The FTX crypto exchange (and over 130 affiliates) has filed for bankruptcy in Delaware. FTX was recently valued at $32 billion, and now it appears to be worth $0. The bankruptcy petition listed at least $10 billion in liabilities.
The rapid unwinding of the world’s second largest crypto trading platform this week may have been a solvency crisis, or it may have been a liquidity crisis (or one turned into the other, or both!). And most of its in-house lawyers and compliance staff abruptly resigned three days ago. As a crypto exchange that offered futures and other leveraged transactions to investors, it rehypothecated assets (tokens) to create leverage that its customers wanted. The death spiral of FTX raises many good questions about coin safekeeping and crypto insurance.
When people talk about stocks or cash, we rarely focus on conservation. Either the cash is in our pocket or it’s in a bank safe (maybe it’s locked in a safe at your house or under the mattress). The cash is either somewhere you can easily get your hands on it, or it’s in a physically secure (and highly regulated) financial institution. If it’s in a bank, it’s insured by the FDIC up to $250,000. And SIPC provides insurance for cash and some securities in trading accounts with regulated brokers. Likewise, your experience with buying and selling shares is usually by calling a regulated broker or trading them through an online broker (also regulated); but rarely deal with the physical share certificates. Instead, for nearly fifty years, the tracking of share ownership and the safekeeping of share certificates is mostly done by the Depository Trust Company (owned by the Depository Trust and Clearing Company), and Cede & Company is the leading custodian nominee and keeper of record for securities. Almost all corporate, stock, money market securities and freely tradable public company securities in the US are recorded and settled there.
This is not the case with cryptocurrency. None of this applies to tokens.
If your home is broken into and cash is stolen, your homeowner’s insurance policy usually offers some relatively low coverage limits. Securing cash – by its very nature – leads to a lot of moral hazard. Similarly, a business owner’s property policy may have limited coverage of cash, checks, and securities. It may also have $1,000 of coverage for the good faith acceptance of counterfeit currency. But if a customer walks away with the cash register or a burglar destroys a safe, they may take more than the insurance covers. Many businesses therefore purchase a separate crime policy to protect against the loss of cash and securities within their building, as well as when an employee runs a bank to drop off the cash deposits.
But this is not the case with cryptocurrency either. Few people think about insuring their own cryptocurrency assets, perhaps wrongly assuming that the exchange or custodian they use offers insurance against hacks.
Because crypto hacks happen. A month ago, it was reported that $570 million worth of Binance’s BNB token was stolen. Binance is the largest crypto exchange, by volume, in the world. Imagine if 2 million shares on the New York Stock Exchange, worth more than half a billion dollars, just evaporated off the floor of the exchange on a random Thursday? Well. . . they wouldn’t. Because the NYSE is just an exchange and not a custodian. The stocks being traded aren’t actually on the floor at the New York Stock Exchange, and the guys being yelled at on television on the stock exchange floor don’t have a stack of physical stock certificates with them. Custody of shares and tracking of ownership is mostly with the Custodial Trust Company.
Structurally, why is there a difference? There are a few reasons. In no particular order:
- Cryptocurrencies and methods of trading them (exchanges, brokers, etc.) are still relatively new. Their employees haven’t been going to industry security meetings and conferences sharing information on how to prevent thieves since the days of Jesse James.
- The regulatory environment – which can be synergistic for protecting clients and custodians – for cryptocurrencies and exchanges is still a bit like the Wild West.
- The nature of many cryptocurrencies is that they share some characteristics with other bearer financial instruments (such as lottery tickets, casino chips, physical cash or gold and silver). Just try to buy something with a certified share of General Electric common stock. It is much easier to buy something with a Bitcoin or BNB token. (But I doubt anyone is taking FTX’s FTT token today).
Which brings us back to insurance. We have seen time and time again that when the origination of risk is separated from the retention of risk, underwriting standards tend to fall. This happened with Lloyd’s of London’s (commonly mistaken for an insurance company, but it’s really an insurance exchange) near collapse in 1991-1992. This occurred with “origin to spread” overpayments with mortgage-backed securities and collateralized debt obligations that fueled the global financial crisis in 2007-2010. This is the reason why reinsurers insist on a right to information or to audits of the cedants.
In the cryptocurrency world, the exchanges were typically also the custodians of the assets. Coinbase is a good example. But other exchanges are structured to facilitate more expansive trading (with leverage and futures), keeping crypto assets held elsewhere. That separation of the origination of risk (taking customers’ dollars in exchange for tokens) from the retention of risk (where the tokens are stored, and what do you do when the customer comes back and wants to deposit their tokens or coins for dollars) creates a situation where there are incentives for the security of the coins to deteriorate.
Anyone with a significant amount of cryptocurrency needs to understand who has the coins, and whether the wallet is secured. Some exchanges are also custodians, and some are not. Some are fully insured, others self-insured, and some have no insurance to cover the theft of your coins.
Some of the bigger name platforms (Coinbase, Bitstamp) reportedly have crime policies with limits in excess of a quarter of a billion dollars, insured by Lloyd’s and other major insurers. Binance reportedly earmarks a percentage of all trading fees into a self-insurance fund, which it says is now worth more than $1 billion. Question if this is a remote bankruptcy though?
FTX US’s website indicates that it has a crime policy from Aon with limits of $7.5 million. That seems low for a company that was worth $32 billion a few weeks ago. But the important fact is that the policy is for tokens in warm or hot wallets. For most assets stored in cold wallets, it relies on BitGo to provide safekeeping and insurance. And BitGo appears to have insurance from a syndicate of major London market Lloyd’s and European insurers. With 9 figure limits.
Not many companies write insurance for crypto traders and investors to buy to protect themselves. One that does is Breach Insurance. It claims its “Crypto Shield” is the first insurance designed for crypto investors, rather than exchanges and other businesses that handle crypto assets. It is not available in every state, and is limited to tokens on certain exchanges. It does not cover tokens held in third-party wallets. It therefore avoids the risk explained above. And policies range from $2,000 to $1 million in coins. Coincover also offers coverage to individual merchants and wallets, with a product designed to cover theft through various methods (hacking, security breach at the exchange, employee theft, etc.) and is backed by Lloyd’s.
If you are a trader with $10,000 in Dogecoin held by one major exchange, there is probably an insurance policy off the shelf. If you are an institutional investor, a fund, or a business that accepts tokens as payment, and you have $100,000 or $1 million or more spread across multiple wallets and possibly multiple platforms, you will likely have different needs. The insurance decisions will vary due to the different tokens, where they are stored, how they are stored and who your counterparties are.
The token insurance market continues to evolve. On the one hand, you focus more on regulation. On the other hand, there are millions of dollars in losses every day. Some losses are considered hacking. Others – like last month’s $100 million loss on Solana-based Mango Markets – can be described as a fair exploitation of the rules (many people still call it “hacking”). Securing your Mango tokens will likely be difficult. And there is always old fashioned mitigation; maintaining tight control of passwords and privacy keys and distributing tokens across multiple wallets on different platforms to keep all your eggs in different baskets.