Crypto insurance is a contractual transfer of digital-asset loss risk from a custodian, exchange, or protocol to an underwriter, paid for through premiums and triggered by named events such as third-party theft or specific cyber incidents. The policies cover the platform that bought them, and almost never reach the retail user whose holdings sit on the platform.
That distinction became the headline lesson of November 2022, when FTX customers found their balances frozen with no insurance contract that named them as the insured party. Recovery flowed through Chapter 11 bankruptcy proceedings, and the gap between "this exchange has insurance" and "I am insured if I use it" became visible to retail users for the first time (source: Hunton Andrews Kurth on Digital Asset Insurance).
What is crypto insurance and what does it actually cover?
Crypto insurance is an underwritten contract that pays out specific cryptocurrency losses, in exchange for ongoing premiums, when a named event occurs. The covered events typically include third-party theft, hacks, employee dishonesty, and physical destruction of cold-storage media. The insured party is the custodian or exchange, not the depositor.
The market splits into four distinct actor categories that retail users frequently conflate: custodians (qualified storage providers who buy policies to protect assets they hold for clients), exchanges (CEX operators who buy policies for their own hot-wallet exposure), DeFi protocols (which usually cannot buy traditional insurance and instead rely on decentralized mutual cover), and retail users themselves (who can buy almost no direct coverage outside of one DeFi mutual model).
Each category carries a different contract structure. Custodian policies tend to be specie or crime insurance written against named perils. Exchange policies tend to be cyber insurance with sub-limits on cryptocurrency exposure. DeFi mutual cover operates through a member-funded risk pool rather than a balance-sheet underwriter. None of these structures defaults to making a retail account holder whole after a generic loss event.
Insurance is also distinct from cryptographic transparency mechanisms such as proof of reserves. PoR proves on-chain that wallets back liabilities at a snapshot date; insurance promises a contractual payout if certain losses occur afterward. The two address different gaps, and an exchange can publish PoR without holding any insurance, or hold a policy with no public PoR cadence.
What do custody insurance policies cover for exchanges and custodians?
Custody insurance policies typically cover third-party theft of cryptocurrency from cold or hot wallets, employee dishonesty, physical destruction of storage media, and certain cyber-incident losses. Policy limits range from tens of millions to hundreds of millions and apply only to the named insured. Coverage requires the custodian to maintain specific controls that the insurer audits at renewal.
A standard cold-storage policy is written against a named-peril list. Third-party theft of private keys, physical loss or destruction of the key material, and insider theft by named employees are typically in scope. Slippage of asset value during a recovery window may be partially covered. Speculative losses, market price moves, and protocol-level failures are out of scope.
Hot-wallet policies have shorter exposure windows but tend to carry lower sub-limits because the attack surface is larger. Coinbase has held a hot-wallet policy with a $255 million limit since 2013, placed through broker Aon and sourced from a panel of underwriters that includes Lloyd's of London syndicates and other US and UK insurers (source: CCN on Coinbase $255M insurance program). The policy covers assets held in custody, not market losses or unauthorized access from a user's own device.
Crypto.com expanded its insurance program to $750 million in September 2021 with Arch Underwriting at Lloyd's Syndicate 2012 as lead, covering cold-storage assets held with the company's custodial partner against physical damage, destruction, and third-party theft (source: Crypto.com on $750M insurance expansion). That figure represented one of the largest crypto-specific underwriting limits in the market at the time.
Policy limits are typically sized to a portion of total custody exposure rather than full coverage, because no underwriter writes 100% capacity against an unbounded loss potential. A $500 million policy on a $5 billion custody book covers 10% of headline exposure, and that ratio is normal for crypto risk in 2026.
Which insurers and syndicates underwrite crypto in 2026?
The crypto insurance market in 2026 runs primarily through Lloyd's of London syndicates, a small number of dedicated crypto insurers, and a single sizable decentralized mutual. Lloyd's syndicates including Atrium, Arch, TMK, and Markel have written cryptocurrency cover since 2020; Evertas operates as a Lloyd's coverholder backed by Arch; and Nexus Mutual is the leading on-chain alternative.
Lloyd's entered cryptocurrency hot-wallet coverage in February 2020 when syndicate Atrium launched a liability product in partnership with Coincover. The policy carries a dynamic limit that tracks the underlying asset price, starting from £1,000, and is backed by Lloyd's Product Innovation Facility (source: Lloyd's on Coincover hot-wallet insurance). TMK and Markel sit on the supporting panel as PIF members.
