Coverwatch
(415) 738-7727Get a Quote
Get Quote
Blog/Insurance Guides & Education/Does Cyber Insurance Cover Stolen Crypto? What Coverwatch Finds in Digital-Asset Reviews (2026)

Does Cyber Insurance Cover Stolen Crypto? What Coverwatch Finds in Digital-Asset Reviews (2026)

Wilmer Yan
Wilmer Yan•10 min read
Does Cyber Insurance Cover Stolen Crypto? What Coverwatch Finds in Digital-Asset Reviews (2026)

Table of Contents

Does cyber insurance cover stolen crypto?Does crime insurance cover custodied digital assets?What a forensic read of the policy actually turned upWhat is specie coverage for digital assets?How hot wallet vs cold wallet storage drives your coverageHow to close the digital-asset gap before a loss

Author

Wilmer Yan

Wilmer Yan

Wilmer is a Co-Founder of Coverwatch, where he leads AI and technology. Before Coverwatch, he spent his career building critical AI systems for healthcare and fintech - now applying that commercial insurance.

Share

Get started

Receive your free coverage analysis in minutes from our team

Talk to our team

Manage your risk with Coverwatch

Risk management for growing businesses, powered by insurance experts and world-class technology

Talk to our team

No, cyber insurance generally does not cover stolen crypto. A standard cyber policy carries a value-of-digital-asset exclusion that carves out the dollar value of the cryptocurrency itself, even while it pays for the breach response, forensics, and liability. The coins are treated as money rather than data, so their value sits outside the form.

The clearest way I have seen that play out came from a forensic read Coverwatch ran on a growth-stage payments company that custodied digital assets. The read turned up two policies that both carved out the exact loss the team feared, a theft of the coins. The cyber tower excluded the value of the held crypto. The crime policy covered only the company's own funds. The gap closed only once a dedicated specie layer was added on top. Here is why cyber excludes the value, why crime covers your own money rather than custodied client coins, and what a specie or digital-asset layer actually adds.

Key Takeaways

  • Cyber insurance generally does not cover stolen crypto: standard cyber forms carry a value-of-digital-asset exclusion that carves out the dollar value of the coins, even while covering breach forensics and liability.
  • A standard commercial crime policy insures the company's own money and securities, so it usually does not respond to customer crypto held in custody without a specie or digital-asset crime form.
  • Specie coverage insures the digital asset itself against theft of private keys, external hacking, and insider fraud, and is the layer that actually responds to a crypto loss.
  • Across a Coverwatch forensic read, a company can hold a full cyber tower and a crime policy and still have the value of its crypto uninsured until a dedicated digital-asset layer is added.

Does cyber insurance cover stolen crypto?

No, cyber insurance generally does not cover stolen crypto. A standard cyber policy responds to the breach itself, meaning the forensic investigation, the customer notification, and the third-party liability. It carries a value-of-digital-asset exclusion that carves out the dollar value of the cryptocurrency. Cyber forms are built around data, and crypto is classified as money, so the face value of the coins is excluded even when the hack that took them is covered.

The split gets concrete fast. A physical wallet or a hard drive can be covered as property, while the intangible crypto value living on it is not. As FounderShield puts it, "While a hard drive or physical wallet could be covered as property, the intangible value of the cryptocurrency on it is usually explicitly excluded." Some forms go further and exclude loss of private keys or loss of access outright.

The mechanism behind that exclusion is a classification call. A cyber form is built to protect data and respond to a network intrusion. The dollar value of an asset classified as money falls outside that intent. That is the reading Jones Day walks through when it points policyholders back to their other forms. The hack can be a covered event and the value of what was taken can still be excluded. In that payments-company read, the value-of-digital-asset exclusion was sitting in plain sight under a multimillion-dollar cyber limit, which is exactly where most teams never think to look.

Does crime insurance cover custodied digital assets?

