Jeremiah Smith from OpenCover on DeFi Insurance
What We Discuss With Jeremiah Smith
Since 2017, over $8b has been lost on-chain due to smart contract hacks, infrastructure issues and rugpulls according to DeFiLlama.
The figure becomes even larger when you count phishing attacks and scam coins.
Yet today the vast majority of on-chain transactions and protocol positions aren’t protected… for example if you look at DeFi current TVL which is around $80B, there is only about $100m which is covered or insured against protocol risk, only a fraction of a percent.
Today safety remains one of the fundamental bottlenecks to web3 adoption, but to really push web3 into the mainstream, we need to make risk a feature, not a bug.
One company that is on a mission to make DeFi safe and accessible is OpenCover, and it’s raison d’être is to protect you on-chain.
Since 2022, OpenCover has protected thousands of businesses and individuals against on-chain transaction and protocol risks.
On Episode 73, I spoke with its Co-Founder & CEO, Jeremiah Smith, who provided us a short masterclass into DeFi cover and Insurance, and how finance & accounting professionals at web3 startups & DAOs can mitigate their on-chain risks.
Shownotes
- (0:00) TAQ Intro
- (1:08) Episode Intro
- (3:05) Jeremiah’s background
- (5:00) 3 main onchain risks
- (8:15) Financial impact of onchain risks
- (10:03) Best practices for keys management
- (11:30) Protecting against transaction & post-transaction risk
- (14:08) How to mitigate protocol risk
- (16:45) Thanks to our sponsor Harris & Trotter
- (18:49) Insurance for tokenized T-Bills
- (20:52) How to choose DeFi Cover
- (26:10) When should CFOs consider DeFi insurance
- (28:35) Overview of OpenCover
- (32:56) Thanks to our sponsor Web3 Finance Club
- (34:38) Is OpenCover an underwriter
- (37:42) Pricing
- (38:54) The future of AI & DeFi Insurance
- (41:45) OpenCover partnership
- (44:28) Challenges for adoption
- (46:11) Closing Thoughts
- (47:14) Jeremiah's Pablo Picasso Maxim
- (48:44) Reach out to Jeremiah
[00:00:00] Umar: Welcome to The Accountant Quits, brought to you by Harris and Trotter Digital Assets, a UK based firm specializing in accounting, tax, audit, and advisory services for digital assets serving clients worldwide.
[00:00:14] Umar: With a clientele of close to 600 crypto native projects, Harris & Trotter is now offering a scholarship and job guarantee to students of the Crypto Accounting Academy, and you can learn more at theaccountandquits.com/scholarships or keep listening to this episode where I share who is eligible and how to apply.
[00:00:33] Umar: And the Web3 Finance Club, a community of web3 CFOs sharing best practices on web3 operations.
[00:00:42] Umar: On this podcast, we discuss how blockchain will impact the accounting profession and how accountants should prepare themselves for the future of work.
[00:00:51] Umar: My name is Umar, your host, and even if some might refer to me as the accountant gone rogue, my job is to provide you with the blockchain knowledge you need that will be relevant for the accounting industry as a whole.
[00:01:04] Umar: Welcome to Episode 73.
[00:01:07] Umar: Since 2017, over $8 billion has been lost onchain due to smart contract hacks, infrastructure issues and rug pulls according to DeFiLlama.
[00:01:18] Umar: The figure becomes even larger when you count phishing attacks and scam coins.
[00:01:23] Umar: Yeah today, the vast majority of on chain transactions and protocol positions are not protected. For example, if you look at DeFi current total value locked, which is around $80 billion, there is only about a $100m which is covered or insured against protocol risk, which is only a fraction of a percent.
[00:01:44] Umar: Today safety remains one of the fundamental bottlenecks to web3 adoption, but to really push web3 into the mainstream, we need to make risk of feature and not a bug.
[00:01:55] Umar: One company that is on a mission to make DeFi safe and accessible is OpenCover And it's raison d'etre is to protect you on chain.
[00:02:05] Umar: Since 2022, OpenCover has protected thousands of businesses and individuals against onchain transactions and protocol risk.
[00:02:14] Umar: Today I have the pleasure of speaking with its Co-Founder and CEO, Jeremiah Smith, who will provide us a short masterclass into DeFi cover and insurance and how finance and accounting professionals at web3 startups and DAOs can mitigate their onchain risk.
[00:02:32] Umar: In this episode you will learn, the main risks transacting onchain, different forms of DeFi insurance, how to choose DeFi insurance, an overview of OpenCover, the future outlook of AI and DeFi insurance, and much more.
[00:02:50] Umar: Jeremiah, welcome, and thanks for making the time to be here.
[00:02:54] Jeremiah: Good to be here.
[00:02:55] Umar: To start, can you share a bit about your background, how you became interested with blockchain and the story of founding OpenCover?
[00:03:04] Jeremiah: Yeah, for sure. So we started building in the blockchain space in 2017. We built one of the first data exchange protocols on Ethereum. So we were super interested in sort of the programmability of the infrastructure that would let us aggregate data on the fly, do micropayments, guarantee provenance. All that kind of stuff.
[00:03:23] Jeremiah: And then in 2021, we founded what later became OpenCover in 2022. We started getting very interested in DeFi, and specifically we wanted to create a sort of DeFi native savings account alternative. And so, for that, we needed insurance. We needed some sort of like cover, just like you have insurance in the G20 style jurisdictions for your savings accounts, like the FDIC protection or the FCFS, I think it is in the UK. So we started looking at DeFi insurance and we realized that was actually the bottleneck. So we just assumed that there would be DeFi insurance and there would be a lot of it, but there isn't. And so we understood that actually that's a way bigger problem to solve. The sort of safety aspect of transacting on chain and doing business on chain.
