Nexus Mutual Accepts Claims Worth 31,000 DAI Post bZx Exploit
Crypto insurance business clears first hurdle.
DeFi-native insurance protocol Nexus Mutual paid out its first claims after stakers voted in favor of paying coverage to those who had taken out insurance before the first bZx exploit. This has revealed several nuances in the way Nexus Mutual functions.
First Successful Insurance Claim in DeFi
This marks Nexus Mutual’s first-ever successful insurance claim and confirms that the protocol is working as expected. This also reveals a few more aspects regarding the startup’s insurance coverage that were fuzzy in hindsight.
To take out coverage on Nexus Mutual for a particular protocol, one doesn’t need to have funds in the protocol. If a technical bug is confirmed, those with coverage from before the incident can receive the full amount of their coverage even if they did not lose any funds.
On Valentines day someone used a flash loan, some clever trading and bypassed a logic check in @bzxHQ contracts to net over 1000 ETH.
The bypass in logic was the critical aspect and today @NexusMutual has delivered on its promise and paid out its first claims.
Very proud! 🐢
— Hugh Karp 🐢 (@HughKarp) February 19, 2020
Kayleigh Petrie, Nexus Mutual’s Head of Communications and engagements, told Crypto Briefing the following:
“Members taking out cover don’t necessarily need to have funds locked up in the first place. If I had taken out cover before the event (bZx attack), and submitted a claim (without having funds on bZx) then my situation would be similar enough to the two payouts today that we can guess that members would likely vote in the same way and that I’d get a payout.”
She further added that “it’s worth noting that claims assessors can vote in any way they wish.”
This creates an interesting insight into how the insurance firm functions. Hypothetically, insurance contracts could be used as a means of speculating against which protocols may succumb to technical bugs.
Another precedent is the potential for this to be gamed by bug bounty hunters and software researchers.
If a security researcher found a bug in a protocol that Nexus Mutual covered, they could take out an insurance policy for a large sum and hack the protocol for a few dollars. Once the protocol publicly acknowledged this bug was exploited, the researcher could make a claim for their coverage amount and receive it.
Of course, this is subject to how the claims assessors vote. But bZx has confirmed that no user funds were lost, and Nexus Mutual’s claims team still approved the insurance payouts.
Two distinct takeaways from this incident are that Nexus Mutual can be used as a means for speculation or as a bug bounty system, but also that the protocol is also working as intended.