Update

Now Insured by Beazley & MunichRe

Clarisse Hagège
Clarisse Hagège
October 31, 2024
Read time:

Dfns' wallets-as-a-service platform has secured top-tier insurance coverage from MunichRe and Beazley. This achievement is yet another mark of trust we add to our record, showing our commitment to protecting digital assets and setting higher standards for transparency in crypto insurance.

We're proud to announce that Dfns has secured robust insurance coverage from two of the world’s largest insurers, MunichRe and Beazley, in collaboration with Vouch, marking a new chapter in our commitment to safeguarding digital assets. This milestone adds two tailored protections for crypto custody: "Cyber Crime Insurance" from MunichRe and "Professional Liability and Cyber Insurance" from Beazley.

The MunichRe policy provides €10 million in aggregate coverage, protecting against losses from theft due to employee fraud or external cyber breaches within our wallets-as-a-service platform, including custodial and non-custodial wallets. The Beazley policy provides an extra €2.5 million per claim in aggregate and annually, covering a range of risks from operational liabilities and security breaches to regulatory penalties, and business interruption.

In this post, we dig into the specifics of our insurance coverage and show how Dfns stands out by making sure our policies truly meet our clients' needs. We also invite vendors, peers, and regulators to join us in building an industry that prioritizes more transparent language and stronger client protections. For more information about our policies and security protocols, please reach out to us at sales@dfns.co.

Expanding our insurance protections

With this latest development, Dfns has obtained two layers of protection:

  1. Cyber crime insurance from MunichRe: This policy, underwritten by Great Lakes Insurance SE, offers up to €10 million in coverage. It protects Dfns against financial losses from theft due to employee fraud or external cyber hacks within our security systems. Each incident carries a deductible of €500,000, setting clear, substantial limits for addressing significant risk.   
  2. Professional liability and cyber insurance from Beazley: This policy provides €2.5 million per claim for a range of risks, from cyber incidents and data breaches to business interruptions and regulatory penalties. The Beazley policy ensures Dfns has strong fallback against operational and liability risks, strengthening our ability to recover quickly from disruptions while safeguarding user trust with real safety nets.

Breaking down the policy coverage

Insurance for digital assets can often be complex, with many exclusions and conditions. At Dfns, we make it a priority to clarify these details for our clients in simple terms:

  1. MunichRe Crime Insurance:some text
    1. Coverage: Includes loss resulting from malicious acts by employees or external breaches compromising the security of Dfns’ technology. Two primary scenarios are covered here:some text
      1. Employee fraud: Theft committed by an identifiable employee, acting alone or in collusion with others.
      2. External cyber breach: Theft resulting from a failure, breach, compromise, or violation of the security of Dfns' systems by a person not employed by Dfns.
    2. Excess coverage: This policy offers extra coverage, covering claims (up to the policy limit) that exceed the amount provided by other valid and collectible insurance or indemnity.
    3. Exclusions: Specific exclusions include state-sponsored attacks, terrorism, blockchain network failures (e.g., 51% attacks), and losses of assets owned by Dfns or its affiliates.
  1. Beazley Cyber and E&O Insurance:some text
    1. Coverage: Extends to operational liabilities from a wide range of potential risks, such as:some text
      1. Professional Services: Mistakes, oversights, or negligence in delivering Dfns' professional services.
      2. Tech Services: Mistakes, oversights, or negligence in providing Dfns' tech services.
      3. Tech Product: Mistakes, oversights, or negligence related to Dfns' tech products.
      4. Media: Defamation, libel, slander, or privacy rights violations.
      5. Data & Network: Data breaches, security incidents, or privacy policy violations.
      6. Regulatory Defense & Penalties: Fines and legal costs for regulatory actions related to data or security breaches.
      7. First Party Data & Network Loss: Losses from business interruptions, extortion costs, and data recovery expenses.
    2. Exclusions: Similar to the MunichRe policy, it excludes risks related to external blockchain network failures, mismanagement by other platforms, and unauthorized trading or improper use of the platform.

