“Insurance... what a scam,” that’s the shared gospel.
And why wouldn’t it be?
Cigna built an algorithm that lets doctors reject claims without opening the file. UnitedHealth cut off nursing care payments when an algorithm’s clock ran out, regardless of what the treating physician said. The business model has always been to collect your capital, pocket a cut, build walls between you and a payout.
Now your bank deposit is covered by FDIC, but only up to $250,000, a number set in 1934 and barely moved since. Your brokerage account has SIPC, capped at $500,000, useless the moment your account is worth more than that. The protection is smaller than most people assume, and the insurer decided on the ceiling.
DeFi insurance almost fixed it. It stepped up to remove the corporate middlemen. If the code’s conditions are met, the payout triggers automatically. It is insurance stripped of human malice.
But nobody buys it because the insurance premium eats so deeply into your yield that the yield no longer justifies the risk you’re taking to earn it in the first place.
Today I want to show you exactly how that plays out, and why the industry couldn’t fix it even if everyone wanted it to.
Nexus Mutual, the largest DeFi insurance provider that exists, has paid out just over $18 million in claims across its entire history since 2019.
In April 2026, Kelp DAO got exploited for $292 million.
This single hack is 16x the total claims an insurer has settled in seven years.
The contrast with the wall of denials above is antithetical. Traditional insurers collect big premiums and fight hard to avoid paying out. DeFi insurers barely collect any premiums at all, because very few of the crowd is buying the product.
Traditional Insurance works well because risks are uncorrelated. The burning of one’s house has no relation to the burning of another’s house. Because of this, insurers can sell policies to a million people and pay out claims from one house burning. They can maintain usefulness because of the uncorrelated risks. DeFi doesn’t have that property. An oracle failure or a bridge exploit, cascade through every vault and lending market built on top of the asset that broke. When USDC depegged in March of 2023, it impacted every protocol that had USDC as collateral, all on the same day. For a DeFi insurer, it is priced as a correlated bet that the failure is small enough that the pool can sustain the failure.
When Euler Finance got exploited for $197 million in March 2023, the damage didn’t stop at Euler. Angle Protocol lost $17 million because it held Euler LP tokens. Yield Protocol paused its protocol. Inverse Finance and several others had direct exposure.
When something breaks, it tends to break a lot of things simultaneously, which means a single bad day can wipe out not one protocol’s claims but the entire pool’s capacity at once.
I pulled current premium rates from Nexus Mutual and InsurAce against the live yields on the protocols they’re meant to protect. Aave V3 pays about 3.14% APY on USDC. Cover runs 1.5 to 2.5%. Net yield after insurance: 0.6 to 1.6%. You’re working for a return that barely clears a savings account, in exchange for protection you think you wouldn’t need.
If you look at the image, Morpho, Compound, and Spark land in a similar place. Yields around 3.5 to 4%, premiums eat roughly a third to half of it, which is annoying, but survivable.
But when you look at Maple Finance, it pays 4.77 to 4.90% on its institutional lending vault. Premium is 3 to 6%. Net yield after cover ranges from negative 1.1% to positive 1.9%. Ethena’s stake yields 3.6 to 4%. Insurance costs 3 to 6%. Net yield is negative 2.4% to positive 1%. Buy insurance on these, and you can end up paying to lose money.
Sky, formerly MakerDAO, wins here. Its savings product yields 3.6%, and covers costs as little as 0.11%, because the market has priced Sky as close to the safest thing in DeFi. Net yield after insurance: 2.8 to 3.5%. Almost the entire return survives.
Read: Sky’s New Sovereign
Insurance is priced right for the risk, but on new platforms, the cover costs so much it completely eats the high yield you went there for anyway.
When crypto investors choose to skip insurance, you don’t call them lazy or reckless. They know that buying insurance means making zero money, most times. Even if every depositor in DeFi decided tomorrow that they wanted full coverage, the industry could not deliver it. Nexus Mutual’s total capital pool sits around $81.56 million. Total active cover across the entire sector is a few hundred million dollars at most, against hundreds of billions in TVL across the protocols that need protecting.