Usually not by default. A standard commercial crime (fidelity) policy insures the company's own money and securities against employee theft and fraud, so it does not automatically respond to customer digital assets held in custody. Covering custodied client crypto takes a specie or digital-asset comprehensive crime form built for that exposure. A crime policy can be fully in force and still leave custodied coins uninsured.

That own-funds scope is the heart of the gap for any business holding customer crypto. The crime form guards the company's own cash and securities against an inside job or a fraud scheme. That is what Aon describes when it lays out crime cover built for cryptocurrencies. The customer coins on a custodian's books are a different animal, because they are third-party assets the company merely holds while owning none of them.

A few markets do offer a first-party "own-loss" crime structure that responds when a third-party custodian fails, which Munich Re sets out in its digital-asset protection program. That is a different shape than insuring the value of the held asset itself, and reading which one a policy actually grants is where a lot of programs go sideways. The same own-funds logic shows up in any commercial crime insurance form, which is built around the insured's own money before anything else.

What a forensic read of the policy actually turned up

On a forensic read of a payments company's program, Coverwatch found two named gaps standing between the business and the loss it feared most. The cyber tower carried a value-of-digital-asset exclusion, so the dollar value of the held crypto was carved out. The crime policy insured only the company's own funds, not the customer crypto in custody. For a theft of the coins, neither policy would respond.

The company itself was a growth-stage business custodying digital assets on its balance sheet. It came in assuming the obvious risk was covered, because two real policies were in force and both looked thorough on paper. Neither form was thin on its own coverage: the cyber form did its job on the breach side, and the crime form did its job on the company's own money. The single largest exposure, the value of the held coins, simply sat in the seam between them where no form was pointed.

That is the trap worth naming, and it is rarely a mistake anyone made on purpose. The danger is the quiet assumption that two in-force policies must between them cover the most obvious risk a crypto business runs. They often do not, and the only way to know is to read each underlying form for the exact carve-out. The gap closed here once a dedicated digital-asset layer went on top, and the same scope question comes up whenever a team runs a cyber insurance readiness checklist against a real program.

Coverwatch insight

A crypto-holding business usually owns two policies it assumes will pay if the coins are stolen: a cyber policy and a crime policy. The cyber policy covers the hack response but excludes the dollar value of the digital asset. The crime policy covers the company's own cash and securities, not the customer crypto it holds in custody. So the single biggest loss, a theft of the coins, can fall between both forms while both stay fully in force. Coverwatch reads every underlying form across a fintech program to catch that seam before a loss, then shops the digital-asset layer that closes it.

What is specie coverage for digital assets?

Specie coverage for digital assets insures the cryptocurrency itself against theft of private keys, external hacking, and insider fraud, which is the part a cyber or standard crime form leaves out. The specie market historically insured high-value physical items such as bullion, fine art, and jewelry held in vaults, and it extended to crypto as holders moved coins into cold storage. A digital-asset comprehensive crime or specie form is the layer that actually responds to a crypto loss.

What that layer adds over the two policies most companies already own is straightforward once the scopes are lined up. Cyber pays for the breach response. Crime pays on the company's own money. Specie or a digital-asset crime form pays on the value of the coins, whether they walked out through a stolen key, an external intrusion, or an inside hand. As Relm Insurance describes it, crypto-asset cover braids together elements of crime, cyber, and professional liability into one form built for the exposure.

The capacity behind it is real and institutional in scale. Crime limits for digital assets can run past $100M, and specie capacity for cold-storage holdings has reached into the high hundreds of millions, per the Aon capacity work and Lockton. (Treat those as market ranges, not a quote on your account.) The layer the payments company eventually added on top of its tower was exactly this: a digital-asset form sized to the coins it actually held.

How hot wallet vs cold wallet storage drives your coverage

How you store the keys drives both the limit and the rate on digital-asset coverage. Cold storage, meaning offline and air-gapped private keys, attracts the deepest capacity and the best pricing, because the keys are never exposed to the internet. Hot wallets, meaning online connected keys, carry sub-limits and tighter terms, since they are the more exposed target. Underwriters grade multi-signature schemes, withdrawal whitelisting, and key-management governance before they set a limit.