[00:04:09] Jeremiah: And so, in 2022 we pivoted to, our mission to help businesses and individuals stay safe on chain. So we now focus on working with underwriters. So that's insurers and cover providers. So insurance is the regulated flavor of sort of risk mitigation and cover is usually insurance alternative, so it won't be regulated in the same way. And what we do is basically we create new cover products to protect businesses and individuals onchain and help distribute existing products as well to make sure that whoever needs protection can get it. And yeah, that's about it. We're backed by some of the most visionary VCs in the space. Coinbase Ventures, Base Ecosystem Fund, NFX, Alliance, Orange DAO, Village Global. Quite a few angels inside and outside of the YC community as well.
[00:05:00] Umar: I'd like to start the episode with the different risks transacting onchain. So the listeners of this podcast, they're largely made up of professionals working in accounting, finance and operations, and they are today managing a business with crypto.
[00:05:16] Umar: So in their roles at their companies, they are performing different onchain activities, such as setting up self custodial wallets, providing liquidity to DeFi protocols, Staking, Bridging, On-ramping, Off-ramping, et cetera. Now, depending on the nature of their business, perhaps they've already protected their businesses with the most common covers, such as: an Employers Liability Insurance, Directors & Officers Liability Insurance, Professional Indemnity Insurance, et cetera.
[00:05:46] Umar: But given the subject of this conversation today is about onchain risk, could you share the main risks when doing a business onchain?
[00:05:57] Jeremiah: Yeah. And that's a great question because, what's interesting with transacting on chain is that for the sort of first in history assets truly belong to you, right? Like your keys, your coin. And the drawback of that is that it also means your problems, right? Like that's something we talk about less, but if something bad happens, your keys, your coins, your risk, and in a way that's not really the case in TradFi, at least in G20 style jurisdictions, because you'll have things like the FDIC or the SPIC and you'll have legal recourse if things go wrong.
[00:06:29] Jeremiah: But on chain , we don't have that. And so, from a sort of user centric perspective, there's three main categories of risks, the pre transaction risks, that's usually custody or self custody risks.
[00:06:40] Jeremiah: So the risk of losing access to your on chain assets because a private key was lost or stolen, depending on the setup.
[00:06:48] Jeremiah: Then you have transaction time risks. So that's the kind of mix of technical economic and security risk. It's really the risk that, when you create a transaction and it settles on chain, there's a gap between the intent between what you thought it would do and what it actually does. For example, if you're interacting with a malicious contract and you thought you were interacting with Uniswap, but you click the wrong link or the front-end you're using to interact with Uniswap has been compromised.
[00:07:12] Jeremiah: You think you're doing a swap on Uniswap or LPing, but in fact you're interacting with a malicious copy and you lose some funds or all of your funds. Then, you've got other transaction time risks, like, for example, bridge failure. You bridge from one chain to another and your funds never arrive because the bridge isn't working.
[00:07:30] Jeremiah: And then you have the post transaction risk. So this is mainly protocol risk. So it's longer duration risk than transaction time risk. It's basically when you lock your assets in a smart contract because you're lending or LPing and somebody finds a bug in the contract and exploits it and manages to potentially take some of the funds, including yours, which they shouldn't have access to, or something else severe economic event, like a liquidation failure, or maybe even a governance attack that somehow allows attackers to get access to your funds when theoretically if the protocol behaved as it was designed to, they should not be able to do that. So I would say, yeah, there's pre transaction risk, transaction time risk, and post transaction risk.
[00:08:15] Umar: In terms of impact, do we know how these different risks compare and do we have the stats maybe, on the financial losses that these different types of risks have resulted to in the past?
[00:08:27] Jeremiah: Yeah! So what's ironic is that the losses are on chain, right? So theoretically, it's all public and we should be able to know exactly how much it is. But because blockchains are pseudonymous and we don't have the context of the transaction, right? You can look at the transaction, you can look at the smart contract call and the inputs and the outputs and what happened, but you don't really know what the intent of the person. Of the entity that created the transaction was.
[00:08:53] Jeremiah: It's non trivial, it's highly non trivial to understand really when a transaction incurs a loss, unless you have this extra context. And this is like part of what we do. But overall, if you look at what Chainalysis, SlowMist, Halborn and we have also found on chain for last year, we estimate there's been about $2.1billion or at least $2.1billion in losses in 2023 due to these three risks.
[00:09:17] Jeremiah: Pre transaction, and post transaction, about a quarter of those were pre transaction, about 20 percent happened at transaction times, it's about $450million, and then a bit over 50 percent happened post transaction due to these these protocols failing. But yeah, but long story short with proper key management, you can mitigate the pre transaction risk. And then if you are careful with your transactions and there are tools or services or sort of companies like us that help you mitigate this risk you can get a good handle on the transaction time risk, but the protocol risk is something that's a bit outside of your hands, right?
[00:09:54] Jeremiah: Because, it's actually not at all about your actions on chain. It's about how well the protocol is secured and whether it gets compromised.
[00:10:03] Umar: I'm hearing the stats for pre transaction risk being quite significant about a quarter and that attributes to not having proper key management. Yeah, what could these teams right now be doing, like saving their private keys in a spreadsheet? Like it's quite alarming to have 25 percent not having proper key management.
[00:10:24] Umar: What are some best practices you've seen around proper key management?