Evertas operates as the first dedicated crypto-asset insurer and the only one selected as a Lloyd's coverholder, with Arch Insurance International providing the underlying capacity. The firm writes policies for custodians, exchanges, and the bitcoin mining sector, with Arch-authorized single-policy upper bounds of up to $420 million for custodian crime cover and up to $200 million per mining location after its 2023 acquisition of Bitsure for mining-specific cover. Coverage is institutional, not retail.
Coincover sits closer to the consumer side, offering wallet-protection products that bundle key-recovery technology with the Lloyd's-backed insurance layer. The model is designed for self-custody wallet operators who integrate Coincover into their product, not for individual retail users buying coverage off-the-shelf.
Nexus Mutual covers the DeFi side. The protocol reports more than 10,000 covers issued and over $6 billion in crypto value protected since 2019, with active products spanning smart-contract exploits, custody failure, slashing, and depeg events (source: Nexus Mutual). Its first payout came in February 2020 for the bZx flash-loan exploit: three of five filed claims approved, totaling $33,720.10 (source: Nexus Mutual bZx 2020 claim history).
Traditional reinsurance giants like Munich Re and Swiss Re remain cautious on direct crypto cover, participating mostly through facultative reinsurance of primary policies. The market is small relative to the underlying asset base, which is why headline limits in the hundreds of millions cover only a fraction of platform-side exposure.
Crypto insurance product types at a glance. Five product categories cover the meaningful share of crypto risk transfer in 2026. The matrix separates them by what they pay for, who can be the named insured, and where capacity originates.
Product type | What it covers | Typical named insured | Capacity source | Example (2026) | Reference |
|---|---|---|---|---|---|
Specie (cold storage) | Physical loss, destruction, or theft of cold-wallet key material | Custodian or qualified custodian | Lloyd's syndicates, Arch via Evertas | Crypto.com $750M cold-storage cover (Arch / Syndicate 2012) | |
Crime (commercial crime) | Third-party theft, employee dishonesty, social engineering of platform staff | Exchange, custodian, fintech | Lloyd's, US specialty insurers | Coinbase $255M hot-wallet program (Aon-placed, multi-syndicate panel) | |
Cyber (technical compromise) | Network intrusion, ransomware, business-interruption from cyber incident | Exchange, custodian, infra provider | Lloyd's, Beazley, AIG, Chubb | Coincover-bundled wallet cover for self-custody integrators | |
D&O / management liability | Director and officer claims, regulatory defense, securities allegations | Protocol team, foundation, corporate parent | Traditional D&O carriers (limited crypto appetite) | Most public crypto firms hold standard D&O towers; terms tightened post-2022 | |
Discretionary mutual cover | Smart-contract exploit, custody failure, slashing, depeg | DeFi user (retail or institutional) buying cover directly | On-chain mutual capital pool | Nexus Mutual: 10,000+ covers, $6B+ value protected since 2019 |
Exchange-side SAFU funds (Binance SAFU, similar pools at other CEXs) sit outside this matrix because they are not insurance contracts: they are discretionary reserve pools the exchange may apply to make users whole, with no underwriter relationship and no enforceable claim path. The next section treats them on their own terms.
What does crypto insurance not cover for retail users?
Crypto insurance does not cover retail-user account compromises through phishing, SIM swap, or social engineering; it does not cover lost private keys in self-custody; it does not cover market price declines; and it does not cover the failure of an exchange itself as a counterparty. The retail user is rarely the named insured on any policy that exists.
The retail naming gap. Custody and exchange policies name the platform as the insured party. If a hacker drains the exchange's hot wallet, the policy may pay out and the exchange may choose to make users whole; but the policy does not give a retail user a direct claim against the underwriter. Reading any "insured up to $X" badge correctly starts with this scope.
Phishing, SIM swap, and social engineering. Underwriters universally exclude losses arising from the user's own credentials being compromised. The reason is moral hazard: an insurer cannot price a policy that pays out whenever a user gives up their password. User-side controls like two-factor authentication sit outside the insurance perimeter entirely.
Lost private keys in self-custody. A user who forgets a seed phrase or destroys a hardware wallet without backup has no third-party party to claim against. Lloyd's-backed wallet-protection products like Coincover work because they pair insurance with a key-recovery technology layer; the insurance alone cannot reconstruct what the user lost.
Market price decline. No crypto insurance policy covers price moves. A 50% decline in the dollar value of holdings is not a covered event under any custody, exchange, or DeFi mutual policy currently in market.