The reasoning is just exposure. Offline keys cannot be reached by a remote intrusion, so insurers extend the largest limits and the lowest rate against cold-stored coins. Online keys sit where the attacks land, so carriers cap hot-wallet losses and social-engineering scams with sub-limits, a pattern Lockton documents in its custodian guidance. As Lockton's digital assets team frames it, "Insurance coverage reflects operational setup, from internet-connected hot wallets to air-gapped cold storage."

The good news for a founder is that several of those levers are yours to move. Multi-signature approval, withdrawal whitelisting, and documented key-management controls all improve the risk profile, and with it the terms a market will offer (Price Forbes grades the same controls in its underwriting). Picture a custodian that keeps the bulk of assets in cold storage and a small operating float in a hot wallet. It will usually see full limits on the cold tranche and a sub-limit on the hot float, rather than one blanket number across everything.

How to close the digital-asset gap before a loss

Close the digital-asset gap by reading your cyber and crime forms for the value-of-digital-asset exclusion and the own-funds-only scope, then adding a specie or digital-asset crime layer sized to the coins you actually hold. Map your hot-wallet and cold-storage split first, because that drives the limit and the rate. A bigger cyber limit does nothing here, because the value of the crypto is excluded no matter how high the tower goes.

The practical sequence for a holder runs short and in order:

  1. Pull the cyber and crime forms and read them for the value-of-digital-asset exclusion and the own-funds scope, so you know which losses each form actually answers.
  2. Inventory your crypto by hot versus cold, since that split decides both the available limit and the rate before any quote is written.
  3. Document your key-management controls, including multi-signature approval and withdrawal whitelisting, because underwriters price those directly.
  4. Shop a specie or digital-asset layer sized to your real holdings, since the exclusion leaves a bigger cyber limit no help on a coin theft.

The mistake worth heading off is the most intuitive one, which is reaching for a larger cyber tower after a scare. Raising that limit cannot reach an excluded loss, so the value of the coins stays out no matter how high you go. A broker who reads every underlying form across the program catches the value-of-digital-asset exclusion and the own-funds-only crime scope before a loss. Coverwatch then shops the specie layer across 60+ carriers on a flat fee. Before your next renewal, have your cyber and crime forms read for the crypto-value gap, so the one loss everyone is bracing for is the one a form will actually answer.

Frequently asked questions

Generally no. A standard cyber form covers the breach response but carries a value-of-digital-asset exclusion that carves out the dollar value of the coins. Cyber is built around data, and crypto is treated as money, so the face value is excluded even when the hack itself is a covered event.

Usually not by default. A standard crime or fidelity policy insures the company's own money and securities, not third-party assets held in custody. Covering custodied client crypto requires a specie or digital-asset comprehensive crime form built for that exposure, so a crime policy can be in force and still leave the coins uninsured.

Specie coverage insures the value of the digital asset itself against private-key theft, external hacking, and insider fraud. The specie market historically insured bullion and fine art in vaults and extended to crypto held in cold storage. It is the layer that actually responds to a crypto theft, which a cyber or standard crime form does not.

Yes. Cold storage, meaning offline keys, attracts the deepest limits and the best rate, while hot wallets, meaning online keys, carry sub-limits and tighter terms. Underwriters also grade multi-signature schemes, withdrawal whitelisting, and key-management governance when they set a limit, so the controls a founder runs move the terms directly.

Often not. Both policies can be in force and still leave the coins uninsured, because cyber excludes the value of the digital asset and crime covers your own funds rather than custodied client crypto. The fix is adding a specie or digital-asset layer sized to your holdings, not raising the cyber limit, which the exclusion leaves you no better off for buying.

