Sect. 4.3. Thus, the profit expectation can only be controlled based on predictions and not based on historical knowledge, with the latter promising a more reliable and precise assessment and supposedly a higher economic feasibility. Whether the criterion is met always additionally depends on the specific design of the insurance protocol. An unstable economic model behind the protocol will show significant drawbacks, even in a flawless smart contract. However, there is one decisive advantage of decentrally managed insurance protocols over traditional insurance businesses. The economic model of the insurance protocol is implicitly defined in terms of key metrics ex ante in unforgeable smart contract structures and accordingly can be kept constant in the defined efficacy and profitability areas during operations. The disadvantage in turn is the inflexibility and lack of foresight for the overall economic model. The degree to which this criterion is met is therefore influenced not only by the risk itself but also by the specific type of risk transfer. With regard to this criterion, it should also be considered that in many DeFi (insurance) projects, the idea of avoiding centralized profits is at the forefront. Accordingly, the closest definition of profit in DeFi would be the avoidance of individual damages at the lowest possible opportunity cost for protocol users.

S10 (Insurance in line with public policy)—Regarding this criterion, Berliner (1982) lists five subcriteria. No speculative entrepreneurial risks are to be covered, nor any risks where there is no need for insurance. In addition, the insurance of trivial losses should be avoided, and the high costs from one line of business should not be passed on to other lines of business wherever possible. Furthermore, it must be taken into account that external circumstances can jeopardize insurability, which applies under a ceteris paribus assumption.

Currently, DeFi is more of an entrepreneurial venture, since dApps and smart contract protocols in general are neither a recognized nor widely used concept in our societies. However, these are by no means risks for which there is no need for insurance, since partial or total loss of crypto assets by or in interaction with a protocol does not seem to be bearable by the insurant without additional burden. This is therefore not a trivial risk according to the definition of Berliner (1982). With regard to risk pool (cost) sharing with other lines of business, it can currently be assumed that DeFi insurance complies with the authors’ definition, with one operational restriction. The reason for this was described earlier in Sects. 4.1 and 4.3. Premium determination for one cover is fundamentally independent of the risks in other insurance pools, and therefore costs will not be shared throughout. However, for governance token concepts, the fiat quoted market price of the governance token shows a holistic dependence on the overall coverage demand captured by the insurance protocol, which creates an indirect dependency on all other cover products offered within the same protocol. Finally, a certain dependence of smart contract risks on external circumstances can be identified, which may lead to non-insurability under certain circumstances. First, it cannot be excluded that tokenized assets are used for illegal purposes related to the real economy, as a report for the European Parliament depicts (European Parliament, 2018). In addition, new inherent criminal activities in DeFi emerge, as Wronka (2023) shows, which may be spurred by the securitization of assets or smart contract interactions through insurance. However, societal laws effectively exclude the coverage of criminal activities in any form of financial transaction. Hence, at least theoretically, claim assessors can deny claims on the same regulatory basis as in traditional insurance contracts, and risk assessors can avoid covering protocols related to illegal activities. In contrast, since DeFi is currently not subject to regulation, a responsible government body in the sense of Berliner (1982) cannot be used to validate this criterion (see also criterion S11). Overall, this criterion is therefore not comprehensively fulfilled in line with the understanding of Berliner (1982) but also does not show any fundamental contradictions to insurability.

S11 (Insurance in line with legal framework(s))—While the previous criteria require a subjective or multidimensional quantitative interpretation, this criterion is an objective, binary criterion, as Berliner (1982) states. This criterion requires a legal framework within which the insurance company and the cover product are organized. With respect to DeFi, this criterion cannot be fully assessed because insurance activities in DeFi have not yet been subject to any form of regulation. Accordingly, ceteris paribus, the offer does not violate any applicable law. Nevertheless, governance tokens in particular, in their capacity as tokens with monetary value or exchange tradability, could be subject to more extensive regulation in some jurisdictions. However, this primarily concerns their properties as exchange and transfer assets. The actual risk transfer provided by the insurance protocol is not affected.

Overall, the insurability of smart contract risks within the framework of established definitions cannot be determined conclusively. With regard to the actuarial dimension, the high correlation of risks through potential code similarity factors, as well as a limited number of exposure units aggregable in current protocols, represents a limitation to insurability. This can be partially compensated by the inherent technological and organizational advantages of DeFi, for example, through ex ante clearly defined incentivization and decentralized governance mechanisms to incentivize risk capital provisioning. At the same time, the determination of fair and reasonable premiums is hampered by the lack of historical data, although smart contract risks can at least be assessed ex post. Moral hazard is also considered to be a major problem between insurant and other insurance protocol users, as well as the protocol to be covered. The market dimension speaks in favor of the insurability of smart contract risks. Clearly defined ex ante cover limits and parametric processing allow a precise definition of the liability limits and associated maximum liquidity requirements, and the interaction between the risk to be insured and the on-chain processing of the risk transfer also provides enough design options for feasible business cases. A major limitation is the premium determination, which tends to deliver premiums higher than in traditional lines of insurance due to the pricing mechanism based on subjective expectations rather than historical data and which will not always match the individual risk premium tolerance. The societal dimension of smart contract risks shows no principal inconsistencies with insurability, yet difficulties arise due to the young history of DeFi as well as the lack of assignment to a legal and societal framework, which leaves some related questions unanswered. Overall, DeFi insurance replicates many of the insurability challenges that have already been discussed with regard to cyber insurance, such as difficulties in comparison to other risk classes (Eling & Wirfs, 2019), missing modeling methods, change risk and accumulation risks that are impossible to quantify (Eling & Schnell, 2016).

