Brief rundown of how the industry is starting to grow up and hedge itself with insurance.
by Philip Lee Abdullah
Continued from Part 1.
Crypto companies are already actively seeking insurance.
These are some chronological examples of insurance activity and how they are developing the industry. Long story short, there is clear demand and large insurers are moving in to fill it.
In February 2019, BitGo a crypto company providing digital asset wallet and custody solutions, announced that it would get $100 million comprehensive insurance cover from Lloyd’s of London, the world’s oldest and most established insurance marketplace (over 300 years old).
The condition is that the offline private keys must have been fully held by BitGo which will insure it in the event of third-party hacks or theft of private keys, insider theft by employees of private keys, and/or physical loss or damage of private keys. Most importantly, the premium is absorbed by BitGo and there is no additional cost to BitGo clients.
This was soon followed in April 2019 by the leading exchange Coinbase. The world’s number two insurance broker Aon helped Coinbase arrange $255 million worth in coverage for its hot wallets (online servers) against third party attacks and sourced it from a group of US and UK insurance companies, including some Lloyd’s of London syndicates. Coinbase is co-insurer under the policy along with these third party underwriters.
Coinbase keeps only 2% of its assets in hot wallets to serve liquidity needs, with the remaining in cold storage. Separately Coinbase also provides its own institutional-grade custody arm for hedge funds and family offices, with over $7 billion of cryptocurrency assets under management.
Later in September 2019, Marsh the world’s largest insurance broker was brought in to arrange a comprehensive insurance program for a new crypto custody company called KNØX, backed by Fidelity. What truly stands out is that the coverage extends to cases of external theft and internal collusion, up to the full value of their holdings. KNØX plans to charge a fee starting from 1% of assets in custody based on the insurance allocation they select, which can be as high as 100% of the value of their holdings.
In January 2020 this year, Gemini (owned by the Winklevoss twins) took an insurance coverage of $200 million on its crypto assets for users of its exchange. This was touted at that time as the “the largest limit of insurance coverage purchased by any crypto custodian in the world for offline and segregated custody.”
It is done through a “captive insurance” outfit known as Nakomoto set up by the Winklevoss twins themselves, registered in Bermuda and licensed by its Monetary Authority. It is aided by Aon which acts as captive manager and Marsh which brokers excess insurance. A captive insurer is defined by the International Risk Management Institute as an “insurance company that is wholly-owned and controlled by its insureds”. Its primary purpose is to insure the risks of its owners e.g. when the pricing for insuring a firm becomes too high and no insurance company shows interest in insuring that firm. Its insureds benefit from the captive insurer’s underwriting profits.
The following month, in February 2020, Bittrex topped Gemini’s record and offered $300 million on digital assets held in cold storage. The exchange stated that this will protect the holdings of its users from “external theft and internal collusion”. “External theft” refers to theft done through physical intrusion into Bittrex’s cryptovault, seeing that cold wallets can’t really be hacked.
Bittrex worked closely with Marsh to get the cover placed with Arch Syndicate 2012. The cover resembles Arch’s Blue Vault that offers $150 million limits and covers both external and internal theft of digital assets.
[Chart by Etherisc]
A few weeks ago, Lloyd’s launched a new policy product to protect against online wallet theft and hacking attacks. This is targeted not just at exchange users, but retail investors and new crypto entrants should their wallets get hacked. The limits are flexible and range between £1,000 and £100,000. Lloyd’s syndicate called Atrium, which represents a group of underwriters, created the policy amid an increase in reports of crypto hacking attacks.
UK-based startup Coincover contributed to this first-one-of-its-kind policy, which is also backed by a panel that includes other Lloyd’s insurers, such as TMK and Markel. All panel members are part of Lloyd’s Product Innovation Facility (PIF). Coincover has been offering insurance on hot wallets in BitGo against external hacks, with damages that can be paid out in as little as 48 hours after investigation of the claim is done.
Insurance has become necessary hygiene in crypto.
A few years ago, crypto exchanges and custodians were hard-pressed to find any willing insurers and struggled to compensate losses for digital assets. This is not the case anymore. The industry has matured and users are more discerning nowadays.
Insurance protection will help to separate the wheat from the chaff. New crypto-curious investors who want to enter and “risk on” digital assets at current market conditions will definitely find it attractive. Digital assets are not legal tender issued by sovereign banks and crypto companies are not savings institutions or registered brokers. Therefore their holdings will not be protected by federal deposit insurance or securities investor programs.
Crypto companies that do not want to fork out heavy premiums can choose to self-insure or accept responsibility of funding / underwriting the loss. Major exchanges like Bitmex and Huobi typically set aside a reserve for this purpose. Kraken has reportedly put away almost $100 million worth of BTC in cold storage as a security fund.
While this is supposed to be an emergency reserve to help them cope with an adverse situation or recover from disaster, critics have pointed out it is at the whim of the company on whether to use it or not. Bitmex was accused of barely using its giant 35,000 BTC fund during a recent mass liquidation event when prices crashed causing widespread investor losses. The company might also be tempted to use it for self-interest or any situation that falls upon them first e.g. Bitfinex was accused of dipping into their $850 million USDT reserves to manipulate their yearly losses.
One best practice is Binance, which clearly stipulates what the insurance fund is for (e.g. “limit occurrences of counterparty-liquidation”) and the situations where it is used (e.g. “to cover losses when the client accounts go below zero in value”). It also has a SAFU fund subsidized from trading fees, which was famously used to refund all victims after its $40 million hack in May 2019 – in full!
With a precedent like this, it is no wonder why insured platforms have become the preferred choice for users.
Disclaimer: The views and opinions expressed in this article are solely those of the author, and do not reflect the official policy or position of any organisation, employer or company.
About the Author: Philip Lee Abdullah is currently working for multinational insurance broker and was previously engaged as the in-house counsel for a multinational crypto solution provider. Celebrus Advisory provided the research for this article.