Exchange counterparty failure. This is the lesson FTX customers learned in November 2022. When an exchange becomes insolvent through commingling, lending, or fraud, the residual recovery process is bankruptcy court, not insurance. SIPC does not cover crypto because crypto is not always classed as a security; FDIC does not cover crypto because exchanges are not deposit-taking banks. Customer balances were not the insured party on any policy FTX entities held.
The result is that the typical retail loss scenario (compromised credentials, lost seed, exchange collapse) falls outside every standard insurance contract. The relevant mitigations are operational: cold storage for balances the user cannot afford to lose, multi-exchange diversification, and the custodial versus self-custody decision made deliberately.
How do SAFU funds and exchange-side guarantees compare to real insurance?
SAFU funds and exchange-side reserves are not insurance contracts; they are exchange-funded pools that the exchange chooses whether and how to deploy. The amounts are public and the intent is reassurance, but the legal structure gives users no enforceable claim. The structural difference between a reserve and a policy determines what users can rely on.
Binance's Secure Asset Fund for Users, established in July 2018, sits at approximately $1 billion in roughly 15,000 BTC after the February 2026 conversion of the fund's stablecoin reserves into bitcoin (source: Binance Academy on SAFU). Binance has committed to replenish the fund if the value falls below $800 million (source: CoinDesk on Binance $1B SAFU conversion). The fund was originally seeded with a percentage of trading fees and has been deployed historically to make users whole after specific incidents at Binance's discretion.
Other exchange reserves follow comparable patterns. Bitget operates a Protection Fund established in 2022 with a $300 million floor commitment, with monthly published valuations running materially above that floor in 2025. Crypto.com's $750 million figure references underwritten insurance, not a reserve; the distinction matters because insurance is a third-party contract while a reserve is an internal commitment.
The contractual difference is the core point. An underwritten policy gives the insured party an enforceable claim against the underwriter, with defined coverage terms and an external dispute process. A reserve fund sits inside the exchange and is paid out at the operator's discretion based on the operator's reading of the incident. Operators have strong commercial reasons to honor reserve commitments, but the legal mechanism differs from a policy contract.
Both mechanisms serve a purpose; neither substitutes for the other. A well-run platform may carry underwritten custody insurance for cold-storage exposure, maintain a user-protection reserve for goodwill payouts after incidents, and publish proof of reserves on a known cadence. The user evaluating platform risk benefits from looking at all three rather than any single signal.
What can retail users actually insure today?
Retail users can buy almost no direct underwritten coverage in 2026; the realistic options are a Lloyd's-backed wallet-protection product bundled into specific consumer wallets, DeFi mutual cover for on-chain protocol risk through Nexus Mutual, and operational mitigations that reduce the events insurance would have covered. Self-custody removes the question entirely for the balances under user control.
Lloyd's-backed wallet-protection products. Coincover-powered features inside selected non-custodial wallets bundle Atrium-led insurance with a recovery-key layer. The retail user does not contract with the underwriter directly; the wallet operator does, and the coverage attaches to specific failure modes inside the wallet product.
Nexus Mutual on-chain cover. Retail users with on-chain holdings in covered DeFi protocols can buy cover directly through Nexus Mutual. The mutual model uses NXM token-holding members to assess and pay claims, with active product lines for smart-contract risk, custody failure, depeg events, and yield-token exposure. The first payout in February 2020 for the bZx flash-loan exploit established that the mutual model can settle claims on contested events; later cycles have processed claims across multiple DeFi incidents.
Operational mitigations that act like coverage. Cold storage via a hardware-wallet setup removes hot-wallet exchange risk for the protected balance. Multi-signature or MPC custody removes single-point-of-failure risk. Holding across multiple exchanges caps any single counterparty exposure. The self-custody alternative is the structural answer for balances the user cannot afford to lose.
From Blofin's operational perspective, underwritten custody insurance is structured around third-party theft of assets in segregated custody and is sized to a portion of total exposure rather than full coverage; policies place specific obligations on the custodian to maintain controls that the insurer audits at renewal. Insurance does not cover phishing-driven account compromises, market price moves, or losses arising from credentials the user controls, which is why platform-side coverage and user-side custody discipline have to work together rather than substitute for each other.
How can a user evaluate a crypto insurance offering before relying on it?
Evaluating a crypto insurance offering means reading the contract structure rather than the marketing badge. The four practical questions are: who is the named insured, what events trigger payout, what are the explicit exclusions, and what is the policy limit relative to the platform's total exposure. The answers separate a meaningful protection from a label.
