Guide to Insurance
BitGo has been a pioneer in establishing the Bitcoin & Digital Asset Insurance capabilities for custodians dating back to 2015. Over the years, we’ve built the most comprehensive package available, which many exchanges and custodians have replicated with varying degrees of success. Whether you’re looking to buy digital asset insurance or whether you want to understand the options, here’s what you need to know!
tldr;
- you can’t simply compare two coverage limits; not all policies cover the same risks
- there isn’t enough global insurance coverage for all service providers and their assets under custody
- cold storage & multi-signature technologies, combined with SOC audits and operational controls are the key to low insurance rates and more coverage
Coverage Limits
Most clients simply look for the coverage limit of a service provider. The insurance coverage limit is indicative of the financial health of the service provider in terms of their ability to afford insurance, and also the ability of that service provider to acquire insurance at affordable rates. Companies with stronger security models, audits, and controls always are able to carry more insurance because the insurance policy rates are significantly lower. Examples of risk-reductions leading to lower priced insurance include: cold storage, SOC-controls, multi-signature capabilities, and geographic dispersion of keys. The difference in rates can be significant. Hot storage insurance, such as what you get with MPC wallet technology, generally costs 1.75 – 3.00% per year! Cold storage wallet solutions, by contrast, generally carry rates significantly below 1%.
At BitGo, we have a $250M shared pool limit with excess insurance available to clients that purchase it. The excess cover currently employed by clients at BitGo is over $500M, making the total cover at BitGo $750M, the largest in the industry, and still growing.
Global Coverage Capacity
As you look for service providers, you need to be aware that the digital asset insurance market is pretty small. The exact size of total insurance is unknown, but is estimated to be around $5-7B of total coverage shared globally. Given that the market cap of crypto today is about $2.8T, that means insurance is only available to cover a tiny fraction – less than 1% – of all crypto available.
Worse, $5-7B is smaller than the amounts held at many custodian’s and exchanges. Even if BitGo or Coinbase bought 100% of the available insurance supply, we wouldn’t be able to cover all of the assets held in custody. On the surface, this sounds terrible. But there is good news: digital asset technology does provide security provisions which, if used properly, can stretch insurance over a larger pool of assets. For example, at BitGo, if you wanted to store $1B of Bitcoin with us, we wouldn’t store it all in one big wallet. Rather, we’d break it up into multiple wallets, of less than $200M each, each with independent keys. Further, we’d rebalance wallets over time as prices fluctuate, to minimize the chance of a single-wallet compromise that could exceed the insurance policy. Further, because client funds are generally segregated and split, most wallets remain dormant for very long periods of time. In fact, if there are deposits and withdrawals, we will generally only use one of those wallets for transactional needs to further reduce access to wallets that can otherwise be held with keys dormant.
As you select your custody provider, make sure they have good policies about how they segregate funds internally. Not all custodians segregate funds on-chain or enable rebalancing and other security protections which can extend insurance policies effectively.
Covered Risks
The most difficult part of evaluating any two service providers is understanding what their insurance policy actually protects against. Just because a company has insurance doesn’t mean that all assets are covered or even that the same risks are covered. Unfortunately, no two policies are alike!
Years ago, I heard from another company that their insurance policy rate was about 1/3rd the price of what BitGo was paying at the time. Of course I was interested in finding out how to reduce BitGo’s insurance costs, so we reached out to their broker right away. The broker was very straightforward and honest and quickly told me, “First off, you need to know that our policy is very good, but it doesn’t cover all risks. It won’t cover any hacks.” I was shell-shocked; how could any digital asset custodian possibly be interested in an insurance policy which doesn’t cover the one vector of risk that our clients care about most? Obviously BitGo did not switch to that low cost provider and stayed a better policy.
However, to this day, I know many digital asset companies are still using that “cheapo” insurance. They claim to have large amounts of insurance just like BitGo does. But theirs doesn’t cover hacks at all, while BitGo’s does. It’s so fundamentally different you can’t even compare.
When selecting your service provider, check to see what risks are protected. Some things to check:
- insider theft
- hacks
- technology failure
- geographic / natural disaster
Geographic risk coverage may sound unsual for digital assets, but remember that some custodians use single-signature wallets (not BitGo, of course!). This means that a natural disaster at the wrong location could lead to catastrophic loss. BitGo’s 100% multi-signature and threshold technology cold storage means that we can always store the 3 keys at least 1000 miles apart from each other. BitGo was the first digital asset insurance to carry this feature, and I believe that even today, BitGo is the only provider in the industry to offer it.
Quality of Underwriter
All of us want to ensure that a loss event does occur, that the insurance underwriter will pay the claim. Given that insurance policies in crypto tend to be measured in the 10’s or 100’s of millions of dollars, the underwriter matters a lot. One of the highest reputation underwriters is the Lloyd’s of London syndicates. These underwriters are known for their long-standing in the industry and ability to pay in the event of a loss event. While there are many underwriters out there, make sure you evaluate whether the coverage you think you’re buying is being provided by someone who will stand by their policy when you need it.
Beware of Additive Policies
Some service providers in the space use multiple service sub-providers, which may provide insurance. We’ve definitely seen marketing of policies where the sub-provider policies are simply added up, enabling the service provider to advertise a very large number. Remember, just because a service provider has a policy or a sub-provider policy, it does not mean that your assets are insured there. The additive policy might claim to have $500M of insurance from 3 different sub-providers. But if you store $500M yourself at that provider, it is unlikely each of the sub-providers would help with your recovery.
Beware of Fake Coverage
Some service providers will advertise a sub-provider’s policy as their own. Years ago, BitGo had a client, call him Alex, using BitGo for custodial and non-custodial wallets. At the time, Alex liked to tell his customers that he used BitGo, with $100M of insurance. But Alex wasn’t simply holding onto the assets in BitGo wallets, he was doing other things with his client’s assets, and very little was actually stored in BitGo. While it is true that any assets Alex held with BitGo in cold-storage were be covered if BitGo lost the funds, it did not mean that BitGo covered losses for Alex if funds were not stored at BitGo. After inquiries from Alex’s customers, we tried to get Alex to change his marketing, but could never come to agreement. Eventually, in 2020, we were forced to drop Alex as a client because of his misleading insurance claims. To this day, I do believe many service providers are less-than-forthcoming about what assets are stored with custodians like BitGo and covered by insurance. Make sure you clearly understand who holds the policy and which assets are insured. No insurance underwriter ever backs a policy protecting assets which are not in the direct care of the policy holder.
Hope this was helpful!