Sharing risk through smart contracts: mutual protection against crypto hacks

Twitter icon
Facebook icon
LinkedIn icon
Henry Gale

Recent experience has shown that cryptocurrency holders and investors have a high risk of being hacked. Cryptocurrencies are complicated, evolving quickly and not widely understood. The lack of comprehensive historic loss data and the risk complexity makes insurance cover hard to price.

The traditional insurance industry has been reluctant to put capital behind underwriting crypto risks. A handful of start-ups are gathering capital from the crypto community itself to offer coverage for crypto assets. These new entrants will not stay confined to crypto but offer more types of coverage going forward.

Nexus Mutual, founded in 2017, offers protection against smart contracts being hacked. It currently has over $12 million of annual premiums in force. We first came across Hugh Karp when he spoke on stage at an InsTech London evening event in April 2018. We recently caught up with Hugh to learn more about the company.

Decentralised finance

Blockchain technology, on which cryptocurrency is based, has enabled the rise of a ‘decentralised’ form of finance, known as DeFi. DeFi transactions are made not through intermediaries such as banks, but through smart contracts in cryptocurrency. Smart contracts are blockchain-based contracts which execute automatically based on a trigger.

Developers have designed smart contract programs called DeFi protocols which allow people to borrow, lend and trade among other financial activities. Compound Finance, for example, is one popular DeFi lending protocol. Like a conventional bank, some people deposit cryptocurrency funds into the DeFi protocol and earn interest, whilst others borrow those funds and pay interest. Interest rates adjust automatically according to demand.

Hackers can exploit vulnerabilities in the program code of DeFi protocols to steal users’ funds, making them virtually irretrievable.

Between January and April 2021, $156 million in cryptocurrency was stolen through DeFi hacks. (CipherTrace)

Risk sharing: Nexus Mutual's business model

Nexus Mutual provides coverage for this type of failure of DeFi protocols. Total active coverage on Nexus Mutual exceeds $400 million. Hugh Karp started the company after 15 years in insurance and reinsurance, including as Chief Financial Officer for UK Life operations at Munich Re.

Nexus Mutual is what is known as a ‘discretionary mutual’. Mutuals have long existed in insurance. They are owned by policyholders, so coverage is provided at cost, with profits passed onto policyholders. Discretionary mutuals offer ‘risk protection’, a product similar to insurance. The difference is that a discretionary mutual pays claims at its discretion. This is different from a traditional insurance company, which is obliged to pay claims where the loss is covered under its policy.

The discretionary mutual model allows Nexus Mutual’s 7,000 users to share risk independently of insurance companies. They vote on individual claims to determine whether the claim is paid.

Nexus Mutual has assessed three major DeFi protocol claims events so far, of which two resulted in pay-outs. Each decision had over 99% consensus from users. Nexus Mutual reviewed the claims which was not paid out and has updated its terms of service to cover that type of event going forward.

A mutual that runs on crypto tokens

Nexus Mutual uses its own crypto token, called NXM, to facilitate the sharing of risk among its users. Crypto tokens are tradeable blockchain-based assets, such as units of cryptocurrency. NXM tokens can be purchased using the cryptocurrency Ether. All holders of NXM own part of Nexus Mutual.

Users can spend NXM tokens to purchase coverage for their own assets. They can also earn commission (in NXM) by staking NXM tokens against the risk of a specific DeFi protocol being hacked, thus taking on the risk and providing coverage. In the event of a claim, all or part of the stake is lost depending on the claims paid. This incentive is designed to price coverage fairly.

Users also stake NXM tokens to assess claims. This is used as an incentive to encourage honest claims assessment. Users who vote with the consensus outcome are rewarded.

Hugh told us about a recent example of these incentives in action.

Some DeFi protocols were recently listed on the Nexus Mutual platform, allowing users to provide and purchase coverage for funds in these protocols. No users chose to stake NXM and provide coverage. Weeks later, these DeFi protocols were hacked. It appears that the crowd-sourcing approach to pricing risk had recognised the vulnerability of these protocols.

Looking ahead

The risks associated with various DeFi activities are difficult, or even impossible, to price using conventional pricing techniques. Traditional insurers are apprehensive about the risks of the crypto sector. As Nexus Mutual and others build a user base trading in crypto risk, they will look to expand to other types of coverage.

Decentralised risk management platforms like Nexus Mutual are offering new forms of protection for DeFi investors, who would otherwise be uninsured.

Nexus Mutual is now offering a second product, Custody Cover. This protects users of organisations who manage the safekeeping of private keys for crypto assets. Insurance coverage can be applied to more types of cryptocurrency and DeFi risk (such as NFT coverage). The market for risk management products in this sector is likely to increase.

As Nexus Mutual and others build a user base trading in crypto risk, they are looking to expand to other types of coverage. Nexus Mutual is interested in covering catastrophes such as earthquakes.

Traditional insurance companies should watch the companies now offering crypto risk management solutions. These new companies will not stay confined to the crypto sector: after becoming established in crypto, they will be competing in other markets too.

To find out more about Nexus Mutual, visit

At InsTech London, we’re speaking to the companies innovating with blockchain, cryptocurrency and insurance. Sign up below to follow our insights into cryptocurrencies and blockchain. If you’re innovating in this area or would like to know more, you can also reach out to Henry Gale on LinkedIn.

Want to receive more information on cryptocurrency and insurance?