How Nexus Mutual Can Protect People Against Prominent DeFi Risks
It's evident that vulnerabilities are inherent within DeFi, no matter how battle tested a protocol's smart contracts are. In Q1 & Q2 2023, more than $639m was lost due to hacks according to Immunefi's crypto losses reports. In Q3, nearly $100m has been lost due to exploits so far.
Some of the largest DeFi protocols—Balancer and Curve—have suffered losses in the last month. If major DeFi protocols with battle-tested contracts are prone to exploits, how can users ensure their funds are safe when they deposit crypto into new and established protocols?
Let's talk about the protections Nexus Mutual's Protocol Cover provides.
Protocol Cover from Nexus Mutual
Protocol Cover is designed to protect people against the largest risks in DeFi, including:
Exploits and hacks
Oracle manipulation/failure
Severe liquidation failures
Governance attacks
To date, members have approved claims worth more than $17.9m to people who suffered losses due to past exploits and technical failures. Review Nexus Mutual's claim history to learn more about past claim outcomes.
To highlight the protections Protocol Cover provides, let’s look at what happened with some of the recent Curve, Balancer V2 and Exactly Protocol exploits.
The Curve Exploit: $20m lost due to a vulnerability within the Vyper compiler
At the end of July 2023, several Curve Finance liquidity pools were exploited for a loss of $73m due to a reentrancy vulnerability. Through the reentrancy attack, the hackers were able to repeat a request and drain the four liquidity pools. In the aftermath, some of the attackers returned $53m worth of assets that were stolen from three of the four liquidity pools, while the remaining crypto assets from the CRV/ETH pool have not been–and may never be–recovered.
The vulnerability allowed the attackers to bypass the reentrancy protections and steal crypto from several pools.
The Protocol Cover wording protects against losses where "a smart contract code bug or error result(s) in the Designated Protocol being used in an unintended way."
If users who lost funds in the CRV/ETH pool held Curve Protocol Cover, they would have been protected against this loss event.
Balancer V2 warned of critical vulnerability, suffered $900k loss
On 22 August, Balancer identified a crucial vulnerability that affected over 100 of its V2 pools on eight blockchains. While Balancer advised LPs to withdraw funds from V2 pools, some users were unable to withdraw their funds within the few days after the team’s announcement and attackers were able to drain $900k from select liquidity pools.
If these LPs would have purchased Balancer V2 Protocol Cover before the vulnerability announcement, they would have been protected against this loss event, per the terms outlined in Nexus Mutual's Protocol Cover wording.
Exactly Protocol hacked for $7.6m loss
On 18 August, the Optimism-based Exactly Protocol was exploited and hackers were able to steal $7.6m. The Exactly Protocol team published a post mortem of the attack and highlighted future security measures to prevent future hacks.
Exactly Protocol Cover was available from Nexus Mutual. Because the loss was caused by an exploit of Exactly's DebtManager contract, this would have been covered according to the Protocol Cover terms and conditions.
Nexus Mutual’s Protocol-Level Protection: Native Protocol Cover for Teams
While individual users can purchase Protocol Cover to protect their productive crypto positions in DeFi, protocol teams can proactively buy cover on behalf of users and protect against losses due to exploits.
With the recently launched Native Protocol Cover, teams can add a significant layer of protection to protect against losses, further user adoption, and, if the worst should happen, survive a hack and restore users’ funds within a timely manner.
Security best practices within DeFi include Solidity audits and bug bounty programs. While these can catch vulnerabilities before they can be exploited, it can’t protect users against a worst-case scenario. Native Protocol Cover can cover users at the protocol level when they need protect most.
If you are a protocol development team, reach out to learn more about or get a quote for Native Protocol Cover.
Ecosystem Updates
Recent developments within the Nexus Mutual ecosystem.
Expanding Access to Protocol Cover on Base and Optimism with OpenCover
Within the last week, the DeFi coverage aggregator OpenCover has launched on Base and Optimism—now anyone can purchase Nexus Mutual's Protocol cover on L2! Nexus Mutual is the sole underwriter for OpenCover's launch; the OpenCover team is working to expand access to comprehensive protection as more people participate in DeFi on L2.
If you're using 1Inch, Aave v3, Angle, Beefy, Curve Finance, Morpho, Perpetual Protocol v2, Safe, Synthetix, Uniswap v2, Uniswap v3, or Yearn Finance on Base or Optimism, you can buy Protocol Cover natively on L2 and protect yourself against the biggest DeFi risks.
