The limits of crypto asset insurability
© dpa Picture Alliance / AA/ABACA

The limits of crypto asset insurability

Munich Re is one of the world’s leading providers of reinsurance, primary insurance and insurance-related risk solutions. The corporate group consists of the reinsurance and ERGO business segments, together with the capital investment company, MEAG. The Group operates in all lines of insurance. Ever since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its particularly sound financial position. It also offers its clients financial protection when faced with extraordinarily high levels of damage – from the 1906 earthquake in San Francisco right through to the series of Atlantic hurricanes that occurred in 2017. Munich Re possesses outstanding innovative strength, which enables it to also provide cover for extraordinary risks such as rocket launches, renewable energies, cyber attacks or pandemics. The company is playing a key role in driving forward the digital transformation within its industry and in doing so is increasing its ability to assess risks and expanding upon the range of services that it offers. Its tailor-made solutions and close proximity to its clients make Munich Re one of the world’s most sought-after risk partners for the economy, institutions and private individuals.

Over the last 18 months, digital assets worth more than US$ 3bn were stolen by hackers by means of private key theft, spoofing, and compromised credentials. Recently, Binance, the largest cryptocurrency exchange in the world lost $40 Million in bitcoin due to an insecure hot wallet and compromised API credentials.

This high frequency of successful attacks documents the high exposure on digital assets and leads to an increased demand for insurance solutions. The Munich Re Group has set up an expert group of highly skilled Cryptographic Experts, Cyber Security Auditors, Business Development Managers and experienced Senior Underwriters to address the question of insurability.

One of the biggest concerns in this area is the lack of experience and digital maturity of the many start-ups that enter the field of digital assets. Given the exposure and high number incidents, cryptocurrency exchange points remain very difficult to insure. In most cases, a risk-appropriate premium would eliminate the profitability of the business model.

On the other hand, the significant risk associated with the digital assets has brought about the development of new and impressive security solutions concepts to secure the most critical piece: the private key of the digital wallets.

There are two core problems associated with managing the private key when it comes to generating and saving it: 1) The key can be stolen; 2) It can be forgotten. However, the solutions to deal with forgetting keys (e.g. a backup) create additional attack vectors for cyber criminals. Solutions to make the key more secure against hacking (e.g. a key split) increase the risk of losing the asset by losing the key (or a part of the key). The latest research estimate is that between 17% to 23% of existing bitcoins are unavailable because the private key was lost. Theoretically this is worth around US$ 25bn. 

Nowadays there are a few start-ups and security companies that have fully understood the risks of digital asset storage and developed strong cryptographic mechanisms, such as multi-party computation (MPC), to tackle known problems. Those start-ups that also have the right level of maturity, state-of-the-art cyber security technology, a world-class general information security management system (ISMS) and a trusted anchor for their business model are about to reach the insurability threshold.

Munich Re worked for almost two years together with Curv Ltd., which is a start-up based in New York City with offices in Tel Aviv. Curv Ltd. was incorporated in 2018 and belongs to the Portfolio of the cyber security VC Team8. After two intensive years of cooperation and security audits, Curv has become the first insured in the field of digital assets of the world’s biggest reinsurer. 

Digital assets will remain a complex risk and require the highest level of technical expertise and underwriting. But while the number of cryptocurrencies are increasing, some elements are slowly becoming insurable.

Japan:

Japan is known as one of the most crypto-advanced countries, having legalized cryptocurrency as a means of payment in April 2017. Cryptocurrency exchange regulations in Japan are progressive as the Japanese regulators are preparing a handbook highlighting measures to prevent the outflow of virtual currency, which will be presented in G20 summit in June 2019. Exchanges are legal in Japan. There were two major cryptocurrency exchanges in Japan that were hacked in 2018: Coincheck in January and Zaif in September. Post the incident, Japan’s Financial Services Agency (FSA) has stepped up efforts to regulate trading and exchanges. 

India: 

The cryptocurrency community in India has been increasingly pushed to a wall since July 2018, when the central bank forbade banks from doing any business relationship with virtual currencies. Since then, the business has been severely affected and many crypto exchanges such as Zebpay, once India’s largest, have shifted out of India. Cryptocurrencies are not legal tender in India, and while exchanges are legal, the government has made it very difficult for them to operate.

China: 

Cryptocurrency exchanges are under a blanket ban in China, however workarounds are possible to use foreign platforms and websites which China’s internet firewall doesn’t catch. China is estimated to be home to around 70% of cryptocurrency mining. Despite the near-comprehensive prohibition on crypto trading and related services, the law in China currently still permits crypto mining activities, although there are signs that this could change soon. As per the recent results, China’s top 5 Cryptocurrency are eos, tron, ether, steem and ontology.

South Korea: 

Cryptocurrencies are not considered legal tender and exchanges, while legal, are part of a closely-monitored regulatory system. Cryptocurrency exchange regulations in South Korea are strict and involve government registration and other measures overseen by the South Korean Financial Supervisory Service (FSS). A number of South Korean cryptocurrency exchanges have been forced to update their terms and conditions to accept liability for potential hacks and service issues. It includes Bithumb, one of the local crypto exchanges that was hacked twice in 2018. 
Cryptocurrencies in Southeast Asia

Our experts
Rolf Heintzeler
Rolf Heintzeler
Head of Cyber Asia-Pacific/ Africa
Andreas Schmitt
Andreas Schmitt
Head of Cyber Asia
Ankur Gupta
Ankur Gupta
Head of Client Management
Munich Re India