[00:10:29] Jeremiah: Yeah. So it will depend, of course if you're operating as an individual or as an org, if you're operating as an individual, obviously everybody knows use a hardware wallet and have levels of redundancy and figure out how to save your seed phrase, if you're using that kind of setup.
[00:10:45] Jeremiah: If you're operating as an org, it is really about having access control and governance policies in place. Choosing the right multisig provider that can implement these sort of access control rules and governance rules. Yeah, so I think from the risk standpoint, custody is not a new thing or multisig is not new to block chain. So it's got more sort of history and more best practices there. And it's absolutely possible to find a good sort of enterprise wallet if you're operating as an org that will enable you to make sure that nothing gets stolen or lost or like all the government's rules are, implemented.
[00:11:20] Umar: So that was for pre transaction risk about custody. How about the other risk, transaction risk and post transaction risk? How do you protect yourself?
[00:11:29] Jeremiah: So for transaction time risk, that's still a risk that exists today because there's different levels of it. There's the, like, am I interacting with a malicious contract that's pretending to be, an Aave, Uniswap or whatever you're trying to do. And then there's also, like if I am with say the right version of Uniswap are the assets, like is the pool balanced, for example, like, am I getting the right prices?
[00:11:52] Jeremiah: Is this actually the market price? So there's different risks there. But overall, what you absolutely should do if you're transacting, for example, as an individual is have either a browser extension that will simulate the transaction before you sign it and tell you flag any sort of obvious risks or Pocket Universe is a good one for that and or use a wallet that has some transaction simulation in it.
[00:12:15] Jeremiah: So for example, Rabby or Metamask also now, I think they teamed up with Blockaid and for some transactions, they're able to tell you like, hey, wait a minute, you're minting an NFT, but you're not actually minting the right NFT.
[00:12:27] Jeremiah: And then in the multisig scenario, it's a bit more complicated because those tools might not support the multisig or, for example, the transaction format that SAFE has, but there, for example, SAFE has, if you're using their front end, they have a Tenderly option so you can simulate the transaction and look at the outputs. There you need to be a bit technical because you need to understand whether these outputs correspond to what you actually want to do. And they also have something with Redefine, where Redefine will try to gather some of the on chain context to see if there's a potential risk.
[00:12:59] Jeremiah: For example, if you're interacting, like, you think you're interacting with, like, Uniswap but in fact you're interacting with a contract that's been deployed a day ago. And obviously that wouldn't be the case of Uniswap, so it would flag the fact that you're interacting with a very new contract, and so it might make you understand that you're doing something you don't want to do.
[00:13:16] Jeremiah: The overall transaction risk is still like it's still an issue. And obviously like a lot of teams are working on it including us.
[00:13:23] Jeremiah: For post transaction risk, as I mentioned, it's a longer duration risk. There's less you can do because ultimately you're putting your assets in the hands of a protocol that may or may not have bugs. And as we know, like auditing is not enough. Like that's been proven. There's been some very high profile, protocols that have been hacked. Like, I think Euler last year was maybe a good example or Hedgey as well, like a bit. That was, this year drained for $40million.
[00:13:48] Jeremiah: So ultimately there, what you like insurance or cover is a really good option there because that is, that's what it's made for covering insurance, to protect you against the unknown unknowns. So yeah, so their protocol cover and insurance, would be best practice.
[00:14:02] Umar: All right. So we'll dive a little bit more into what OpenCover is offering in a bit. But first I want to go through a report that you published last year, titled the State of DeFi Insurance Report with contributors from Alliance, 1confirmation, NFX, Orange DAO, where you analyzed the size of the protocol cover market alongside the major players and products.
[00:14:27] Umar: I mentioned in the intro that this episode will be equivalent to a short DeFi insurance masterclass. So to date, DeFi users have suffered in excess of $6 billion due to protocol hacks exploits according to DeFiLlama. So I want to ask you for the users, how do we mitigate protocol risk?
[00:14:48] Jeremiah: The best way to mitigate protocol risk apart from the trivial stuff, like, do some due diligence on the protocol. Put some funds into to make sure it's not a sort of totally unknown thing that was deployed two days ago by an anonymous team. And that might just be like a scam.
[00:15:06] Jeremiah: But if you are putting liquidity into a protocol, which, like if you're thinking about professional use cases would probably be blue chips. You're still exposed to bugs in the blue chip or severe economic events that would potentially impact your positions there and their protocol cover or protocol insurance is the best practice and the actual sort of what it protects you against depends on the provider. So it's just like traditional insurance, right?
[00:15:35] Jeremiah: Like depends on who the underwriter is, what the policy says but overall, if you look at the gold standard, which is Nexus Mutual, who've underwritten billions in protocol risks since 2019, paid out millions in claims, they usually protect against smart contract hacks and exploits.
[00:15:52] Jeremiah: So that is really like, bugs in the code of the protocol that get exploited and then severe economic events that are beyond the sort of intended way the protocol should function. So that would be things like Oracle failure or manipulation liquidation failure. There's a liquidation mechanism protocol or a governance attack.
[00:16:13] Jeremiah: So that's sort of like most of the things that can go wrong. And that is why actually at OpenCover we started with that type of protection by offering and distributing that type of protection. And it's still like, say, our flagship product. So that's where, most of our policies basically are sold.
[00:16:29] Jeremiah: It's to protect against these protocol failures. So it could be anything from LPing on Uniswap, farming on Beefy, staking on EtherFi, you can purchase these protections for 30 days, 60 days, 90 days, whatever to make sure that if there is an incident you're not impacted.
[00:16:44] Umar: Before we continue, we'll take a quick commercial break from our sponsor.
