What is Crypto Insurance and should I buy it?

22 October, 2019

Whenever news of a cryptocurrency exchange being hacked makes its way across the wires, you start seeing a bunch of blog posts and opinion pieces talking about cryptocurrency insurance. The end result is a community of small-time crypto investors wondering what insurance is and whether or not they should buy it. This post will answer all such questions.

As you read, remember two things: cyber security continues to be one of the greatest risks the industry grapples with and the total market capitalization of the industry is now in the hundreds of billions of dollars. That is a lot of money tied up in assets that most certainly give hackers plenty of reason to ply their trade against exchanges, wallet services, etc.

Introduction to Cryptocurrency Insurance

We will start this post by answering the second question first. No, you should not buy cryptocurrency insurance yourself. First of all, there are not any major insurance companies that offer policies to individual cryptocurrency owners. Second, even if you could find an insurance underwriter willing to offer you a policy, it would probably cost so much that it would not be worth the value it offered.

So what is cryptocurrency insurance? It is a commercial insurance product intended to cover exchanges and other crypto related businesses. For example, a Lloyd's of London policy covers about 2% of the crypto held by Coinbase - just in case Coinbase ever gets hacked. It is very similar to how banks are covered.

When you deposit money in a bank, building society, or credit union, your deposit is insured by extension. In other words, the financial institution is insured against loss by either a government insurance program or a private insurance. The details differ based on where you live.

Should the financial institution face a significant loss of its assets due to circumstances covered by the insurance, those assets would be replaced by the institution's insurance policy. Your deposit would be covered by the insurance inasmuch as the financial institution itself is covered. However, you still don't take out individual insurance on your bank deposit.

Cryptocurrency insurance works the same way. Should a hacker manage to get in and steal all of the holdings Coinbase keeps in its hot wallets, their insurance would cover those losses. Customers would theoretically not be affected in any way. We say 'theoretically' because Coinbase does not cover all of its holdings. It only covers what is in hot storage.

Cold Storage is less vulnerable

Coinbase is one of the leading exchanges/brokerages in the cryptocurrency space. In 2018 alone, their global revenue was in excess of $500 million. Its market cap is well over the $100 billion mark. So why does their insurance policy have a $255 million limit? Because only hot wallet holdings are covered.

Like so many other exchanges, Coinbase does not leave all its assets in hot wallets. They couldn't. Doing so would be risking financial suicide. Some 98% of the company's holdings are kept safe in cold storage where they enjoy the strongest protection against hackers. The 2% kept in hot storage is only there to help the company facilitate daily trades.

Assets in cold storage are generally thought to be secure enough as to not require insurance. While they are not completely secure from all theft, cold storage utilizing the right encrypted hardware and software is pretty darned secure. In the event the company's cold storage were ever compromised, there simply wouldn't be enough insurance to cover all the losses. Nonetheless, Coinbase users are not terribly at risk.

Why insurance is necessary

Companies like Coinbase view cryptocurrency insurance as no different from bank insurance. They have seen from past history what happens when banks are not adequately covered by government or private insurance policies. All it takes is one event to cause a catastrophic loss of resources that puts the bank out of business and subjects management to prosecution and civil litigation.

Smart cryptocurrency exchange owners know better than to put themselves in the same position. They also know that the potential loss-inducing events their industry faces are far different from the kinds of events that would cause losses among banks.

Banks, building societies, and credit unions are insured because they face the potential of significant loss in the event something goes wrong in the financial sector. For example, remember the stock market crash of 1929. It devastated the U.S. economy and sent shock waves throughout the rest of the world. Banks found themselves underwater faster than a box full of fishing weights.

Cryptocurrency exchanges are less affected by financial markets. Their greatest concern is one of theft. Exchanges are routinely targeted by hackers who can break in and steal even with rudimentary skills. Some of the most accomplished hacks have been pulled off through the simple practice of phishing.

With Bitcoin still trading at about $8,000, there is a lot of incentive to hack. You could be sitting on more than $1 million just by stealing a few dozen coins. It doesn't take much. The unfortunate thing for exchanges is that they cannot effectively do business and keep all of their holdings in cold storage. It doesn't work. Some of what they hold has to be exposed in hot storage to actually run their businesses - ensuring they are constantly vulnerable. This is why insurance is so necessary.

Underserved but gaining traction

It is not uncommon for bank insurance to be handled by government regulators. In the U.S., bank deposits are covered by the FDIC, a quasi-independent entity that is owned and operated by the federal government but funded by premiums paid by the covered banks. Its equivalent for credit unions is the National Credit Union Administration (NCUA).

Cryptocurrency exchanges do not have the luxury of purchasing the same sort of federal protection in the U.S. We don't know of any other national government that provides insurance to the cryptocurrency industry either. That leaves matters to private insurance providers like Lloyd's of London.

As of right now, the cryptocurrency industry is terribly underserved by insurance providers. Insurance companies have taken a hands-off approach to date for a number of reasons. First, the ever-present threat of volatility makes a lot of insurance companies nervous. It is hard for them to place a value on an insurance product if they cannot rely on the value of the asset they are covering.

Another point that causes anxiety among insurers is the current lack of regulation. No one really knows where cryptocurrency stands from a regulatory standpoint because so few countries have a comprehensive regulatory regime in place. That leaves insurance companies scratching their heads about how to cover cryptocurrency assets.

The good news is that insurance is gaining traction. Slowly but surely, providers are figuring out how they can cover cryptocurrency assets without putting themselves at risk. The fact that Lloyd's of London offered Coinbase a $255 million policy demonstrates confidence that they can cover most kinds of losses that a client might suffer.

Keeping your own cypto safe

Cryptocurrency insurance is a good thing to have if you operate an exchange or brokerage. If you are a single investor - regardless of how much money you have in crypto - insurance is probably not available to you. That doesn't mean you're helpless. There are still things you can do to keep your digital assets safe.

At the top of the list is utilizing cold storage. If you are keeping your assets on an exchange, you are exposing them to any potential loss the exchange might suffer. If that exchange doesn't have an insurance policy to cover its own losses, any breach could mean you lose your assets as well. You solve that problem by taking your assets off the exchange and holding them in cold storage.

Cold storage could be anything from a USB flash drive to a paper ledger. Every cold storage option has one thing in common: it is not connected to the internet. Any device that is connected cannot, by definition, provide cold storage. What does that mean? It means a digital wallet sitting on your computer is not cold storage if your computer connects to the internet. The same with your phone or tablet.

The two best cold storage options are paper documents stored in a safe deposit box and a purpose-built USB storage device with embedded encryption. Use these two methods and your assets will be quite secure. And by the way, do not just utilize one storage solution. Choose a primary solution and then a secondary backup. You always want a backup of your storage in case your primary storage is lost or damaged.

With hundreds of billions of dollars in cryptocurrency assets floating around out there, it's no wonder hackers are working night and day to get their hands on some of it. It doesn't take much to make you a millionaire if you know how to break into an exchange and steal its hot assets. As such, growing numbers of exchanges are looking into cryptocurrency insurance. It's good that insurance companies are gradually warming to this market.