-
Cryptocurrencies
-
Exchanges
-
Media
All languages
Cryptocurrencies
Exchanges
Media
Share
Author: Gate Ventures Source: medium

In the past year, the cumulative losses in the DeFi field have reached US$2.02 billion, and only about 5% of the funds can ultimately be recovered. This size is equivalent to approximately 1.1 times Curve Finance TVL, showing that security incidents continue to present an overall industry capital base.
Since March this year, many topical security incidents have occurred in the DeFi field:
Solv Protocol lost US$2.73 million due to a vulnerability caused by repeated minting in the mint() function; Venus Protocol was bypassed on BSC due to a supply replenishment verification gap, resulting in US$2.18 million in bad debt; Resolv Labs illegally minted approximately US$80 million in unsecured USR due to private key leaks, ultimately causing a loss of approximately US$25 million in funds; and Drift Protocol suffered the largest attack in 2026, with losses exceeding 2.8 The attacker attacked the deployment path weeks in advance, obtained 2/5 multi-signature approval through social engineering, completed the final management authority takeover, and transferred more than half of the protocol funds in a short period of time. In addition, KelpDAO also caused rsETH risk overflow and liquidity squeeze due to underlying asset security incidents, further amplifying LRT-related market pressure.
These incidents reveal a cruel reality: no matter how advanced the technology is, user funds are always faced with tail risks that cannot be completely eliminated.
In fact, DeFi has established quite an amazing foundation in other areas over the past few years:

Basic layer: Ethereum completes the facility The Merge, and L1/L2 such as Base and Solana continue to provide a deep and high-throughput execution environment. The stability and reliability of the chain have gradually approached the traditional financial infrastructure.
Network/income layer: Aave, Morpho, Kamino and other protocols have formed a relatively mature on-chain network market; Pendle further realizes interest rate segmentation, making income products in urgent need of enrichment.
Strategy/asset management level: Professional risk management teams such as Gauntlet, Steakhouse Financial, and MEV Capital have begun to participate in the market as "on-chain fund managers" and proactively manage risks and returns.
But even so, the entire DeFi stack is at the critical stage of "risk transfer", and there are still obvious gaps so far.
The traditional financial system can carry hundreds of billions of dollars in assets. It relies not only on supervision, but also on a complete set of risk transfer mechanisms: bank deposits are guaranteed by the FDIC, securities accounts are backed by SIPC, and institutional transactions are hedged by credit derivatives.
The insurance industry serves as a "shrinker of the financial system." Global insurance premium income accounts for approximately 6-7% of global GDP. If the asset management scale held by insurance companies is included, its influence on the capital market far exceeds this proportion.
In contrast, the premium scale of on-chain insurance products is less than 1% of DeFi TVL. The gap between the two itself is a magnitude signal of market opportunity.
The types of risks faced by DeFi are highly complex and heterogeneous, including smart contract vulnerabilities, stable currency decoupling, opportunity failure, etc., and these risks often exist at the same time and overlap with each other. Unlike traditional insurance, DeFi lacks long-term and verified historical compensation data, making it difficult for traditional actuarial models that rely on long-term loss distribution and accident frequency to effectively function.
At the same time, the boundaries of DeFi risks are far more blurred than traditional insurance. Insured objects in traditional insurance, such as houses, vehicles or people, usually have smooth and independent risk boundaries; in DeFi, protocols are highly composable, and the failure of an underlying component will often flow outward along the liquidity, cargo, security strategy and southeast path, forming a cross-protocol chain loss. Making coverage, liability, and losses all more difficult.
The insurance business essentially locks in large amounts of reserves in advance to cover potential liability; however, in the DeFi ecosystem, users and liquidity providers tend to allocate funds to strategies that can continue to generate higher returns, such as lending, market making, arbitrage, or income aggregation.

In contrast, the returns provided by most current on-chain insurance pools are generally lower than mainstream DeFi return levels, making it difficult to compete with these more attractive uses of funds. Under this opportunity cost constraint, it is often difficult for insurance to continue to attract cyclical underwriting funds, which further improves the financing depth and scale expansion capabilities of insurance products.