With OpenCover's launch on L2, more retail users can access the best on-chain protection available in DeFi.
Learn more about buying Protocol Cover natively on Base or Optimism on OpenCover.
Powering Uno WatchDog with Quota Share Cover
UnoRe's WatchDog incentive-aligned auditing and threat detection service is helping DeFi protocols ensure their codebase is ready for production, free of flaws, and secure after the auditing process is complete.
Nexus Mutual and UnoRe announced the Quota Share Cover partnership in August 2023. The UnoRe team has built a staking pool on top of the Nexus Mutual protocol and has been using Quota Share Cover to underwrite more coverage for their clients.
Read UnoRe's announcement of the partnership on their blog to learn more.
Protection at the Protocol Layer with Sherlock’s Incentive-Aligned Audits and Quota Share Cover
Since 2022, Sherlock has been building on top of the Nexus Mutual protocol and purchasing Quota Share Cover. Sherlock is an industry leading auditing and smart contract coverage protocol that provides up to $5m of coverage after each audit. Through their partnership with the mutual, Sherlock is able to offset a portion of their risk with Quota Share Cover.
Every time Sherlock sells coverage, they buy Quota Share Cover from Nexus Mutual for a percentage of the cover amount and those cover fees flow into the capital pool. By working together, Nexus Mutual and Sherlock are expanding access to protection at the protocol layer.
Learn more and explore Sherlock's staking pool in the Nexus Mutual user interface.
ETH Allocation in Kiln Active, Earning Staking Rewards
Last week, the Avantgarde team provided an update about the mutual's ETH allocation to Kiln via Enzyme. In July, members voted in favor of NMPIP 196, a proposal put forward by the Avantgarde team to allocate 6,624 ETH from the Nexus Mutual Enzyme vault to earn staking yield through Kiln.
After members' approved this NMPIP, the Avantgarde team updated the vault's parameters and initiated staking in Kiln, which was subject to a queue to be staked in the Beacon Chain contract. Now that the ETH staked via Kiln is actively earning rewards, members are earning ~3.21% APY on this ETH allocation.
This puts the aggregate ETH value Nexus Mutual's LST capital pool investments at ~54,000 ETH! For the latest capital pool investment update, see the recap from our recent community call.
The Staking Dashboard is Live on Dune
Within the Nexus Mutual DAO, we prioritize transparency. To improve protocol transparency, the DAO teams have been working hard to create detailed data dashboards for Nexus Mutual members.
We're happy to announce Nexus Mutual DAO’s latest Dune dashboard—the Staking dashboard! We'd like to thank the DAO R&D team for their efforts in building this incredible Dune dashboard. You can view the Staking Dune dashboard and find:
Total staked NXM
Max and average Staking APY
Staking allocation per cover product
And more
Staking is one of the primary ways Nexus Mutual members share risk with each other. If you'd like to learn more about staking, take a look at the Staking entry in the Nexus Mutual docs or check out the overview of NXM staking from this community call in June.
Nexus Mutual in the news
Throughout the summer, Nexus Mutual has made headlines in crypto and TradFi media outlets.
Here are some of the recent press coverage of Nexus Mutual’s partnerships, member-driven investment decisions, and more. Please take a look, and if you like what you’re reading, help us spread the word!
In collaboration with Geneva Association, a report: “Assessing the Potential of Decentralised Finance and Blockchain Technology in Insurance”
Reinsurance News: “InShare and Nexus Mutual partner to enhance coverage for UK independent retail businesses”
CoinDesk: “Decentralized Insurance Alternative Nexus Mutual Provides Cover to UK Shopkeepers”
InsurTech Insights: "Decentralized Insurance Provider Nexus Mutual Partners with InShare to Offer Coverage to UK Shopkeepers”
The Block: “Figment partners with Nexus Mutual to enhance Ethereum slashing cover”
The Block: “Nexus Mutual diversifies $27.3 million into Rocket Pool ETH using CoW Swap”
Blockworks: “Fearful of being slashed on Ethereum? Here’s a staking service with on-chain insurance”
Resources
You can find the August updates from the Nexus Mutual community below:
Nexus Mutual is fully transparent. You can verify the information within this newsletter and learn more about the mutual through the resources below:
Thanks for reading!
We look forward to seeing you at our next Community Call on the Nexus Mutual Discord on 12 September (Tuesday) at 1pm UTC!