Finally, it should be noted that the insurability of smart contract risks in the aggregate view also depends in particular on the precise design of an insurance protocol and on how the weaknesses identified in this paper with regard to the operational, actuarial, or procedural treatment of smart contract risks and related risk categories are dealt with. While smart contracts and DeFi present some entirely new challenges related to risk transfer, the new infrastructure also offers inherent advantages in turning weaknesses back into strengths, such as the possibility of enabling transparent, decentralized governance for the insurance organization.

6 Conclusion

DeFi-inherent risk transfer differs significantly from traditional lines of insurance. This is not limited to the risk clusters to be insured but also includes the organization of risk transfer. This paper suggests a taxonomy to classify current DeFi insurance protocols and their differences from traditional lines of insurance and discusses the insurability of smart contract risks as one of the most important and inherent risk clusters in DeFi.

First, DeFi insurance exhibits crucial differences from traditional lines of insurance in three dimensions: (A) the inherent complexity of risks to be transferred caused by the composability of the underlying technological infrastructure, including new risks observed in particular to DeFi’s settlement and protocol layer, (B) a more difficult and subjective actuarial judgment of risks, especially smart contract risks, through prediction-market-like structures, and (C) new operational circumstances, in particular including decentralized governance structures instead of centralized organizational forms.

Second, analyzing the insurability of smart contract risks in line with established insurability criteria depicts an overall miscellaneous result. Many DeFi protocols exhibit significant similarities and interdependencies due to a high level of DeFi composability, leading to potential correlations in transferable risks. Consequently, this poses challenges for actuarial assessments and the establishment of reasonable insurance premiums. However, DeFi-inherent risk transfer mechanisms have the potential to address these limitations through new infrastructural and organizational capabilities in the form of different protocols.

Third, it is important to note that while traditional insurance has a long-established infrastructure and well-defined, legacy-driven processes, DeFi insurance is still in its early stages of development. Depending on the specific setup of DeFi risk transfer, insurance protocols face challenges such as ensuring the reliability of oracles, handling complex claims scenarios and systematic events, reducing subjective dependencies, and eventually managing regulatory compliance in case of exogenous restrictions. As the technology matures and these challenges are addressed, risk transfer in DeFi has the potential to provide more transparent and efficient contractual settlement processes compared to established forms of insurance organizations. However, one should keep the, to date, non-mitigatable, risk in mind, that insurance protocols themselves are exposed to the same risks (e.g., smart contract exploits) as the protocols that are to be covered through these projects.

In addition to DeFi-inherent insurance, traditional insurers and reinsurers can explore diverse commercial opportunities to engage in DeFi risk transfer. However, applying the organizational structures and methods of centralized insurers to DeFi may not be promising, as it could result in the transfer of outdated inefficiencies and frictions to DeFi projects. Feasible opportunities may arise in terms of liquidity provision for insurance protocols, potentially as reinsurers for large-scale and tail risks. The risk-bearing capacity of decentralized insurance projects is currently still very limited, and further scalability is heavily dependent on collective beliefs and a critical threshold of individuals participating in a project. Traditional insurers, with their reputation and established legacy, could potentially take on a leading role in providing additional risk transfer capacity through liquidity provision in different projects. Hence, insurers are advised to cultivate expertise in DeFi and develop robust IT infrastructures to effectively engage with blockchain technologies, thereby securing substantial market shares in the future insurance landscape.

The topic offers diverse further research potential. Further analyses could include a more detailed analysis of the consequences of asymmetric information on decentralized insurance marketplaces, the role and design of reinsurance in and for DeFi risks, as well as a more quantitative framework around the discussion on general insurability, currently limited through data scarcity. Furthermore, DeFi risk transfer could additionally benefit from behavioral economic considerations, helping to analyze which control mechanisms and types of policies could enforce the right incentivization in decentralized governance. In addition, it would be worthwhile to explore how risk management and assessment methods from traditional areas affected by similar actuarial challenges, such as operational risk, could also be used for DeFi risk transfer, e.g., methods from extreme value theory.

Appendix

See Tables 6, 7, 8, 9, 10, 11 and 12.

Table 6 Selected DeFi insurance protocols, offering as of 23/12/2022, own aggregation from different sources

Table 7 Descriptive statistics of liquidity- and performance-related parameters, Nexus Mutual, commercially rounded, data as of April 2021 and December 2021

Table 8 Descriptive statistics of claim-specific parameters and staking, Nexus Mutual, commercially rounded, data as of 23/12/2021

Table 9 DeFi ecosystem exploits ethereum up to December 2021 (data source: own aggregation from different sources)

Table 10 DeFi ecosystem exploits BSC up to December 2021 (data source: own aggregation from different sources)

Table 11 DeFi ecosystem exploits polygon up to December 2021 (data source: own aggregation from different sources)

Table 12 DeFi ecosystem exploits EOS up to December 2021 (data source: own aggregation from different sources)