I deposited $10,000 USDC into a new yield farm promising 20% APY. A week later, a hacker exploited a “re-entrancy bug” in the smart contract and drained the pool. My balance showed $10,000, but the liquidity was zero. I went to Nexus Mutual, where I had bought cover. They opened a vote.
Key Takeaways
- “Discretionary Mutual” vs. Insurance: Nexus Mutual (and others like Unslashed) are not insurance companies. They are member-owned cooperatives. Claims are decided by a vote of the members, not a legal contract.
- Specific Risk Coverage: You usually buy cover for specifically “Smart Contract Bugs.” This covers code failure. It often excludes “Rug Pulls” (dev theft) or “Economic Attacks” (oracle manipulation).
- The Voting Process: You have to submit proof. The “Claims Assessors” vote. If the community decides it wasn’t a “hack” but “intended behavior” or user error, you get nothing.
- Capacity Limits: You can only buy cover if there is enough staking capacity on that specific protocol. New/risky protocols often have zero capacity available.
The “Why” (The Trap)
The trap is “Protocol vs. Frontend.”
If the website (frontend) is hacked and sends you to a fake address, “Smart Contract Cover” does not pay. That is a phishing attack.
The cover strictly applies if the code on the blockchain fails to execute as written due to a bug.
The Investigation (I Bought Cover)
I tested the process on Nexus Mutual.
Buying Cover
- Process: I had to KYB (Know Your Business) or KYC in some cases. I paid a premium (approx 2.6% per year) in ETH/NXM.
- Scope: I selected “Protocol Cover.” It covered: Code bugs, Oracle failure, Economic design failure.
The Claim
- Scenario: A flash loan attack.
- Result: Historically, Nexus pays out for clear code exploits (like the Euler Finance hack). They deny claims for “Soft Rugs” or “Key Compromises” where the admin key was stolen (unless specifically covered).
Comparison Table
| Event | Protocol Cover (Nexus) | Custodial Cover | Standard Insurance |
| Code Bug (Re-entrancy) | Covered | No | No |
| Oracle Manipulation | Covered (Usually) | No | No |
| Dev Steals Funds (Rug) | Denied | No | No |
| Frontend Phishing | Denied | No | No |
Step-by-Step Action Plan
- Read the Cover Wording: Before depositing in a DeFi pool, go to Nexus Mutual or Sherlock. Check if cover is available. If no one is willing to underwrite it, the risk is too high.
- Buy Cover BEFORE the Hack: You cannot buy it retroactively.
- Diversify Platforms: Don’t put 100% in one protocol. “Protocol Risk” is the highest risk in crypto.
- [IMAGE: Screenshot of Nexus Mutual dashboard showing ‘Get Quote’ for a specific protocol]
- Monitor the “Assessors”: If a hack happens, engage in the discord. Present your evidence clearly to the assessors to sway the vote.
FAQ
Is Nexus Mutual regulated?
It operates out of the UK/DAO structure but is not a traditional regulated insurer in the US. You cannot complain to your state insurance commissioner.
What is “Peg Cover”?
Insurance specifically if a stablecoin (like USDC) drops below $0.90.