A hack the size of Kelp hitting a fully insured protocol could wipe out a meaningful share of the industry’s entire capital in one claim.
Eighteen million dollars in claims is a demonstration that the capital pool has not yet faced the one failure that would show how vulnerable the capital pool really is.
When users submit a claim to Nexus Mutual, it gets voted on by all the other Nexus members. The people who voted in favour of a claim stand to lose financially if the claim is not successfully paid out. This inherently creates a bias in favour of not paying the member claim. Traditional insurers have underwriters and claims adjusters for this reason. DeFi insurance combines these elements back into one system, by design.
Before 2008, the people pricing financial risk assumed that because a nationwide housing collapse hadn’t happened in their lifetimes, it was impossible. Insurance giant, AIG, sold promises of protection on a massive scale. Promises it couldn’t keep when the market finally broke.
Before the US government created bank insurance (the FDIC), regular people had no safety nets whatsoever. Then the Great Depression forced the government to step in and make insurance mandatory. The government made insurance a non-negotiable cost of operating a bank.
When it comes to DeFi, nobody can force Aave or Morpho to buy insurance, because nobody can force a smart contract deployer to do anything. All of this is permissionless, and that prevents anyone from mandating the protection that might keep it solvent through the next shock.
The three biggest claims on record for Nexus Mutual are the FTX disaster for around $7.3 million in two claim rounds, the TribeDAO hack for $5 million, and the Euler Finance exploit for $3.4 million. If you add those three up, that comes close to being the total amount of the $18.6 million paid out by the mutual to date in seven years of operations.
Mutual is now moving into prevention mode.
It does this through Bug Bounty Cover in tandem with Immunefi and other security teams, including Cantina and Sherlock, with protocol teams paying just 20% of a critical bug bounty while Nexus pays the rest, thereby allocating capital towards exploiting an exploit before it takes place. In addition, Nexus Mutual is exploring regulated insurance cells in a bid to channel crypto risks into reinsurance pools which can afford a lot more capital.
Cantina went further in March 2025 and launched a separate product, Native Protocol Cover, which pays out after an actual exploit, even if no bounty hunter caught the bug first.
Both of these moves directly admit that on-chain capital isn’t enough to insure on-chain risk. The pool is too small, the risk is too correlated, and the people judging the claims are the people funding them.
Nexus Mutual’s $81.56 million in DeFiLlama-tracked TVL is 85% of the entire DeFi insurance category combined.
Other projects have not been able to expand in the same way. A few years back, InsurAce peaked at $150 million, but now it is only at $132,000, having paid only one notable claim after the UST de-pegging in 2022. In only one year, Sherlock’s pool dwindled from $60 Million to $505,000. Unslashed Finance has a couple of million dollars stuck in obsolete code, which has not been updated since late 2024. All of the others are either abandoned or have pivoted focus.
A lighthouse, paid for or not, warns all ships of the rocks. A passing ship cannot be billed for the light used to avoid a wreck. Thus, it is assumed that lighthouses are never built voluntarily, as the benefits are to others who never paid for them.
DeFi Insurance cover forestalls the aftermath of a cascading event of crumbling positions. Everything in crypto is connected to everything else. Because of this, the value of Insurance is that your neighbour bought it too. Everything stays balanced.
Ghosts guard nothing.
Token Dispatch is a daily crypto newsletter handpicked and crafted with love by human bots. If you want to reach out to 200,000+ subscriber community of the Token Dispatch, you can explore the partnership opportunities with us 🙌
📩 Fill out this form to submit your details and book a meeting with us directly.
Disclaimer: This newsletter contains analysis and opinions of the author. Content is for informational purposes only, not financial advice. Trading crypto involves substantial risk - your capital is at risk. Do your own research.