The walkthrough has four steps that apply to any custody or exchange insurance claim a platform makes publicly.
Step 1: Identify the named insured. Read the underlying policy disclosure or the platform's statement carefully. Almost universally, the named insured is the platform or custodian, not the customer. If the marketing implies user-level coverage, that is the first claim to verify against the actual policy text.
Step 2: Map the covered events. Common covered events include third-party theft, employee dishonesty, physical destruction of cold-storage media, and named cyber incidents. Common exclusions include phishing, SIM swap, market price decline, exchange counterparty failure, lost user credentials, and protocol-level smart-contract risk for the custodian's hot wallets.
Step 3: Compare the policy limit to total exposure. A $500 million limit on a $50 billion custody book is 1% of headline exposure. The limit number alone is not informative; the ratio to assets under custody, and the sub-limits per event, give a more honest picture. Public disclosures of the ratio are rare; cautious users assume the published limit is a fraction.
Step 4: Check the underwriter and the renewal cadence. Lloyd's syndicates publish their financial strength independently, so a named syndicate like Arch or Atrium can be cross-referenced against AM Best or Lloyd's market ratings. An unnamed "panel of insurers" is weaker, because the user cannot verify who carries the risk. Annual renewal is the standard cadence; the crypto wallet glossary covers related terminology.
Hands-on evaluation is rare in retail practice. Most users rely on the platform's published summary and assume the insurance makes them whole. That assumption is the gap this article exists to close: read the structure, not the badge.
Frequently asked questions
Is my crypto insured if I keep it on an exchange?
Not directly. Exchange-held assets may be covered by a policy that names the exchange as the insured party, which means the exchange would receive any payout and choose how to apply it to user accounts after a covered loss. The retail user has no direct claim against the underwriter, and exclusions for account compromise via the user's own credentials are universal.
Does FDIC or SIPC cover cryptocurrency?
No. FDIC insurance applies to bank deposits at FDIC-member institutions, and SIPC insurance applies to securities held at SIPC-member brokerages. Cryptocurrency held at an exchange is neither a bank deposit nor in most cases classified as a security, so neither program extends coverage. Cash balances held at an exchange in pass-through FDIC arrangements may be covered, but the crypto balances are not.
Can I buy personal insurance for my self-custody wallet?
Direct retail policies for self-custody are extremely limited. Coincover-powered wallet-protection products embedded in specific consumer wallets are the closest available option in 2026; the user does not contract with the Lloyd's underwriter directly but benefits from coverage attached to the wallet provider. Nexus Mutual on-chain cover protects against named smart-contract and protocol risks, not against the user losing their own seed phrase.
What is the difference between SAFU and Lloyd's-backed insurance?
SAFU is a Binance-funded reserve that the exchange chooses whether and how to deploy after an incident; Lloyd's-backed insurance is a third-party contract that pays out covered losses to the named insured under defined terms. The reserve gives no enforceable claim; the policy does, though to the platform rather than to the user. Both can coexist on the same platform, and neither replaces the other.
How do I file a claim if a covered exchange is hacked?
The retail user generally cannot file a claim directly. The exchange or custodian as the named insured files with their underwriter, the underwriter assesses the loss against the policy terms, and the payout flows to the exchange. Whether the exchange then credits user accounts depends on the exchange's policy and the size of the loss relative to its reserves and policy limit. User-side action is limited to documenting the incident, preserving login records, and following the exchange's published incident process.
Researched and written by the Blofin Academy editorial team with AI-assisted drafting. Primary sources include the Lloyd's of London press release on the Atrium-led Coincover hot-wallet policy, Crypto.com's announcement of its $750 million insurance expansion led by Arch Underwriting at Lloyd's Syndicate 2012, the Binance Academy glossary entry on the Secure Asset Fund for Users, contemporaneous CoinDesk reporting on the February 2026 SAFU conversion to bitcoin, the Nexus Mutual homepage and claims-history documentation, and Hunton Andrews Kurth's published analysis of how companies and consumers approach crypto-asset insurance. All facts independently verified against cited documentation current as of May 2026.
This article is for informational purposes only and does not constitute financial advice, investment guidance, or a recommendation to buy, sell, or hold any digital asset. Cryptocurrency markets involve significant risk and you should conduct your own research and consult qualified professionals before making investment decisions. Blofin Academy content reflects the state of public information at time of publication; protocol parameters, fees, and ecosystem data change frequently.