DeFi coverage protocol Nexus Mutual expanded the list of centralized exchanges eligible for incident protection. Users trading on Binance, Kraken, Coinbase and Gemini are now able to buy protection in the event of an exchange hack or prolonged withdrawal downtime.
The project announced the new integrations on Monday as part of their “custody cover” initiative. Users who buy coverage will be eligible for compensation if the custodian gets hacked and the user loses more than 10% of their funds. Alternatively, the claim can be honored if the custodian suspends withdrawals for more than 90 days.
The program was launched at the end of 2020 and initially included centralized lenders like BlockFi, Celsius, Nexo, Ledn and Hodlnaut. To apply for coverage, users must become members of the Nexus mutual and undergo know-your-client verification.
According to current figures, coverage is quite expensive. For example, a Binance coverage claim for 10 Ether (ETH) lasting 365 days, requires paying a premium of more than 3 ETH, or 30% of the coverage amount. Still, these may be temporary figures. For example, yearly coverage cost for BlockFi and Celsius is just over 2%, while covering other providers is much more expensive. Given the overall positive track record of the exchanges added today — save for intermittent outage issues — it is likely that their cost of coverage would go down significantly over time.
It is also worth noting that Nexus is not an insurance provider. The difference largely comes from the fact that insurance has contractually defined clauses that establish how and when a claim should be honored. The decision to pay out claims in Nexus Mutual is solely at the discretion of the members and stakers. While in practice this may not be an issue, edge cases could put the system to the test.
The founder of Nexus Mutual, Hugh Karp, was recently hacked via a malicious MetaMask extension, with the attackers stealing a significant portion of his NXM tokens. Despite the requirement of KYC to transact with NXM, it appears that the attacker used a fake identity for verification.