Despite this shortcoming, we are already observing the first rudiments of the insurance/risk ecosystem:
One end is an underwriting capital pool such as Nexus Mutual that truly undertakes the risk transfer function; the other end integrates Catalysis and OpenCover embedded mechanisms and product path cleaning, while supporting risk ratings provided by Credora, LlamaRisk, etc., risk verification provided by Accountable, etc., and real-time risk detection capabilities provided by Hypernative, Blocksec, etc.
First define four functional layers.
Underwriting/underwriting is the underwriting layer that ultimately absorbs losses, prepays premiums, and adjudicates compensation, and embeds insurance into the vault or product flow, so that underwriting is no longer a plug-in.
Risk ratings convert risks into comparable scores, capital recommendations and parameters.
Verification confirms whether assets, holdings and reserves truly exist and can be verified on-chain.
Pre-loss detection provides alternative trading methods, simulations or automated breakouts
These four layers together constitute the analytical framework of this article.
The core design of Catalytic Guarantee is to embed risk directly into the DeFi vault, making it part of the asset allocation path, rather than an additional external insurance product purchased by users. In other words, when users deposit funds into the vault, they will automatically receive corresponding risk protection, without the need to search for an insurance agreement separately.
In terms of mechanism, Catalyst connects three types of participants into a complete on-chain underwriting process:

First, retakers deposit assets such as ETH, BTC or stablecoins into remortgage protocols such as EigenLayer and Symbiotic to form an economic security capital pool that can be punished. These funds constitute the original underwriting capacity of the system; secondly, these funds are Assigned to different CoverPools, each CoverPool corresponds to a specific category of risk, such as a specific lending vault or yield strategy; finally, vault users pay an underwriting fee as the cost of obtaining risk protection, and these funds are allocated to retryers who provide underwriting funds.
In catalysis, risk pricing is not judged by the insurance committee on a case-by-case basis, but is automatically executed through a set of parameter models preset by the agreement team. The overall logic can be understood as: risk rating, the more penaltyable underwriting capital that needs to be allocated, the corresponding cost measurement.
Specifically, each CoverPool will set risk underwriting capacity, reduction ratio and rate parameters for different types of vaults to determine how much re-mortgage capital needs to be locked as protection and how much underwriting fees users require. These fees essentially cover the cost of what can be understood as “underwriting capital.”
At the same time, when underwriting funds are sufficient, the corresponding funding rates are also affected by capital raising: when available underwriting funds are sufficient, costs decrease; when capital is scarce, rates increase. This makes risk pricing determined both by protocol parameters and by market supply and demand.
OpenCover also belongs to the "embedded guarantee infrastructure", but it is not the final underwriter. Instead, it was originally the distribution and shaping insurance platform of on-chain products, responsible for packaging the underlying underwriting capabilities into modules that can be directly connected to the DeFi product path.

As for the underwriting structure, OpenCover itself does not provide underwriting capital.
The actual underwriting behind Covered Vaults is provided by Nexus Mutual: when users deposit contributions into the vault, Nexus Mutual's pledge pool will lock the corresponding number of NXM according to the real-time protection scale as verifiable underwriting capital on the chain, so that the protection capability can be expanded simultaneously with the vault's risk protection exposure.

In terms of risk pricing, the rate guarantee of Covered Vaults is not fixed, but is dynamically priced along the same mechanism as Nexus Mutual.
To put it simply, the underwriting pool manager will first set the minimum rate of funds, and then adjust the final price based on changes in supply and demand: when the protection demand of other vaults rises rapidly and the underwriting capacity is heavily occupied, the price will automatically increase; conversely, when funds are sufficient and demand is low, the price will gradually fall back. Overall, this is a set of on-chain pricing that dynamically changes with risk and occupancy.
At present, there are several institutions on the market that focus on DeFi risk assessment, starting from three different directions: credit scoring, verifiable data infrastructure and dynamic parameter simulation, forming an important foundation for on-chain insurance pricing and risk management.
Credora is currently the quantitative risk scoring system closest to traditional credit rating agencies (such as S&P and Moody's) in the DeFi field. Launched by RedStone, it specifically conducts systemic risk ratings for tokens, lending markets and Vault portfolios, and provides quantifiable capital allocation for protocols.
1) Token Rating
Calculate the probability of default (PSL) for LST, stablecoins and other assets, and the cross-benchmark determination methodology is combined with risk correction factors to generate risk base shares.
2) Leverage market rating
Distinguish between different market structures:
Isolate Demon Market (such as Morpho): Use Monte Carlo to simulate large-scale terror, repeatedly infer that an event may happen, and finally speculate on the probability distribution of the result. Mainly depends on "when a certain devil product has a problem, the market will not shrink significantly."
Mortgage market (such as Aave, Spark): The structure is more complex, because similar assets may be borrowed and mortgaged repeatedly, and risks will become a basic layer. Therefore, the key assessment is: if there is a problem with the underlying assets, this chain use will not amplify the risk and ultimately affect the entire market.
3) Strategy portfolio rating
Think of Vault as a cross-market asset portfolio that, in addition to basic allocation, also incorporates manager capabilities and governance structure quality.
Rating method