[00:16:49] Umar: If you're like me and have clocked some serious hours at a Big4, BDO or other big name accounting firm, you know the drill, rigorous training and a rock solid work methodology. But here's the thing, while a lot of these firms speak about blockchain, in practice, just a handful get the nuts and bolts of accounting and auditing for digital assets.
[00:17:12] Umar: One of those firms is Harris and Trotter. Since 2017, Harris and Trotter has been growing into a well respected leader in the web3 space. Currently, Harris and Trotter offers audit, accounting, tax, and advisory services to close to 600 crypto native projects.
[00:17:32] Umar: And here's something cool. Every single of their Digital Assets Partner is under 35. With some making partner status in as little as 12 months.
[00:17:43] Umar: Their drive, fueled by the vision of their CEO Nicholas Newman, knows no limits. And Nicholas has personally reached out to me with an incredible offer for the students of our Crypto Accounting Academy. He's offering scholarships and a guaranteed job placement with Harris and Trotter.
[00:18:02] Umar: Yes, you heard that right. So how do you get in on this?
[00:18:05] Umar: First off, you need to be based in the UK because you'll be joining their team at their London headquarters. Plus, you should be enrolled in either one of the ACCA, ICAEW, CIMA or SAICA programs. And of course, you need to have a genuine interest in crypto and the wider web3 ecosystem.
[00:18:26] Umar: To enroll in the program, you will be required to complete the 7 week Crypto Accounting Academy, and upon completion, you will start your journey with the Harris & Trotter Digital Assets team in London. Are you ready to apply? Head over to theaccountantquits.com/scholarships, fill out the application form and I'll personally be in touch.
[00:18:48] Umar: Now I have a follow up question on tokenized treasury bills products because of how popular they are at the moment. So US treasury bills are backed by the US government. They are considered to be risk free. And typically considered as one of the safest investments in the world.
[00:19:06] Umar: Now protocols like Ondo Finance, OpenEden, Maple Finance, they've launched their tokenized treasury bills products.
[00:19:15] Umar: So while the tokenized treasury bills smart contract of these products might have been audited there's no guarantee that new attack vectors will not arise in the future. So I understand that the reserves from such protocols are held off chain as USD Fiat instead of being held as USDC on chain.
[00:19:37] Umar: My question here is if I'm at a company seeking to get exposure to such tokenized treasury bills, how should I protect myself against such smart contract risk? Even though US Treasury Bills are risk free, these smart contracts are still vulnerable to hacks.
[00:19:52] Jeremiah: Yeah. So the smart contracts are still vulnerable to hacks. That's true. But I would say in that specific case, these, for example, Ondo Finance, it's centralized operation permissioned protocol, I'd say there's not. There's not a lot of risk because even if something went wrong on chain and somebody stole really the tokens representing like ownership or like a fractionalized ownership of T-Bills off chain, the protocol would be able to react in a way that would not cause any losses for end users.
[00:20:23] Jeremiah: So I would say, there you would not need protocol cover because you've got a whole set of off chain, like the main risk is basically off chain crime and sort of bankruptcy. And for that, you have the traditional sort of means to sort that out. So, protocol cover is really for when you're helping to decentralize protocols where, code is law or rather like code is the only law that matters as far as you're concerned.
[00:20:52] Umar: Now, I'd like the listeners to understand how to choose DeFi cover by mapping out their different activities. Let's take a hypothetical company who holds Bitcoin, Ethereum, and USDC in self custodial wallets.
[00:21:07] Umar: Let's just say the activities of that company would be on-ramping USD to USDC and vice versa with the off-ramping, providing liquidity to different liquidity pools such as Aave and Compound, staking Eth on LIDO, bridging USDC from Eth to Polygon, Arbitrum, and lastly, making monthly payments to contributors using a Gnosis Safe. So different activities here I'll repeat it again. So on ramping, providing liquidity, staking, bridging, and making monthly payments through a Gnosis Safe.
[00:21:42] Umar: So how should this hypothetical company, I just described protect itself?
[00:21:47] Jeremiah: So it depends on the point in the user journey. So I would say on-ramping USD to USDC depending on the sort of fiat rail you're using to send money for on-ramping or get money from the provider when you're off-ramping like that could be minutes, right? Like depending on the rail that you chose. And also you're interacting with a company that is hopefully licensed somewhere. So you have all these like legal recourses in case something goes wrong. So really there, I would say the best protection is to choose the right on/off ramp provider.
[00:22:17] Jeremiah: So probably somebody with a track record that is licensed. And specifically for USDC, you could consider just working with Circle directly and doing everything through them.
[00:22:26] Jeremiah: Then providing liquidity to liquidity pools like Aave and Compound turn yield. So that is the ideal use case for protocol cover. You just want to transfer away the risk of anything happening with those protocols. So there you basically go to OpenCover or another provider. And you can protect your positions for however long you need. Staking Eth on Lido. Again, this is, I guess there's staking risk there as well. So it depends on the provider, but there are policies specifically for like Lido or like staking providers. So there, you just need to make sure that you understand like what you're protected against and not protected against.
[00:23:01] Jeremiah: And then bridging from L1 to L2 so it's interesting because there used to be up until recently, some front ends that offered bridge cover really, but basically guaranteeing that you would receive the funds on the other end side of the bridge for a small sort of, like a BIP or less fee.
[00:23:23] Jeremiah: So I think LiFi and Socket were teamed up, with providers to do that, that has stopped for some reason. I actually don't know why it's very interesting. And actually LiFi did get exploited, I think in July for $11million or so. So I guess that is a risk that does remain like overall, I would say like on chain risk is relatively low. That's why people actually use blockchain to do transactions and there's an increasing amount of people who use blockchain to do business. But it's not a non existent and it's like off chain, right?
