Coinbase has revealed the details of its insurance arrangements for cryptocurrency held on customers’ behalf, a rare move in an opaque market.
In a blog post published Tuesday, Philip Martin the exchange’s vice president of security, confirmed that it is covered for up to $255 million for coins held in so-called hot wallets – in other words, assets which are essentially online and open to potential hacks. CoinDesk first reported in November that Coinbase’s coverage was in this ballpark.
San Francisco-based Coinbase holds less than 2 percent of customers’ assets in hot wallets, with the remaining 98 percent at arm’s length from third-party attacks in cold storage, where the private keys are offline, the company told CoinDesk. (At its height during the crypto bull market, the company stored $25 billion worth of assets on customers’ behalf, but the company would not provide a recent figure.)
This policy was placed by Lloyd’s registered broker Aon and sourced from a global group of US and UK insurance companies, including certain Lloyd’s of London syndicates, Martin’s blog post said. He did not name the individual underwriters.
Lloyd’s, which gathers under one roof a range of specialist insurance markets dealing with everything from crime and cyber attacks to natural disasters, is viewed as a seal of approval when it comes to underwriting potential losses of crypto assets.
Previously secretive about publicizing anything about insurance of digital assets, Lloyd’s is steadily becoming more visible, for a certain class of crypto customer at least.
For instance, last month security specialists BitGo trumpeted $100 million of cover for crypto held in cold storage and went as far as naming the lead Lloyd’s underwriter of the policy.
In fact, much of Martin’s post could be read as a veiled dig at BitGo, since he talks about “recent news and announcements” around crypto insurance, suggesting a lot of “confusion” still exists. He then advises firms to focus on hot wallet cover as opposed to cold storage, where value is “at rest” and therefore not so much at risk.
Regarding Coinbase’s blog post, Clarissa Horowitz, VP marketing, BitGo, told CoinDesk via email:
“We’re glad to see that Coinbase is following our lead in bringing more transparency to the discussion of insurance for digital assets. Insurance is complex and transparency is essential for building trust.”
Crime vs. specie
As well as being more transparent about Coinbase’s insurance cover, Martin took the opportunity to blog about some of the things the vex him about the nascent market for crypto insurance.
For a start, by far the most likely consumer loss scenario for any cryptocurrency company is hot wallet loss due to hacking, he wrote. Because of this fact, coverage for hot wallet exposures is significantly more expensive than the cover for cold storage alone, noted Martin.
Moreover, hot wallet cover is provided specifically by the crime insurance market, which is different and separate from the cold storage variety, which is covered by the specie insurance marketplace.
Crime policies cover what he calls “value in transit,” which traditionally has included theft of things like cash in ATMs and armored cars. In crypto, this type of insurance would cover losses due to hacking, insider theft, and fraudulent transfer. Included in this are fiat currency and hot wallet cover in addition to the physical damage or theft of private key data in cold storage.
The specie market, on the other hand, generally insures “value at rest,” such as fine art, precious metals and the like when in a vault or on display. For digital assets, then, specie policies available in the market today focus exclusively on physical damage or loss of private keys (including employee misuse or theft) in cold storage.
Insuring the former risk is more important, Martin argued:
“Companies should focus on insurance for value in flight. This means that exchanges and wallets should have sufficient crime coverage to fully cover their hot wallets (including enough buffer to handle asset price spikes).”
As such, custodians should have enough crime insurance to cover normal outbound customer transaction sizes or enough to cover whatever assets are programmatically accessible if they’re not using cold storage, he said.
The blog also pointed out that specie policies do not generally cover hacking in the traditional sense of the word, nor would they likely cover any kind of blockchain-specific failure. For example, such a policy would not cover a loss of funds that occurred due to an on-blockchain failure, such as a vulnerable smart contract multi-signature implementation.
“The best use of specie policies is as a hedge against major natural or regional disasters, or insider theft/destruction of private key material,” Martin added.
Short on capacity
Looking ahead, Martin pointed to the disconnect given that policies are denominated in fiat but the assets are in crypto. This means that in bull markets it can be challenging for companies looking to grow insurance policy limits at the same pace as asset prices are moving.
The solution, he said, would be insurers holding digital assets in order to offer policy limits denominated in cryptocurrency to avoid differences in valuation.
In addition, policies are generally written to exchanges or custodians, not directly to the owners of cryptocurrency.
“We need a world where the ultimate owners of cryptocurrency are able to directly insure their assets stored with trustworthy, well-reviewed, transparent service providers,” wrote Martin.
Despite improvements in understanding on behalf of insurers and brokers, there is still not enough capacity in the market, Coinbase asserted. (In the case of some larger crypto exchanges, this lack has been plugged by simply setting aside thousands of bitcoin in case of a hack.)
The demand for cryptocurrency insurance has increased faster than new entrants coming in, noted Martin, concluding:
“We need more participants in this market.”
Pic: Coinbase company offices, courtesy of Coinbase