Adopting the A+ to D rating system, based on the historical default rate data of the three major rating agencies from 1990 to 2023, and establishing a PD curve with an exponential function, so that traditional credit ratings can be mapped to the DeFi risk distribution range.
Unlike Credora, the core of LlamaRisk is not scoring, but the establishment of a verifiable and on-chain risk data framework to solve one of the most critical issues in DeFi: data credibility.
Primary Core Components
SAVE Framework (Structured Authentication and Verification Engine)
A set of open source TypeScript tool libraries for converting formatted financial data into verifiable records on the chain, including:
Claim: Statement of Facts
Proofs: cryptographic proof
Proof: Signature evidence published on the chain and stored in IPFS
The specific content is not limited to reserve certificates, but also includes collateral quality strategies and vulnerability verification.
LlamaGuard Kit
RWA risk management tool set built on SAVE:
LlamaGuard Proof: automated financial data storage
LlamaGuard NAV: Bounded NAV front-end engine based on Chainlink
LlamaGuard Actions: condition-triggered risk response mechanism
Multiple protocols including Aave, Curve, Midas, Ethena, etc. are also used to obtain risk judgments, such as liquidity conditions, changes in capital utilization, prediction machine price leadership, etc. This information can help teams learn more about setting reserve sizes, debt ceilings, and other key risk parameters.
Chaos Labs is currently one of the most extensive DeFi risk analysis platforms, focusing on real-time simulation, market stress testing and risk parameter optimization.
The first is dynamic risk monitoring, which is a real-time tracking of key indicators of the protocol on multiple chains, including total supply and lending scale, capital circulation, Manhattan events, as well as collateral concentration and risk exposure of whale addresses; currently, its monitoring scope covers an asset supply scale of more than 63.7 billion US dollars, as many as multiple mainstream public chains.
The second is risk exposure simulation, which is an extreme stress test for market collateral, such as a sharp drop in collateral prices, rapid contraction of liquidity, or a single asset experiencing concentrated selling, to assess the solvency and potential bad debt risks of the protocol under these circumstances.
Third, it is parameter optimization, that is, based on the simulation results, suggestions for adjustments to the key risk parameters of the agreement, such as LTV, tariffs and interest rate curves, are provided to help the agreement achieve a better balance between capital efficiency and risk control.
What the verification layer needs to solve is the underlying issue: whether the data on the chain is authentic and trustworthy.
If there is a lack of reliable assets, reserves and reserve verification mechanisms, no matter how sophisticated the risk model is, it may be based on wrong premises. As far as the current market is concerned, the more representative verification infrastructure mainly includes Chainlink Proof of Reserve and Accountable.
Chainlink PoR is currently the most mature on-chain reserve verification network. It is mainly used to verify whether stablecoins, cross-chain assets and RWA are fully mortgaged. The core goal is to reduce DeFi’s trust risk in the authenticity of off-chain assets.

The general process can be divided into: first, the audit agency or data provider continuously collects reserve information, and then the Chainlink decentralized front-end computer network verifies and recognizes it. When the reserve change exceeds the preset value or reaches the fixed update time, the data is written to the chain for direct call by the protocol.
The key value of PoR is that it not only displays data, but can also further expand the access protocol logic:
Secure Mint: New minting is only allowed when reserves are sufficient to avoid unsecured issuance
Circuit breaker: When the host is abnormal, it can automatically trigger the suspension of the network or related operations
Accountable Capital makes up for the core blind spot of traditional PoR: it only verifies assets, not stocks.