[00:23:55] Jeremiah: Like zero risk does not exist off chain. Zero risk will not exist on chain. And depending on the type of activity you're doing, it makes sense to put that safety net below you to insure.
[00:24:07] Jeremiah: But long story short, yeah, so a bridging is still there are some risks there. What I would say is probably use the canonical bridge, the native bridges if you're gonna go from from L1 to L2, for example because those things have been tried more, right? There's more liquidity that's passed through it. So, it's been more battle tested, but also, I think if something happened with the Arbitrum bridge, the canonical Arbitrum bridge, the entire Arbitrum ecosystem would try to make things right.
[00:24:31] Jeremiah: So, in a sense, you'd have a lot of energy. Well, like a lot of people would spend a lot of energy trying to make sure that if you did lose funds in the Arbitrum bridge, you would get your funds back. So I guess that's what you could do. Or so that's what we do. And then using so what was the last one?
[00:24:45] Jeremiah: Was it paying folks using Safe?
[00:24:48] Umar: That's right.
[00:24:49] Jeremiah: So here the risk could be two things. It could be, you've been phished. So, you click a link, you think you're on the Gnosis front end, you're on something that looks like the Gnosis front end, but it's a different URL, and you're about to sign off all your funds, or the Gnosis front end has been compromised, so like a DNS attack or something like that. And so again, like the best protection there is depending on what kind of setup you have, is either to have one of these browser extensions or one of these wallets that will simulate the transaction for you and flag any obvious risks.
[00:25:23] Jeremiah: It actually doesn't work so well with multisig, like the support is less because the, for example, for Safe specifically, the transaction format is really different from EOA transactions, but as I mentioned in Safe specifically, there is there's this Tenderly option where you can simulate a transaction. And then if you can read the output on Tenderly, you can see the expected flow of funds. And you can make sure that all the addresses are where you think they should be, and then they also have this Redefine like automatic risk assessment that will look at the context of the transaction, like how old the contract is that you're trying to interact with.
[00:25:58] Jeremiah: Transactions on chain is still little bit for the adventurous.. But there's a lot of work that's being done in the space, to increase safety and bring it right to the same level as TradFi or even more safe than TradFi, certainly more transparent.
[00:26:10] Umar: The feedback that I have is not a lot of CFOs have at the moment protected themselves against these different on chain risks. We shared the figure earlier and it's pretty low. What I want to ask you is at what stage should these CFOs or CEOs at their companies consider protecting their on chain activities?
[00:26:30] Umar: Do you have a breakdown of some of the profiles of buyers that you've encountered so far?
[00:26:38] Jeremiah: I think that's, it's really like a risk management question. Even if you're just transacting off chain, you have to do risk management and have mitigations in place for like the identified risks and response plans in case risks do materialize. So I guess from that perspective, on chain is no different. It's just that the risks are new or, are specific to transacting on blockchains. So really it's a risk management question, depends on the org, depends on the activity.
[00:27:03] Jeremiah: If you're, if you're basically tasked to maximize yields, on assets you might choose to, for example, not at all, you might do all the transactional security stuff and the key management stuff and but not use protocol cover at all because you're just trying to maximize yield and it's accepted that you're taking a higher level of risk. If you're managing a treasury for a DAO or for a company, you probably want to focus on wealth preservation. So there you would want to show as the CFO that you have taken the steps needed to protect the treasury in case something goes wrong with the protocols you've decided to supply liquidity into.
[00:27:39] Jeremiah: So there potentially you would want to use protocol cover. So it's really org specific you have to accept some risks. So for example, we do not cover assets that are on Safes. But we have customers that purchase protocol cover for Safe because they, they don't want to accept that risk. But if we do, for example, we have some of our treasury being actively deployed on chain turn yield. We'll say like, we'll put on Aerodrome. For Aerodrome, we would purchase cover. And then it's more of a measure of like, what's the risk? What's the reward specifically on Aerodrome,
[00:28:14] Jeremiah: I think now, like if you take into account the decrease in yield when you purchase cover it's really relatively speaking negligible because the yield is so much higher.
[00:28:25] Jeremiah: And so it's just worth it from a sort of risk reward perspective. But long story short, yeah, like risk management it's depends on the org and, but you should totally do it.
[00:28:34] Umar: Now, I want to speak a bit more about OpenCover. On your website, you've outlined some of the DeFi cover providers or underwriters that you work with, such as Nexus Mutual, Unslashed Finance, ChainProof, and a few others. Could you explain what is OpenCover? What do you guys do? And the different DeFi insurance services you provide?
[00:28:56] Jeremiah: Yeah. So on our website we track the different underwriters, the ones that have an on chain presence, because not all underwriters of blockchain risk are on chain. And obviously if you're off chain, it's totally opaque. So what's interesting we're doing cover or insurance on chain is that there's this whole new level of transparency, like, for example, if you go to Dune and look at Nexus Mutual's entire business, like, in a way, you can see exactly how much capital they have, exactly how much of that capital is being used, where it's being used.
[00:29:32] Jeremiah: So, basically, all the risks that are being underwritten, there are totally public, and it's totally transparent. And this is like, unheard of, basically, in traditional insurance. And in fact, because, we work with both or we're certainly in touch with both sides the TradFi side of the spectrum and the on chain side of the spectrum. for some traditional insurers, like it's unheard of! It's like they would never release these numbers publicly. This is like their business secret sauce, right?
