Studying actual insurance claims in crypto shows both the benefits and limits of coverage. The following cases describe context, losses, remediation or claims outcomes, and practical takeaways investors should apply when assessing custody and insurance risk.
1. Bitfinex (2016) — hot-wallet breach and non-cash remediation
Context. In August 2016 Bitfinex reported ~119,756 BTC stolen from hot wallets. The loss was one of the largest crypto thefts to that date.
How it was handled. Bitfinex did not have an insurance policy that immediately covered 100% of customer losses. Instead the exchange issued BFX tokens representing debt to affected users. Over time Bitfinex raised funds, redeemed those tokens, and repaid customers in phases. The remediation combined corporate capital and structured repayment rather than a direct insurer payout.
Lesson. Many exchanges rely on internal reserves or operator remediation rather than a simple insurer write-check. Users should verify the custodian’s stated coverage, read policy limits and exclusions, and assume that reimbursement could take non-cash or long-tail forms.
2. Coincheck (2018) — massive NEM loss, corporate reimbursement
Context. In January 2018 Coincheck lost ~523 million NEM (≈ $532M then) from a hot-wallet compromise.
How it was handled. Coincheck reimbursed customers using corporate funds and restructuring; the event highlighted that many domestic exchanges relied on company balance sheets or ad-hoc funds rather than market insurance. Regulators in Japan subsequently tightened custody and reserve rules.
Lesson. Exchange claims handling varies by jurisdiction and operator. Do not assume “insured” equals full protection. Confirm whether a custodian’s coverage is an insurer policy, a balance-sheet promise, or a limited reserve fund.
3. KuCoin (2020) — large multi-chain hack and coordinated recovery
Context. In September 2020 KuCoin reported about $281M stolen across multiple chains.
How it was handled. KuCoin engaged forensic firms, coordinated with other exchanges and projects, and traced stolen funds. A portion of assets was recovered when the attacker moved funds onto platforms that cooperated. KuCoin also used internal reserves and partner support to make users whole over time.
Lesson. Active on-chain tracing and cross-platform cooperation can materially improve recovery rates. Custodians with established response plans, forensic relationships and liquidity to temporarily cover client losses are more resilient.
4. Poly Network (2021) — massive bridge exploit and voluntary return
Context. In August 2021 Poly Network’s cross-chain bridge was exploited for ~$600M+. The attacker later returned most funds after public negotiation.
How it was handled. The project publicly engaged with the attacker, offered a bounty, and coordinated recoveries. The case underlined extreme bridge risk and the limits of traditional insurance for cross-chain protocol failures.
Lesson. Bridges carry outsized systemic risk. Insurance products often exclude novel cross-chain failure modes or have limited capacity. Diversification across bridges and minimal exposure to new bridge code are critical mitigants.
5. How insurance claims typically progress
- Immediate notification: Insurers expect prompt reporting. Delays can void coverage.
- Evidence collection: TXIDs, logs, exchange correspondence, and forensic reports are required.
- Forensic adjudication: An insurer or an independent firm validates cause and scope, and checks exclusions (negligence, policy violations).
- Claim decision and payment: If covered, payout is made subject to limits, deductibles and policy wording; payment may be partial, phased, or subject to sublimits.
- Remediation and controls: Insurers may require governance or technical fixes post-claim as a condition of coverage renewal.
6. Practical investor lessons
- Read policy word-for-word: Understand triggers, sublimits, exclusions (social engineering, negligence), and claim timelines.
- Don’t treat insurance as prevention: Strong custody, multisig, audits, and bug bounties are first-line defenses; insurance is the last resort.
- Be claims-ready: Maintain archived logs, TXIDs, access records and an incident response plan to speed adjudication.
- Layer protections: Combine custodial coverage for hosted balances with non-custodial cover for on-chain activity and an internal emergency fund.
- Choose providers with track records: Favor custodians and insurers with transparent claim histories and robust financial capacity.
7. Trends and recommendations
Trends: (1) Insurers are creating more specialized products (protocol-specific, bridge cover, social-engineering), (2) decentralized mutuals and parametric covers are maturing but have governance and capacity constraints, (3) forensic and tracing services are now integral to recovery and claims resolution, and (4) regulators increasingly impose custody and disclosure rules that affect coverage availability.
Recommendations: Keep only necessary funds on exchanges; verify whether advertised insurance is a third-party policy or an internal reserve; demand proof-of-reserves and audits from custodians; prepare robust IR playbooks and forensic evidence; use layered coverage tailored to custody model and on-chain activity.
Conclusion
Real cases show insurance can help but rarely replaces strong security and operational controls. Understand what is and isn’t covered, be prepared for non-cash or phased remediation, and use insurance as one element in a broader, layered risk-management strategy.
Further reading
- Case studies: Bitfinex (2016), Coincheck (2018), KuCoin (2020), Poly Network (2021)
- Nexus Mutual and InsurAce documentation
- Industry reports on custody and crypto insurance (Lloyd’s, Chainalysis, leading insurers)