Looking at assets alone does not prove the health of an institution, as it may still be carrying larger hidden liabilities at the same time. The core responsible approach is to use zero-knowledge proofs to simultaneously verify assets and liabilities without exposing sensitive information, thereby providing a more complete proof of solvency.
Its core architecture, the Data Verification Network (DVN), will continue to integrate multiple types of data sources, including on-chain addresses, custody accounts, bank accounts, internal accounting systems and contract positions, and generate ZKP after local encryption processing to prove whether an institution has sufficient net solvency, including public specific addresses, API golden keys or trading strategies. (9)
In the recent past, we only look at the existence of reserves, and we need to further verify the overall financial situation. It is especially suitable for institutional strategies or currency stabilization structures that continuously reveal leverage, hedging positions and reserve obligations.
Another key question addressed by the risk monitoring layer is: Can an attack cause damage before it is detected in time and breaks out?
Auditing is a static check before deployment, while the detection layer protocol is a "real-time immune system" after it goes online. One of the most important infrastructures currently is Hypernative.

Hypernative's core capability lies in using machine learning, transaction simulation, graph analysis and memory pool monitoring to continuously track abnormal activities from multiple dimensions. In other words, it does not just look at whether there are vulnerabilities in the contract itself, but monitors whether attacks are brewing, such as abnormal transaction paths, future opportunities, abnormal governance operations, front-end phishing or cross-protocol related behaviors.
The real value of this detection capability is as long as it can be directly connected to automated risk control. When the system determines that the risk reaches a certain level, the protocol can immediately suspend the market, freeze specific functions, adjust LTV or borrowing limits, quarantine suspicious assets, and even intercept transactions before they enter the block.
Compared with traditional auditing that provides static reports before deployment, this type of detection system provides continuous protection during operation: the audit answer is "What problems may there be", while the detection answer is "Isn't something happening now?"
If the DeFi insurance market is to truly move towards scale, there are at least several core issues that need to be resolved.
First of all, the funds accepted are generally low at present, and compared with other guaranteed income opportunities on the chain, they are obviously not attractive enough. Whether it is market making or a general income aggregation strategy, funds tend to find higher returns.
Then the question will return to the underlying supply and demand logic: If the risk compensation obtained from the underwriting insurance capital pool is not high enough, then who will be willing to provide funds in the long term to bear these tail risks?
Second, for the insurance layer to truly play a role, the underwriting fund pool itself must be large enough to cover losses caused by medium- and large-scale security incidents. In events like black swans, potential losses could reach hundreds of millions of dollars.
Of course, the responsibility of risk management cannot be completely solved on the insurance side. The protocol itself also needs to use time locking, withdrawal speed limits, etc. to try to prevent liquidity from being drained instantly in a single event. However, in this case, the effective insurance capital pool still needs to be of considerable size to form a guarantee.
More importantly, compared to TradFi, DeFi has a higher frequency of security incidents and more attack paths, which also means that the amount of capital required by the insurance layer will be larger, and the expansion paths will naturally be higher.
Third, the “stop-loss structure” of the current DeFi protocol at the system design level is still obviously insufficient, making it difficult for the insurance layer to effectively price risks.
From an insurance perspective, a key issue is not whether an attack will occur, but that when an attack occurs, losses can be structurally limited. The reality is that many protocol administrators still complete large-amount fund transfers, parameter modifications, and contract upgrades in a very short period of time. Once the permissions are breached, the results often show the characteristics of "instant release", resulting in LGD (Loss-given-default) close to 100%.
Under this structure, insurance funds are actually taking on unlimited tail risks, which are almost impossible to underwrite commercially.
In contrast, if the protocol is introduced in terms of design:
Withdrawal speed limit (rate limit)
Single transaction/single day limit
Default fund flow whitelist
Forced time lock
This can significantly reduce the maximum loss scale of a single attack and transform the risk from "catastrophic" to "measurable", so the insurance layer can establish a reasonable pricing mechanism.
Fourth, there are still a lot of "unknown unknowns" in the basic technical structure of DeFi, which determines that on-chain protocols still face constant new attack surfaces.
A few recent cases are very typical: Drift’s problem stemmed from the administrator’s private key being compromised by social engineering; KelpDAO’s incident was related to the interception of 1-of-1 validator configuration. When receiving cross-chain messages through LayerZero, only a single node is responsible for verification before funds are released, resulting in a critical single point of failure in the system.
Risks like this do not necessarily come from code vulnerabilities themselves, but may also come from multiple levels such as permission design, cross-chain verification, operational processes, and human defects. In other words, there are not only “known risks” on the chain that need to be managed, but there are also a large number of potential risks that have not been fully identified.
As real-time security monitoring platforms such as Hypernative and risk assessment tools such as Chaos Labs and LlamaRisk have appeared on the market, the entire DeFi risk management framework still needs a longer period of iteration to become truly mature and reliable.