[00:29:56] Jeremiah: Anyway long story short yeah. So we list on our website, the different providers that do this. We work with some of them, not all of them. And really our mission is to help individuals and businesses protect themselves against on chain risk. We specifically focus on transaction time risk and post transaction time risk, because those are the two newest areas. As I said, the custody side of things, it's relatively well understood and there are good tools and frameworks and, providers for that.
[00:30:23] Jeremiah: So for transaction time protection what we do is that we partner with products where transactions are already being created. So for example, it could be like a web3 platform or it could be like a wallet or a wallet style product where users are already creating transactions.
[00:30:39] Jeremiah: And then we add a layer of protection by covering transactions that are created on those products.
[00:30:45] Jeremiah: So for example we've partnered with Request Finance recently and what we did with them is basically each time a user creates a transaction on Request, it is covered in real time. So it was a real time risk assessment. If there's no risk, we cover it up to a hundred thousand dollars.
[00:31:02] Jeremiah: And if it turns out that when the transaction executes on chain, there is a loss, an unexpected loss, the customer is protected. So what that means is that we're really transferring away the risk from the end user, which is a big deal because this is basically how TradFi works as well. So all of a sudden you have the benefits of transacting on chain if you're using Request..
[00:31:23] Jeremiah: So, it's more transparent, it's cheaper, it's faster, it's global. And you have the same level of guarantees as if you were transacting on traditional rails. And so all of a sudden you can see that transacting on chain is competitive or in fact exceeds transacting on traditional rails across all dimensions, basically.
[00:31:40] Jeremiah: So it's pretty cool. And in a way, on post transaction risk, like as I mentioned that's protocol cover. So we partnered up with Nexus Mutual to distribute their existing products because they have existing products. But also create new products with them. So Nexus usually focuses on Layer-1 users. We focus on Layer-2 users and we basically distribute the Layer-1 protection or what you can buy on Layer-1 or Layer-2. So you don't need to worry about the gas costs and so on.
[00:32:05] Jeremiah: And we also create new products with Nexus, depending on the demand we get from users. So if you're farming on Beefy, you can purchase Beefy protection from us. We also have bundled covers where you basically purchase protection for, say, Beefy and Velodrome at once so that if something happens on Beefy or Velodrome, because when you're farming on Beefy, you're actually using an underlying yield protocol. You're covered and we're launching a new type of cover, which we're calling a DeFi Pass, which basically protects you on all of the top protocols for a given chain.
[00:32:42] Jeremiah: So we're starting with Base. So we're launching the Base DeFi Pass, where you're basically protected on the top eight protocols on Base with a single cover. So you don't need to worry about any of the stuff you do on Base, you're pretty much covered everywhere.
[00:32:56] Umar: Before we continue, we'll take a quick commercial break from our sponsor. Working in Web3 can transform your career, be financially rewarding, and surround you with a vibrant community. But as you're very much aware, this space requires rethinking a lot of the old models of how we work. For example, as the leader in a web3 organization, it's up to you to figure out the most cost effective way to offramp the company's crypto, or what's the most efficient setup to mass pay your contractors in crypto.
[00:33:26] Umar: Getting your organization to run on crypto is daunting if you're alone. That's why Request Finance, the industry leader in crypto invoicing, payroll and expenses, has curated a community of Web3 CFOs to share best practices around web3 financial operations. With CFOs from leading projects like Aave, The Sandbox, Binance, Consensys, and many more.
[00:33:51] Umar: Joining this community will allow you to network and fast track getting your organization compliant in crypto. And you know what? I'm also responsible for accepting new members and growing the web3 CFO club. So if you're a web3 business founder, CEO, CFO, or in charge of financial operations, you can join this exclusive community today by filling up an application form at theaccountantquits.com/web3CFO
[00:34:19] Umar: Subject to a screening check, you will then start interacting with high profile Web3CFOs, get access to members only benefits like webinars, resources, and invitations to physical meetups. Join the club today, and let's win web3 financial operations together.
[00:34:37] Umar: For the listeners to understand. Is OpenCover an insurance broker? Is the front end, like the software platform enabling the end user to choose like between different underwriters? Let's say if tomorrow a user comes and Nexus Mutual, does not insure against that risk, would the user have to be able to choose a different underwriter on the OpenCover platform or would you yourself propose like a different underwriter to that end user?
[00:35:08] Jeremiah: We play the same type of role as brokers do off chain, but when you translate that to on chain, because it's much more technical environment and it's just a much newer environment, we do much more than what a broker would do off chain.
[00:35:27] Jeremiah: Brokers off chain they basically connect demand for risk transfer with underwriters. And they'll basically make sure that a policy is created that outlines, these are the risks that you're protected against and this, how much you need to pay us. That's usually a PDF and when you translate that to on chain we're not working with PDFs anymore. And we need to like potentially build the entire product. This happens regularly with us, there's a user that comes in that says: "Hey, I need like $2million of protection on this protocol, and nobody's underwriting that at the moment."
[00:36:01] Jeremiah: What we will do is go and speak with underwriters and see, hey can we get, say, protocol cover for this new protocol? And that means that we need to do risk assessment. That means we need to evaluate with the underwriters whether it's worth doing or, whether we're comfortable with the risk means figuring out what the premium is, what the deductible is, and then also, creating the infrastructure, or like this is part of what we've built at OpenCover, to actually enable the end user to purchase the protection, to have the proof of cover, which is now no longer a PDF in an email, but something that's recorded on chain, that they are covered, and then help them if there is a claim, to provide the right on chain evidence to be able to make the claim.
