I run a small web3 startup. We held $500,000 in stablecoins in a corporate Gnosis Safe for payroll. A hacker compromised one of our signers’ laptops and drained the treasury. I thought our “Business Owners Policy” (BOP) covered theft. I was wrong. It covered “Money and Securities” up to $10,000.
Key Takeaways
- Commercial Crime vs. Cyber: You need a specific “Commercial Crime” policy with a “Digital Assets” endorsement. Standard business policies treat crypto like cash, with very low sub-limits (
5k−5k−10k). - The “Direct Loss” Requirement: The policy must cover “Computer Fraud” or “Funds Transfer Fraud” by a third party.
- Security Requirements: Insurers will not cover you unless you use Multi-Sig (Multi-Signature) wallets and hardware keys (YubiKeys). If you held $500k in a hot wallet on a laptop, they will deny the claim for “Failure to Maintain Security.”
- Employee Theft: If it was an “inside job” (a dev stole the keys), you need “Employee Dishonesty” coverage.
The “Why” (The Trap)
The trap is the Definition of “Money.”
In 2026, many insurers still define money as “currency, coins, and bank notes.” They exclude “virtual currency” unless explicitly added.
Also, the “Voluntary Parting” exclusion applies to businesses too. If your CFO was tricked into signing the transaction (CEO Fraud), standard Crime policies might deny it unless “Social Engineering” is added.
The Investigation (I Quoted Commercial Policies)
I approached three major commercial insurers for a crypto startup.
Evertas
- Specialty: They focus only on crypto.
- My Analysis: They offer the highest limits ($10M+). They understand cold storage vs. hot wallets. They require a rigorous security audit before binding.
Coalition (Cyber)
- Specialty: Cyber and Tech E&O.
- My Analysis: Great for “Funds Transfer Fraud” (phishing). They actively scan your smart contracts and wallets for vulnerabilities. If you fail the scan, they won’t insure you.
Hartford (Standard BOP)
- My Analysis: Good for the office furniture and laptops. Useless for the crypto treasury.
Comparison Table
| Policy Type | Covers Crypto Theft? | Limit | Requirement |
| Standard BOP | No (or very low cap) | $10,000 | Basic Locks |
| Cyber Insurance | Yes (Funds Transfer Fraud) | $250k – $1M | MFA / Training |
| Specie / Crime (Evertas) | Yes (Cold/Hot Wallet) | Full Value | Multi-Sig / Audit |
Step-by-Step Action Plan
- Switch to Multi-Sig: Use a Gnosis Safe (Safe) with at least 2-of-3 or 3-of-5 signers. Never hold corporate funds in a single-key wallet.
- Buy “Commercial Crime” with “Virtual Currency” Rider: Explicitly ask the broker: “Does this policy definition of Money include Cryptocurrency?” Get it in writing.
- [IMAGE: Highlighted section of an insurance policy definition page showing ‘Virtual Currency’ included]
- Segregate Duties: The person who initiates the transaction should not be the same person who signs/approves it. This is basic financial control required by insurers.
- Cold Storage for Reserve: Keep 90% of funds in cold storage (offline). Keep only 10% in the hot wallet for payroll.
FAQ
Does FDIC cover business crypto accounts?
No. Never.
What if the ‘Signer’ loses their key?
That’s why you use Multi-Sig. You can rotate the key without losing funds.