While our insurance coverage is extensive, it's important to acknowledge the limitations and exclusions:

  • The insurance does not cover any losses if they result from terrorism, war, or a cyber operation. 
  • Coverage does not extend to any total or partial outage or performance issues with power, electricity, internet, or any telecommunication service, including cable or satellite, that are outside Dfns’ control.
  • There is no coverage for ionizing radiation, radioactive contamination, or any exposure from nuclear fuel, nuclear plants, nuclear weapons, nuclear waste, or combustion of nuclear fuel; nor for any radioactive, nuclear, toxic, chemical, biological, biochemical, or electromagnetic weapon.
  • Digital assets that become inaccessible to Dfns but are not subject to theft are not covered.
  • Quantum computing and related technologies are not covered.
  • Events resulting from any use of copies of a Private Key Backup Package or Seed/Recovery Phrase by a licensee to sign transactions outside the Insured’s Digital Asset Technology Platform are not covered.
  • There is no coverage for events stemming from violations of applicable laws, regulations, or statutory requirements.

By sharing these details openly, we provide clarity for clients, empowering them to make informed decisions regarding their digital asset security.

A brief history of crypto custody insurance

The journey of insurance in the crypto world has been dynamic and intertwined with the industry's own maturation. From hesitant beginnings to the sophisticated policies of today, it reflects a growing understanding of digital asset risks and the evolving needs of custodians and investors.

The early years were marked by uncertainty. From 2013 to 2017, iInsurers grappled with the novel risks of blockchain technology and cryptocurrencies, leading to limited and often experimental coverage.

  • First movers: Lloyd's of London emerged as an early pioneer, offering basic policies for small exchanges and wallet providers. However, these early policies were restrictive, with low coverage limits and a lack of clarity regarding cyber-specific risks.
  • Challenges: The nascent stage of the crypto industry, coupled with a lack of historical data and established risk models, made it difficult for insurers to accurately assess and price risk.

From 2018 to 2019, a series of high-profile hacks, including Coincheck’s $530 million loss and BitGrail’s $170 million loss, exposed the vulnerability of crypto custodians to theft and fraud. This spurred the development of specialized crime insurance policies.

  • Focus on theft and fraud: Policies began to specifically address the risks of malicious attacks targeting digital assets, covering losses from hacking, social engineering, and employee theft.
  • Key developments: Companies like BitGo and Coinbase secured significant crime insurance coverage, signaling a growing recognition of the unique security challenges in the crypto space.

Then, in 2019 and 2020, The need to insure cryptocurrencies held in cold storage (offline) led to the adaptation of specie insurance, traditionally used for physical valuables like gold and art.

  • Coinbase led the way: Coinbase secured a landmark $255 million specie policy from Lloyd's for its cold storage holdings, demonstrating the viability of this insurance type for digital assets.
  • Growing acceptance: Other custodians followed suit, recognizing the importance of insuring offline assets against physical theft, damage, or destruction.

As institutional interest in crypto grew, so did the demand for more robust insurance coverage. Major insurance players like Aon, Lloyd’s, and Marsh entered the market in 2020-2021, offering policies with significantly higher limits.

  • Large-scale coverage: Custodians like Anchorage, Gemini, and BitGo obtained coverage exceeding $100 million, reflecting the increasing value of digital assets under management.
  • Industry standardization: Insurance brokers and underwriters began developing specialized expertise in digital assets, leading to more standardized policy terms and conditions.

Since 2021, the industry has been tackling a full range of evolving risks with greater experience, proven track records, and safer underwriting practices. We now understand the patterns. While the insurance landscape keeps changing, a focus on holistic approaches has become a priority to address the full spectrum of risks faced by crypto custodians.

  • Combined coverage: Policies now often combine crime and specie insurance, protecting both online and offline assets.
  • Emerging threats: Insurers are grappling with new challenges, such as the risks posed by quantum computing, decentralized finance (DeFi) exploits, and evolving regulatory landscapes.
  • Focus on technology: Insurers are increasingly scrutinizing the technology and security practices of crypto custodians, with a focus on robust key management systems, multi-factor authentication, and disaster recovery plans.

The types of insurance in crypto custody

Crypto wallet and custody insurance offers different types of coverage to handle specific risks in digital assets. Knowing these options is important to make better decisions in protecting your digital assets.