[00:36:42] Jeremiah: In a sense, we need to build a lot of things. If we're talking about transaction cover, it's even more complicated.
[00:36:47] Jeremiah: For example, when we when we worked with Request, we had to basically do a whole sort of review of all their smart contracts and model the semantics of what a valid Request sort of transaction looks like at the smart contract level to understand if there's a risk at transaction time, basically so it's much more involved than just connecting those who want to purchase cover and those who underwrite the cover, there's risk assessment, building the infrastructure providing, yeah, like providing everything either through a UI, through an API. And so, so in a sense, it's a kind of new type of company here. And I think we are the first to play this role where we work with multiple underwriters and we, figure out what products need to be distributed or created and actually create them for the end user.
[00:37:37] Umar: Beautiful. I think it was an important distinction for the listeners to know. And also I wanted to ask you in terms of pricing, how does pricing typically work for these different DeFi covers? Could you provide some different scenarios?
[00:37:53] Jeremiah: So for protocol cover, it's pretty easy it's between 1 and 10 percent per annum equivalent. So it depends on the protocols. For example, if you're looking to cover your Safe, your Gnosis Safe. It's around 1 percent per year. If you're doing something on a much newer protocol it can go, yeah, like it can go up to, 10%, but if you look at the blue chips, like the sort of the Aave's, the Uniswaps, the Compounds you're more around like 3%.
[00:38:24] Jeremiah: For transaction cover it's totally custom. It really depends because those are always (or so far anyway) have been custom kind of implementation. So we have like, basically we have an API where you send us a transaction. We do some sort of risk assessment and we say, okay, the transaction is covered because it really depends on what the transaction is.
[00:38:44] Jeremiah: What we've agreed the coverable transactions are with a specific provider. We will also agree on a specific pricing for those but that's very, yeah. So that's very custom.
[00:38:53] Umar: Now I would be remiss if I didn't ask you about the different developments in AI and how those can be used to automate the underwriting process for DeFi covers.
[00:39:05] Umar: As far as today are some of the protocols leveraging AI and what's the future outlook narrative of AI and DeFi insurance?
[00:39:15] Jeremiah: If you go to an underwriter and you're like say OpenCover creates a policy for a customer to protect their transactions with an underwriter and say, there's a claim. If we go to the underwriter and say: "Hey, there's a claim, it's a million dollars."
[00:39:31] Jeremiah: And obviously the underwriter is going to ask, well, like, why didn't you guys catch the risk on that transaction? Why did you decide to underwrite that transaction? If the answer is, oh we didn't really decide to do it. We have this AI that decided to do it. And we don't know why it did it.
[00:39:48] Jeremiah: It just did. The underwriter is not going to be very happy. And in fact in insurance, usually everything needs to be or like everything is very deterministic and very, like all the rules are spelt out because when you look at a claim, you're really just comparing, does the contract cover what you're seeing, like what caused the loss. And this kind of loss assessment, or like claims adjustment processes, they call it is really about that. So all of a sudden, if you add noise and like, well, we decided to underwrite this, risk based on something we don't fully understand. Usually this is not done basically.
[00:40:27] Jeremiah: So the thing with AI is that it's great, or like, if we're thinking about LLMs and all this. It's really great for non mission critical tasks, but when you're doing insurance, it is mission critical and you need to be able to explain all your underwriting decisions, you need to have an audit trail of sort of everything that happens.
[00:40:44] Jeremiah: So whenever we underwrite a transaction, for example, if we decide to cover a transaction, we record in a database why, like the specifics of that transaction and why we decided to underwrite it so that we can show that later if there is a claim.
[00:40:59] Jeremiah: So, I would say for now, until there's a much better understanding of AI interpretability, why the decisions are being made or why the output is the output that we get from say an LLM, which is absolutely an open problem, I don't think it's going to play a big role in the actual underwriting in trying to extract insights from and, compare. We have a plan to benchmark what an AI would do compared to what we do, with our, it's a rule based system, like effectively based on transaction simulations. We definitely want to compare that and see where the differences lie, but for now I don't think many in on chain insurance will be using AI to do the underwriting decisions
[00:41:45] Umar: All right, interesting. Now speaking about partnerships, you already went through the Request Finance partnership and I recently read that Request Finance, they already covered more than 3,000 transactions worth more than $30million, thanks to OpenCover.
[00:42:01] Umar: In addition, maybe to the partnership with Request Finance, are there any other partnerships that's maybe on the roadmap right now, or you've already partnered with these companies that you'd like to share?
[00:42:16] Jeremiah: Yeah so I can share like I don't think I can share the name but I can I'll tell you what kind of product it is. So we partnered with one of these browser extensions that basically scan your transaction before you execute it and warns you of the risk. So we partnered with them to basically underwrite the transactions at that moment as well which means that if you're doing something on chain and this browser extension says: "Hey, your transaction is good to go!" But something happens, you are covered up to a certain amount, which is a five digit amount.
[00:42:51] Jeremiah: So it's not nothing. So we think this is going to increasingly be the trend. Like it doesn't make so much sense to transact on an infrastructure where the results of the transactions are totally final. You cannot change them and you can also lose all your money in a transaction.
[00:43:05] Jeremiah: Like you do need a safety net. I think something we've learned as humans that we want to protect ourselves against black swan events because if we don't and we stand the risk of losing everything then it doesn't make sense to like build big things and do big things, right?
[00:43:20] Jeremiah: Like all the skyscrapers are insured all the planes that fly in the sky are insured and that's because we've sort of learned as humans that we need this safety net to be able to think big and do big things.
