By cryptoadmin The 2020 'DeFi Summer' arrived with a bold promise: a financial system without intermediaries, yet transparent and accessible to anyone worldwide. However, today, billions of dollars flow through decentralized finance, exposing investors to the risk of hacks, yet almost none of it is insured.
In the last six years, since DeFi was coined, uninsured lending protocols have lost $7.7 billion to exploits, according to data source DeFiLlama. In April 2026 alone, over $600 million was lost in security events, with Drift and Kelp DAO hacks leading the way.
Read more: The $292 million Kelp DAO exploit shows why crypto bridges are still one of the industry's weakest links
These incidents, however, exposed a bigger issue: a lack of insurance protection in the DeFi sector.
“Less than 2% of DeFi’s TVL is covered or insured, and we see that as one of the largest barriers to real DeFi adoption,” Nexus Mutual’s Founder Hugh Karp told CoinDesk in an email interview. Today, DeFiLlama lists 28 insurance protocols, but Nexus Mutual accounts for nearly the entire sector’s $123.5 million in total value locked — just 0.14% of DeFi’s broader $83 billion market.
This mismatch between risk and coverage sits at the heart of the problem. Early DeFi insurance products focused on smart contract bugs, which were easier to audit and price. But attackers have shifted tactics. Recent exploits often stem from offchain failures such as compromised private keys, phishing scams or social engineering.
"Many of the largest hacks have originated offchain from operational security failures," Karp said.
These risks are harder to insure, but without clear standards for how teams manage infrastructure and security, insurers face a huge challenge when pricing policies. "The premiums required become prohibitively expensive," Karp said.
The Kelp DAO exploit illustrates the gap: cybercriminals manipulated a bridge mechanism to access real assets, then used them as collateral on Aave. Karp said, "The core failure of bridge risk isn't something that would have been covered." Even when coverage applies, it can be indirect as losses may only qualify if they trigger downstream effects, such as bad debt in lending markets caused by frozen oracles.
Yield or protection?
So why do users demand better security for their investments in a risky asset?
The answer is simple: Many DeFi participants prioritize returns over protection. Paying 2%–3% in insurance premiums can significantly cut into profits, especially in strategies built on narrow margins.
"Most DeFi users are yield-driven and do not want to give up several percentage points of return for cover," said Dan She, senior audit partner at CertiK.
The DeFi insurancesector also faced a deeper structural issue: many of its protocols were built on the same infrastructure vulnerabilities hackers routinely exploited, creating a circular risk. Despite that, the decentralized insurance sector saw growth during the early days of 'DeFi Summer,' rising quickly from roughly $3 million in early 2020 to $1.89 billion in November 2021.
Nexus Mutual, Cover Protocol, InsurAce, Tidal Finance, and Bridge Mutual were leaders in that short-lived DeFi Summer.
Ironically, Cover Protocol was hacked and then collapsed, while Armor.fi, Bridge Mutual and Tidal, all either flatlined or vanished between 2021 and 2024 due to several issues, including unsustainable tokenomics and conflicts of interest.
Even Nexus Mutual’s founder, Karp, whose protocol has been operating since 2019, covering more than $6.5 billion in value and paying out just over $18.5 million, says these numbers are a fraction of what the market needs.
Risk on top of risk
So what went wrong?
Some critics argue the model itself is likely flawed. Gaspard Peduzzi, founder of Spectra Finance, said insuring DeFi risk with other DeFi protocols creates additional exposure. "You were just stacking counterparty risk on top of the counterparty risk," he said.
Matthew Pinnock, COO at Altura, pointed to another weakness: capital backing insurance pools are often exposed to the same risks as the protocols they cover. "When exploits hit, the capital backing the cover was often exposed to the same risks as the underlying protocol, so it evaporated precisely when it was needed most," he said.
The result is a system where losses still land somewhere — often on users least equipped to absorb them. According to Nexus Mutual's Karp, a typical scenario following a major exploit: protocol safety modules absorb initial losses, treasuries take the next hit, and, if those fall short, regular depositors face reductions in their holdings.
"In practice, when there's no cover, the cost falls disproportionately on the least sophisticated participants," Karp said.
There are signs the industry is rethinking its approach, including embedding insurance directly into DeFi products rather than selling it separately. Other experts believe narrower coverage focused on specific risks is better, or, better yet, some say, why not integrate traditional insurance outside the blockchain realm?
For now, DeFi's insurance market remains small not because the need is absent, but because the risks are complex and still evolving. As hacks continue and losses mount, pressure is building to close that gap—or risk slowing the sector's growth.
A DefiLlama chart accompanying the story shows total value lost to crypto hacks by attack method since inception, with private key compromises accounting for the largest share, followed by phishing attacks targeting multisignature wallets.