A unique look under the hood of one of the world’s most comprehensive crypto insurance programs
Over the past three years, Coinbase has changed the way some of the world’s leading insurance companies think about risk in the cryptocurrency space. Along the way we built an industry-leading insurance program. Our Chief Information Security Officer (CISO), Philip Martin, shares insights into the program below, along with thoughts on the future for this emerging risk area.
If I had built a list of the things I’d do when I came to Coinbase 3 years ago, it could have included a lot of things. Design innovative hot and cold storage systems? Yep. Build an amazing team? Absolutely. Open source our security tools? Of course. One thing that absolutely would never have been on there? Insurance for Cryptocurrency. But as it turns out, the past 3 years have been an amazing opportunity to help build an industry-leading insurance program for a complex and emerging risk area.
Reading through a lot of the recent news and announcements around insurance for cryptocurrency companies, it’s clear to me that there is a lot of confusion around cryptocurrency insurance. I’d like to fix that with some information about Coinbase’s approach to insurance for cryptocurrency as well as some general context on the related insurance marketplaces.
Our Insurance History
Coinbase has held an insurance policy covering cryptocurrency in our hot storage systems continually since November 19, 2013. The rationale has remained the same the entire time: if the worst happens and Coinbase loses customer funds, customers deserve certainty that they will be made whole. In the traditional banking world, this is largely provided by FDIC insurance. FDIC insurance is designed to cover the most likely consumer loss scenario for consumer banks: insolvency. While Coinbase provides pass-through FDIC coverage for customer fiat deposits, we felt our customers deserve a similar level of confidence for their cryptocurrency holdings.
The data is clear that, today, the most likely consumer loss scenario for any cryptocurrency company is hot wallet loss due to hacking. We secured our first policy to address that risk at the end of 2013 and have maintained a commitment to educating and growing the cryptocurrency insurance market ever since then. We currently hold a hot wallet policy with a $255 million limit placed by Lloyd’s registered broker Aon and sourced from a global group of US and UK insurance companies, including certain Lloyd’s of London syndicates. As an aside, Lloyd’s has an absolutely fascinating history and a complex structure. If you are a budding insurance nerd like me, start here and here.
The phrase “sourced from a global group of top tier insurance companies” can be confusing. Significant programs like ours, especially in emerging areas of risk, are generally put together using a large number of insurance companies who each take positions of loss in a ‘tower’. If a loss occurs, insurers at the lower layers of the tower would pay first, followed by those in higher layers. Multiple insurers may take positions in a single layer, in which case they share a loss. This structure exists to enable insurers to build a diversified portfolio of risk and avoid any one loss wiping out an entire insurer.
We interact with the insurance marketplace in collaboration with our brokerage representative, Aon. Different markets focus on different risks, so a deep understanding of the global marketplace is key to effectively building a program. Over the last 6 years, Aon has helped us navigate this marketplace and bring together a group of insurers who were willing to lean forward and learn about risks in cryptocurrency way before it was a common concept. The two main insurance classes involved in cryptocurrency insurance today are the Crime and Specie marketplaces.
In general, Specie policies available in the market today focus on physical damage or loss of private keys (including employee misuse or theft) in cold storage. The Specie market generally insures fine art, precious metals and the like when in a vault or on display. Generally the way I think about this market is insuring value at rest. They do not generally cover hacking in the traditional sense of the word, nor would they likely cover any kind of blockchain-specific failure. Importantly, that means that a Specie policy would not be responsive to a loss of funds that occurred due to an on-blockchain failure (e.g. a vulnerable smart contract multisig implementation). The best use of Specie policies is as a hedge against major natural or regional disasters, or insider theft/destruction of private key material.
Crime policies are focused on hot wallet losses and include coverage for losses due to hacking, insider theft, fraudulent transfer, etc. including fiat and crypto currency, in addition to the physical damage or theft of private key data in cold storage. This marketplace also insures risks like cash in armored cars, cash in ATMs, etc. Generically, the way I think of this market is insuring value in transit. Crime policies would not generally cover the costs of incident response, PR costs, etc. Crime policies also don’t generally cover failures of the underlying currency (e.g. 51% attacks). Coverage for hot wallet exposures are also significantly more expensive than cover for cold storage alone.
The largest question and point of confusion in the market today is ‘how much insurance should a crypto company have, and what should it cover?’ There is an unfortunate amount of misinformation in industry marketing material around insurance. Our view is as follows:
Companies should focus on insurance for value in flight. This means that exchanges and wallets should have sufficient Crime coverage to fully cover their hot wallets (including enough buffer to handle asset price spikes). Custodians should have enough Crime insurance to cover normal outbound customer transaction sizes or enough to cover whatever assets are programmatically accessible if they’re not using cold storage.
Companies should NOT promise preferential status to specific customers on policies that are meant to cover all customers. This is commonly known as First Loss Payee status on a specific policy and it means that a specific customer gets preference for payouts under the policy. While we firmly believe that the future of cryptocurrency insurance is per-customer policies (see more on that below), we do not believe that assigning first loss payee status on what should be a policy meant to benefit all customers is the right way to get there.
Companies may insure cold assets, but it should be on a per-customer basis. Given the coverage limits (physical loss/damage and insider abuse), customers should think long and hard about actually paying for that coverage. Historically, offline assets have been extremely resistant to attackers. While we have seen cases of cold storage having failures in disaster recovery cases, the mitigation for that risk could take many forms. In the context of smaller or less mature offerings, insurance may be a viable risk mitigation. In the context of a large or mature offering, you may be able to mitigate that risk much more cheaply by requesting and reviewing documentation like SOC2 reports and making your own assessment of the resilience of your provider’s disaster recovery plans.
If you’re unsure what kind of insurance your service provider actually has, you have a few options. If you are using a consumer-oriented service, hopefully your service provider is publicly transparent about the type and limit of coverage they offer. Coinbase does this at coinbase.com/security. If you are a larger institution working on a bespoke contract with a service provider, you can request a Certificate of Insurance. That certificate will specify the type of insurance, Crime or Specie generally, the program limit and who provides the insurance.
While the cryptocurrency insurance marketplace has matured significantly since 2013, we still see a few gaps and areas of exciting growth. Coinbase is working actively with regulators and insurers to address each of these areas with innovative offerings.
- There is not enough risk transfer capacity in the market. The number of insurers who have invested their time in understanding cryptocurrency risks has increased dramatically over the past few years. Still, the demand for cryptocurrency insurance has increased even faster. We need more participants in this market. Coinbase is an active participant in educating the insurance marketplace to bring more insurers and more capital into the market.
- Policies are denominated in fiat but the assets are in crypto. This means that in bull markets it can be challenging for companies looking to grow insurance policy limits at the same pace as asset prices are moving. Insurers need to hold digital assets in order to offer policy limits denominated in cryptocurrency to avoid differences in valuation.
- Policies are generally written to exchanges or custodians, not directly to the owners of cryptocurrency. We need a world where the ultimate owners of cryptocurrency are able to directly insure their assets stored with trustworthy, well-reviewed, transparent service providers.