  • Crime Insurance protects against theft and fraud, whether from internal employees or external attackers. For digital assets, this coverage is critical in cases of stolen funds, covering both insider threats and external hacks. Dfns’ MunichRe policy, for example, is a cyber crime insurance covering digital assets in our custodial and non-custodial wallets. This protection includes coverage for employee fraud and cyber breaches, providing Dfns with an essential security layer against malicious activity.
  • Specie Insurance, traditionally for physical valuables like gold or artwork, has been adapted for offline-stored cryptocurrencies, such as those in cold storage vaults. It typically excludes hot wallets and online transactions, focusing instead on offline assets where physical theft is a primary risk. For instance, Coinbase’s specie insurance with Lloyd’s covered only offline holdings. By focusing on cold storage, specie insurance mitigates physical security risks, though it leaves online assets needing other types of coverage.
  • Cyber and Errors & Omissions (E&O) Insurance goes beyond crime insurance to protect against data breaches, operational risks, and business interruptions. This coverage is essential for wallet and custody providers managing complex technology and facing diverse liabilities. For example, Dfns’ Beazley policy protects against a wide range of disruptions, from regulatory fines and breach costs to liabilities from network security issues. This insurance helps Dfns manage operational risks in a digital landscape, ensuring reliable, consistent service.
  • As the crypto insurance market has evolved, Combined Policies have become popular, covering both crime and specie risks in a single plan. These policies are favored by large custodians as they provide broad coverage across both online and offline assets. While the policy addresses both storage environments, it separates coverage by storage type (online vs. offline) to meet their specific security needs. This dual approach allows custodians to confidently manage risks across all storage types, covering theft, fraud, and other operational concerns.

Addressing malpractice in the crypto industry

Unfortunately, too many custody and wallet providers in the digital asset industry create confusion around their insurance policies by hiding important details or making them sound more extensive than they really are. For instance, a UK-based custodian that went bankrupt last year advertised "industry-leading" crypto insurance but left out key transparency details, such as:

  • Separate client coverage: Their insurance didn’t automatically include clients. Clients needed to buy separate policies to be covered. This setup might mislead clients into assuming they have coverage when they actually don’t.
  • Conditional “insurability”: They had only received an insurer's statement that their technology could potentially qualify for insurance. This isn’t a guarantee of coverage; it just means the technology might meet requirements, which is not the active coverage clients typically expect.
  • Reselling insurance: They also operated as an insurance reseller, adding complexity and risk. In some areas, reselling insurance without full regulatory compliance can cause legal issues, potentially leaving clients facing policy denials or regulatory complications.

Why Dfns prioritizes direct coverage

Dfns has made it a priority to ensure that our insurance policies explicitly cover the operations of our wallet platform without ambiguous terms or add-on requirements. By fully disclosing what our coverage entails, we aim to provide clients with a clear understanding of what protections are—and are not—included. If you’re interested in reading more about them, please contact sales@dfns.co and we’ll set up a call to walk you through the inclusions and implications of our insurance coverage.

The lack of transparency about who and what is covered often results in clients mistakenly assuming they have comprehensive protection. In reality, many policies are limited to the platform itself, leaving users unprotected in cases of mismanagement or misuse of the platform. Our approach at Dfns not only ensures robust platform protection but also encourages clients to adopt best practices for safe wallet management.

The future of crypto wallet insurance

Securing robust insurance policies is just one facet of Dfns’ commitment to security and transparency. In partnership with insurance brokerage firms like Vouch, we continue to work on multiple fronts to elevate industry standards, promote best practices, and offer solutions for clients with advanced security needs. To strengthen and clarify crypto wallet insurance policies, we focus on several key actions:

  1. Educating Insurers: We work directly with underwriters to develop policies that address the specific risks of digital assets. By educating insurers on emerging security technologies, like Circuit, Station70, and Coincover, we’re improving coverage options. These disaster recovery tools boost insurers' confidence, and their adoption across the industry is helping expand coverage.
  2. Collaborating on Technical Standards: Dfns partners with global standards bodies like NIST to integrate FIPS-certified Multi-Party Computation (MPC) libraries into our wallet platform. We also contribute to technical frameworks that clarify and classify blockchain, wallet and transaction security requirements, making it easier for underwriters to assess crypto asset risks accurately.
  3. Supporting Regulatory Transparency: As regulations around digital asset custody become clearer, insurers feel more confident in offering higher coverage. This regulatory clarity helps insurers better evaluate risks and expands the industry’s capacity for insurability.
  4. Enhanced Security Integrations: Our Bring Your Own Device (BYOD) API lets clients connect their own FIPS-certified hardware security modules (HSMs) from providers like Thales, IBM, Securosys, or Yubico. This flexibility enables clients to exceed our standard coverage with additional security protocols, especially beneficial for enterprises seeking maximum risk mitigation. It’s important to note that our policies are tailored to our SaaS offering, with the option for extended coverage for clients requiring heightened security.

Authors