In April 2018, cryptocurrency advocate and investor Matthew Mellon died without leaving behind the “key” to his digital assets. In the world of cryptocurrencies, a key is a long alphanumeric string that confers access to the assets, in this case a cryptocurrency called XRP from a company called Ripple. Reportedly purchased for $2 million, the assets were valued at $500 million at the time of Mellon’s death.

That same year, Gerry Cotten, founder and CEO of Quadriga CX, a Vancouver-based cryptocurrency exchange platform, reportedly died, taking with him access to an encrypted computer containing the keys to an estimated $250 million in digital assets. As customers sued to recover their assets, there has been rampant speculation that Cotten may have faked his death.

In both cases, the lost assets remain unrecovered. In fact, it has been estimated that the keys to between 17% and 23% of all bitcoins have been permanently lost, effectively putting those assets out of reach forever. Bitcoin is the most well-known and established of the cryptocurrencies, but there are more than a thousand others.

Plenty of Risk

Plenty of people have made money investing in digital assets, and as the sector has matured, best practices have emerged. But risks remain, whether you are holding keys yourself or using a third-party platform.

“You could be holding those keys in the form of a hardware wallet, which is actually like a piece of hardware. You can hold them in the form of file on your computer. You can hold them in the form of words written down on paper,” said Andy Bromberg, cofounder and president of CoinList, a platform for managing digital asset sales.

“There’s a whole bunch of ways you can hold them. Obviously, all of those would come with their own risks.”

Cyber threats, including ransomware attacks, can be a major risk, depending on how the keys are stored.

“Cold storage is crypto that’s held offline, and hot storage is crypto that’s accessible,” explained Garret Koehn, regional director, Western U.S. for CRC Insurance Group.

Other risks stem from complicated user interfaces. “There’s not a great user experience built around them,” Bromberg said. “It’s easy to fat-finger something or do something else and have your crypto gone forever.”

Each time a digital asset is bought, sold or moved, there is a chance for something to go wrong. Cryptocurrencies can also fork, a process not unlike a stock split, which can also increase the potential for costly user error.

“Often, the exchange you’re using will choose to support one or the other, but not both,” Koehn said. “If you want to maintain the value of the fork, you have to open up another wallet and that starts to become cumbersome, as well. You risk potentially losing the value in those forks.”

Garret Koehn, regional director, Western U.S., CRC Insurance Group

Third-party platforms with better security can eliminate some of those risks, but they do involve counterparty risk. Many keys in one place is an attractive target for hackers.

Cryptocurrencies can be subject to extreme and often unexplainable price volatility, and liquidity can be another concern, especially for smaller or newer cryptocurrencies, where a single high-volume trade can have a big impact on valuation.

There have been multiple cases of “pump and dump” schemes and even cases where an entire currency was essentially a market manipulation scheme.

“They’ll build a following, they’ll start writing articles, and the day they go live, next thing you know, they have raised $1 million in 30 minutes,” said Kashif Khan, a vice president with Genpact in Chicago. “Then a month later, they’re gone.”

Embracing Regulation

Other risks include the potentially fluid regulatory environment that goes along with such a young and disruptive sector and can contribute to volatility. And contrary to conventional wisdom, digital assets are regulated.

“When people speak broadly about crypto and say, ‘Oh, it’s being used by drug traffickers and they’re hiding their money and bitcoin is really bad for that.’ The exact opposite is actually true,” Koehn said. “It’s more traceable and trackable than anything we have today.”

Bromberg agreed: “Crypto is fairly highly regulated right now. There’s not a lot of regulations specifically targeting crypto, but there’s a lot of regulation that applies to crypto. There is certainly regulatory risk in that if a country banned crypto, that could have an impact on price, but I think holistically, it’s actually pretty aggressively regulated right now. And I think that’s, net, a good thing for the space.”

While there was a time when the lack of regulation was part of what attracted some to invest in cryptocurrencies, the bigger players in the area are increasingly seeing the benefits of embracing regulation, not the least of which is increased insurability.

“Some of the big custodians have sought out relevant regulators at both state and federal levels,” said Jacob Decker, vice president and director of financial institutions at Woodruff Sawyer.

