Under 2% of DeFi’s $83 Billion Market Is Insured, Leaving Users Exposed to Mounting Losses

Image credit: Shutterstock

Decentralized finance has accumulated $83 billion in total value locked, yet fewer than 2% of those assets carry any insurance coverage, according to Nexus Mutual founder Hugh Karp, who told CoinDesk that the gap represents “one of the largest barriers to real DeFi adoption.” 

The shortfall has persisted even as uninsured lending protocols have lost $7.7 billion to exploits since the term “DeFi” was coined six years ago, per data from DeFiLlama. In April 2026 alone, more than $600 million was lost in security incidents, with hacks of Drift and Kelp DAO among the largest events.

DeFi Insurance Protocols Hold Just $123.5 Million Against an $83 Billion Market

DeFiLlama currently lists 28 active insurance protocols, but Nexus Mutual accounts for nearly the entire sector’s $123.5 million in total value locked, which amounts to just 0.14% of DeFi’s broader market. Karp said: 

“The protocol has been operating since 2019, covering more than $6.5 billion in value and paying out just over $18.5 million in claims, figures that are a fraction of what the market needs.”

The early DeFi insurance boom tracked the broader market closely. Decentralized insurance protocols grew rapidly from roughly $3 million in early 2020 to $1.89 billion in November 2021. Leading participants at the time included Nexus Mutual, Cover Protocol, InsurAce, Tidal Finance, and Bridge Mutual. 

Cover Protocol was subsequently hacked and collapsed, while Armor.fi, Bridge Mutual, and Tidal either flatlined or disappeared between 2021 and 2024 due to unsustainable tokenomics and conflicts of interest.

Attack Methods Shifted to Offchain Risks That Proved Harder to Price and Cover

Early DeFi insurance products were designed around smart contract vulnerabilities, which were more straightforward to audit and price. But the attack surface has shifted. According to Karp:

“Many of the largest hacks have originated offchain from operational security failures, including compromised private keys, phishing scams, and social engineering.” 

A DeFiLlama chart accompanying the original reporting shows private key compromises accounting for the largest share of total value lost to crypto hacks since inception, followed by phishing attacks targeting multisignature wallets.

Without clear standards for how teams manage infrastructure and security, Karp said, pricing these policies becomes nearly impossible. “The premiums required become prohibitively expensive,” he said. 

The Kelp DAO exploit illustrated the gap directly: cybercriminals manipulated a bridge mechanism to access real assets and used them as collateral on Aave. Karp said the underlying failure was outside coverage terms, adding: 

“The core failure of bridge risk isn’t something that would have been covered. Even when coverage technically applies, losses may only qualify if they trigger downstream effects, such as bad debt in lending markets caused by frozen oracles.”

Users and Protocol Design Have Both Contributed to Low Adoption

Dan She, senior audit partner at CertiK, attributed low uptake partly to user behavior. “Most DeFi users are yield-driven and do not want to give up several percentage points of return for cover,” she said. Insurance premiums of 2% to 3% can significantly reduce profits, particularly in strategies built on narrow margins.

Structural problems within the insurance protocols themselves also played a role. Gaspard Peduzzi, founder of Spectra Finance, said insuring DeFi risk with other DeFi protocols compounds exposure rather than reducing it. “You were just stacking counterparty risk on top of the counterparty risk,” he said. 

Matthew Pinnock, COO at Altura, identified a related weakness: 

“When exploits hit, the capital backing the cover was often exposed to the same risks as the underlying protocol, so it evaporated precisely when it was needed most.”

Losses From Uninsured Protocols Fall Hardest on Least Sophisticated Users

When a major exploit occurs without coverage in place, Karp described a typical loss sequence: protocol safety modules absorb initial losses, treasuries take the next hit, and regular depositors face reductions in their holdings if those buffers are insufficient. “In practice, when there’s no cover, the cost falls disproportionately on the least sophisticated participants,” he said.

Some in the industry are examining alternative approaches, including embedding coverage directly into DeFi products rather than selling it as a separate offering, developing narrower policies focused on specific risks, or integrating traditional insurance providers from outside the blockchain ecosystem. No timetable or specific proposals were identified in the source reporting.