The Ethereum “world computer” can do, and be extended into, many things, which is why the young but advancing smart contract platform has given rise to various sectors of projects across fields like finance, identity, logistics, collectibles, and games.
When it comes to Ethereum’s decentralized finance arena, or DeFi, insurance in particular is a growing area of note. This isn’t surprising, either: insurance was one of the earliest envisioned use cases for Ethereum, as demonstrated by Vitalik Buterin’s brief description of a crop insurance prototype in the platform’s whitepaper.
But moreso than that, the specter of decentralized insurance has spiked anew in the space as a bad actor has launched two DeFi attacks so far in February, and they apparently remain on the prowl for now.
With the stakes as they are then, let’s touch a little further on those attacks as a jump-off point to explore some of the top insurance projects in the Ethereum ecosystem, namely what they can offer users today and what we might expect going forward.
Flash Loan Predator on the Loose: Are You Covered?
This month, the DeFi lending protocol bZx faced sophisticated, back-to-back assaults against its system.
The first attack involved a dastardly market manipulation exploit that netted the blackhat responsible 1,193 ether (ETH), or some $300,000 USD. The second attack, seemingly by the same blackhat, seemed to be an oracle manipulation incident that saw around 2,388 ETH, or nearly $650,000, stolen.
Both transactions involved flash loans, a powerful new crypto primitive that allows users to take out a DeFi loan and pay it back within a single transaction. This new tool gives nefarious agents the ability to blitz unprepared DeFi platforms by borrowing, manipulating, and then profiting within the span of one Ethereum block.
And while there are defenses that can be taken going forward, the bZx system was unprepared for these novel assaults. The platform’s leadership has charted a course to absorb the blows, but the episode has served as a stark reminder that young DeFi platforms are still vulnerable and thus so are the users’ funds therein.
Notably, a few users actually had purchased bZx insurance policies in place before the attacks, but since the exploits didn’t occur from a hack per se but rather through market manipulation techniques, the question arose as to whether they would pay out. What came next will serve as an interesting early case study for DeFi.
Nexus Mutual is a “people-powered” insurance platform on Ethereum. Holders of the Nexus (NXM) token can decide whether claims should be approved for payout from their collectively-pooled fund.
The Nexus Mutual community ultimately responded to the first bZx attack with nuance. While a general consensus emerged early on that a hack hadn’t occurred and thus there wasn’t a direct obligation to honor claims, some key stakeholders highlighted that Nexus’s assessors had full discretion to consider the incident’s unique circumstances and vote accordingly. These folks made the case that even without direct obligations, the project could earn trust and more users from demonstrating that it’s flexible and can payout in borderline cases.
With that said, Nexus’s assesors approved two of the six claims that were received over the first bZx attack for a collective payout of around $31,000. It was the first time the project paid out to claimants.
“It’s never good that people are losing money because there’s a hack, but we are able to prove that the system works,” Hugh Karp, the founder of Nexus Mutual, commented in the aftermath.
Not Perfect, But It’s Something and Can Grow
An interesting wrinkle to consider with Nexus Mutual is that you can take out an insurance policy through it even if you don’t have any funds at stake in the smart contract you want a policy on.
Right now then, a user simply has to request insurance on a particular contract for a particular duration of time, to which Nexus then offers a quote.
This model has raised some concern, with skeptics saying its vulnerable to exploitation, too. For example, consider if a blackhat was about to launch an attack on a DeFi project. As Nexus currently works, the attacker could take out a policy with the project, launch the exploit, and then reap an insurance payout on top of their illicit profits.
That’s obviously not the most optimal opening to have, though Nexus does employ a basic Know Your Customer (KYC) process that means any abusers would leave some sort of trace. The advantage of this structure is it allows regular users to bet on the health of popular smart contracts, which is useful.
Opyn Insurance Hits the Scene
Another project to watch in Ethereum’s insurance sector is Opyn Insurance.
This month, the effort launched its first offering, which allows users to take out put options on stablecoin deposits on DeFi’s popular Compound Finance dApp. These options can be used to cover losses, or even just simply profit, if Compound was struck by catastrophe.
Similar to how Nexus Mutual works, Opyn users won’t have to demonstrate that they own any of the underlying stablecoin in order to take out an option. Where Opyn differs from Nexus, though, is that it doesn’t similarly require a KYC process.
“You don’t have to prove anything to anyone,” the project’s co-founder Zubin Koticha has commented previously.
Interestingly, Opyn’s oTokens — which are what are used to take out options on Compound’s cTokens — can work like oracles with regard to risk. If the price of an oToken starts to rise quickly, it could mean anticipation of a crisis is growing, which is an alarm in and of itself. They’ll certainly be a wrinkle to watch in the years ahead.
Etherisc is also a major insurance project of note, being one of Ethereum’s oldest. Simply put, it’s a decentralized insurance protocol that can be used to build different kinds of insurance products.
For example, the protocol’s builders have designed insured crypto wallet and hurricane protection products. Just this month, the Etherisc team and decentralized oracle play Chainlink unveiled a decentralized flight insurance prototype that can pay out in the event of delayed or missed flights.
“Insurance companies stand to save money on the backend by cutting their overheard for processing claims, as well as improved brand recognition thanks to moving policy arbitration to a neutral third party protocol,” Etherisc explained of the proof of concept.
We’ve only just begun to scratch the service with regard to the types of parametric insurance products — “if this parameter is crossed, pay out” — that can be actualized on Ethereum. Like Vitalik Buterin suggested in the Ethereum whitepaper, crop insurance is but one fertile avenue to explore here.
Another aspect to consider going forward is how decentralized solutions can bring superior transparency to the insurance industry. The on-chain auditing and KYC possibilites of such solutions can help clamp down on claims fraud, not to mention that these tools can be used to automate many related processes.
Accordingly, there’s plenty of room for more insurance projects on Ethereum, though from the examples above it’s clear that there’s already an early groundswell of interesting efforts that are pointing the way to an even more robust DeFi insurance sector in the future.
William M. Peaster is a professional writer and editor who specializes in the Ethereum, Dai, and Biticoin beats in the cryptoeconomy. He's appeared in Blockonomi, Binance Academy, Bitsonline, and more. He enjoys tracking smart contracts, DAOs, dApps, and the Lightning Network. He's learning Solidity, too! Contact him on Telegram at @wmpeaster