“Those who are identifying regulators, reaching out and working with them, have a much more favorable experience obtaining insurance than those who are looking for the lowest regulatory burden possible,” he said.

Insurance for Crypto?

Most cryptocurrency risks are effectively uninsurable for individual holders, apart from the nominal coverage that may be included in a homeowners or umbrella policy.

“Most homeowners’ policies provide a small amount of coverage for money, between $200 and $5,000 depending on the contract,” said Kurt Thoennessen, vice president and personal risk advisor at Ericson Insurance Advisors. “It’s minimal, because the policy is not designed to cover currency.”

But even that may not apply.

Kashif Khan, vice president, Genpact

“The homeowner’s policy does not mention cryptocurrency in the covered property sections, it refers to money, bank notes, bullion, gold, silver, platinum, coins, medals, scrip, stored value cards and smart cards,” said Thoennessen.

“However, it also does not exclude coverage for cryptocurrency. I suspect the homeowners contract language will be updated as cryptocurrency becomes mainstream to eliminate any ambiguities about the policy’s intent with regard to coverage.”

“There’s a discussion among the carriers and the carrier representatives and the agents and wealth managers as to, ‘Is there a feasibility to put together a product to insure cryptocurrencies?’” Khan said. “And the short answer is, ‘no.’ They are not prepared to have a product that’s going to insure cryptocurrency.”

Khan cites inadequate regulations, historical data and understanding of the causes of the extreme price volatility. “Insurers and actuaries and the actuarial departments are struggling to come up with a pricing model to ensure a commodity that’s so volatile.”

But some of the more-established third-party platforms are obtaining coverage.

“Coinbase is insuring about 2 or 3% of its balance with Lloyd’s of London,” said Khan. “And that’s how much risk they’re willing to take on.”

According to Decker, this is not entirely new. “There’s always been some level of insurability,” although he points out the pricing has reflected the high level of uncertainty and was probably accompanied by various exclusions and risk retention.

“It doesn’t mean that they’re not trying to put terms out and those terms aren’t being considered,” he added. “It just may mean that the gap is too wide for those deals to be happening on a regular basis.”

One key to putting such coverages together has been spreading the risk.

“In this industry, if it’s a buyer looking for a relatively large limit of insurance for some particular type of risk, I generally have to build it in much smaller pieces,” Decker said.

Some types of coverage are easier than others. “Different coverages come into play here,” Koehn said. “The big ones are: D&O has been difficult to do, depending on the type of company. E&O for blockchain is pretty easy to do, people aren’t scared of that. Crime is hard to do for hot storage. People can do cold storage. Errors and omissions, we can do typically successfully, generally. D&O for the ICOs [Initial Coin Offerings] is still difficult.”

Getting Up to Speed

Not surprisingly, the landscape is quickly changing.

Jacob Decker, vice president and director, financial institutions, Woodruff Sawyer

“Some very smart people are spending a lot of time trying to get up to speed to be in a position to write more business in this space,” Decker said. “And it’s evolving relatively quickly. There are more and more of these policies being placed all the time.”

Those looking to invest in cryptocurrencies can mitigate some of the risk, starting with which ones they buy.

“Don’t invest in coins that are outside of North America,” advised Khan. “You’ll see a lot of these pitches posing as American or Canadian, but they’re actually out of Russia or China or other countries. You want to stay away from that.”

Decker recommends hiring professionals.

“If it’s something that is not your core competency, my recommendation is to find an appropriate vendor or counterparty for which it is,” Decker said. “If … you’re not an expert in securing digital assets, hire a specialist who has the resources and the expertise to do it. Doing it yourself, to me, seems unnecessarily risky.”

Such assistance should be selected carefully. “Look for platforms that have been around for a while, have prominent investors that have been covered in the media, all the signals of a good, reputable business in the first place,” Bromberg said. “It’s the absence of those things that would make me concerned.”

Koehn agreed. “If you’re sticking to some of the big-name companies … they’ve got systems and models that are fairly normal that allow you to get into your account if you get locked out,” he said.

Finally, it may make sense to give special consideration to custodians or trading platforms that are insured. In addition to the coverage itself, insurance comes with the peace of mind that the platform has satisfied the insurers’ due diligence, which is probably more rigorous than what most individuals can achieve. &