[00:43:29] Jeremiah: So in that way, I don't think you know blockchain is going to be any different. You do want to be protected at transaction time. You do want to be protected for anything that's non trivial once you place funds into a protocol. Custody providers, if you're using third party custody, are already insured, like Ledger has a 150 million dollar policy on their enterprise offering. I think BitGo has like, I forgot how much they have, but like hundreds of millions of dollars in insurance and, like, insurance is just pervasive.
[00:43:58] Jeremiah: So there's no reason why it wouldn't be on chain as well.
[00:43:59] Umar: Now, there's the last question that I would like to go through, which is the different challenges for adoption. So we went through the different figures and how the vast majority of on chain transactions today and protocol positions are not protected. So in terms of challenges for adoption yeah what would be some of those biggest challenge?
[00:44:21] Umar: It could be anything from education, communication, regulation or anything else.
[00:44:27] Jeremiah: So the way we think about it or joke about it at OpenCover is we say degens don't buy cover. And what that really means is that right now the blockchain space is mainly driven by speculation, right? So it's mostly folks that are there to make short term profits as much as possible.
[00:44:45] Jeremiah: And so within that context, it's much more a game of like, you know winning big a few times and then not losing too much all the other times even if it's because of a hack.
[00:44:57] Jeremiah: And so if you're in that frame of mind insurance makes less sense, cover makes less sense because it's more about, maximizing profits thinking short term. So really, I think for adoption to happen we need a lot more non speculative use cases. And it's great to see that there's an increasing number of those. I think Request is actually a really good one. Payroll and spend management on chain there you do want to be protected because there it does matter if you lose 3 percent of your payroll because you're interacting like you're doing a swap and like there's a problem with the pool price or whatever. And so really we think adoption is going to come naturally, or what we're seeing actually is more and more demand from protocols from Web3 platforms from like wallet style customers for this safety net. Because everybody's starting to think a bit more long term then. Oh, I gotta buy some, like, whatever coin and make a lot of money.
[00:45:49] Umar: So, yeah it goes hand in hand with more businesses adopting crypto, right? So yeah, because Degen's is not your main target user, let's say Now, Jeremiah, thanks a lot. I'm seeing the time pass and we're at the end of the episode.
[00:46:09] Umar: Thanks a lot for coming in today as closing thoughts, has there been anything we didn't touch on, or if there's any last message that you'd like to reiterate to our listeners?
[00:46:20] Jeremiah: No, I think we've been quite thorough. Obviously insurance is not a very well known topic, at least for now. Or on chain insurance. So I'm glad we got to talk about it a little bit and I didn't come from an insurance background when I got into OpenCover and I have to say that like getting into insurance more and understanding sort of how the world works, cause it's so pervasive.
[00:46:39] Jeremiah: As I mentioned like everything around us or in like G20 style jurisdictions, everything around us is insured basically. It's just very interesting to see how yeah, how, humans have understood how this risk transfer is so important and how it really powers modern societies. So yeah, so I'm glad we did an awesome job at recapping everything that's happening with on chain risk and on chain insurance and cover. And I think, yeah, it's exciting times ahead. So thanks for having me on the show.
[00:47:05] Umar: There's a last question, which I like to ask to my guests before they leave is, do you have a favorite quote or let's say like a maxim that you live by?
[00:47:14] Jeremiah: Well, I have one, that I like. I don't know if it's my favorite one, but it's stuck with me. It's from Pablo Picasso, and he said: "When art critics get together, they talk about form, structure, meaning. But when artists come together, they talk about where they can buy cheap turpentine." And really what it means is like, there are people who are doing things, who are taking the risks, And they're more interested in, like infrastructure (like turpentine) the tools, how does it work, how to fit things together.
[00:47:44] Jeremiah: And then there are people who benefit and do the kind of stuff on top, like what's the best coin this protocol is like this protocol is like that. So I guess it's an important one for me because like I highly value and respect people who are trying to put a dent in the universe and the on chain universe and moving the needle by continuing on building and, innovating, taking these risks, the arrows in the back that comes with being the first to do certain things and yeah, like it's an exciting space to, to be in.
[00:48:09] Umar: yeah! In the Web3 world, a lot of us, we are crafting our own path. Like no one's been there before and we're going in uncharted territory to build stuff like what you guys have done at OpenCover. So yeah, congrats for that. I'm very happy we got to do this recording and that more people can learn about the work that you've been doing.
[00:48:31] Umar: And thanks for pushing the adoption of crypto to more businesses. Jeremiah, if people want to learn more about OpenCover, if they want to reach out to you, what's the best way to do so?
[00:48:44] Jeremiah: You can go to our website: opencover.com And then if you want to reach me directly - jeremiah@opencover.com
[00:48:52] Umar: Perfect. I'll share that in the show notes as well. Again, thanks a lot for coming today and we'll be in touch.
[00:48:59] Jeremiah: Cool. Yeah. Thank you so much. It was great.
[00:49:01] Umar: I would like to thank everyone for listening to this episode. You will find all the links of the episode, show notes, and transcript on the website of The Accountant Quits at theaccountantquits.com. Please note that this content is for general information purposes only and is not a substitute for consultation with professional advisors.
[00:49:21] Umar: If you do know anyone who could benefit from the episode and you care about them, please do share the episode with them. All the episodes are available on Spotify, Apple Podcasts, and Google Podcasts. And by leaving us a review and rating, you will support the channel and all your fellow accountants. In order to be notified each time we release a new episode, do follow us on Instagram and LinkedIn.
[00:49:44] Umar: We hope to have you with us next time. Bye for now.