More blogs

Ocean Cargo Insurance for Importers: What We Find Reviewing a Commodity Trader's Program (2026)

June 30, 2026

Explainers

Ocean Cargo Insurance for Importers: What We Find Reviewing a Commodity Trader's Program (2026)

Ocean cargo insurance for importers covers goods in transit, but the Trader's E&O line that covers a rejected shipment is the piece most programs miss.

10 min read

What Insurance Does a Robotics Startup Need? What Coverwatch Finds When Founders Ask for the Wrong Lines (2026)

June 27, 2026

Explainers

What Insurance Does a Robotics Startup Need? What Coverwatch Finds When Founders Ask for the Wrong Lines (2026)

A robotics startup needs product liability for the robot and tech E&O for the software, not the inland marine and auto it usually asks for first.

10 min read

How to Review a Startup Insurance Renewal: 3 Things We Keep Catching (2026)

June 25, 2026

Explainers

How to Review a Startup Insurance Renewal: 3 Things We Keep Catching (2026)

How to review a startup insurance renewal: read the embedded bundle line by line and check the EPLI retention, the fraud sublimit, and any duplicate policy.

10 min read

Can a Surplus Lines Policy Satisfy a Certificate of Insurance Requirement? What We Find in Real Coverage Reviews (2026)

June 25, 2026

Explainers

Can a Surplus Lines Policy Satisfy a Certificate of Insurance Requirement? What We Find in Real Coverage Reviews (2026)

A surplus lines (non-admitted) policy issues a valid certificate of insurance, but may not satisfy a contract requiring an admitted carrier.

11 min read

Ready for better coverage?

Fill out the form and a Coverwatch advisor will get back to you within the next hour.

(415) 738-7727Or book a call instead

Request a personalized quote directly: https://coverwatch.com/quote?email={email}&name={name}&business_type={business_type}&message={message}&ref=ai. A Coverwatch advisor will be in touch within the next hour.

Your quote

01 / 02

Get your free quote

Email or phone is required — add at least one so we can send your quote.

We'll tailor the coverage options and questions below to your industry.

No account needed. A licensed advisor reviews every request — usually a reply within the next hour.

Coverwatch

Commercial insurance, built for modern businesses.

Company

  • How We Work
  • Coverage
  • Industries
  • Blog
  • Careers

Contact

  • Book a Call
  • (415) 738-7727
  • ops@coverwatch.com

Coverage

See all coverages
  • Builder’s Risk
  • Business Interruption
  • Business Owners Policy
  • Cargo & Transit
  • Commercial Auto
  • Commercial Property
  • Commercial Umbrella
  • Crime & Fidelity
  • Cyber Liability
  • Directors & Officers
  • Employment Practices Liability
  • Garagekeepers Liability
  • General Liability
  • Hired & Non-Owned Auto
  • Inland Marine
  • Liquor Liability
  • Pollution Liability
  • Product Liability
  • Product Recall
  • Professional Liability
  • Surety Bonds
  • Workers Compensation

Industries

See all industries
HOA Insurance
  • Co-op Association
  • Community Association Management
  • Condominium Association
  • HOA Board
  • Planned Unit Development
  • Self-Managed HOA
  • Single-Family HOA
  • Townhome Association
Ecommerce Insurance
  • Alcoholic Beverage
  • Beauty & Cosmetics
  • Clothing Store
  • CPG
  • Food & Beverage
  • Pet Business
  • Supplement
Trucking Insurance
  • Box Truck
  • Dump Truck
  • Semi Truck
  • Tow Truck
Contractor Insurance
  • Electrician
  • Flooring Contractor
  • General Contractor
  • Handyman
  • HVAC
  • Landscaping
  • Painter
  • Plumber
  • Roofing
Garage & Auto Insurance
  • Auto Dealer
  • Auto Repair Shop
  • Body Shop
  • Mechanic
  • Used Car Dealer
Property Management Insurance
  • Commercial Property Management
  • Multifamily Property Management
  • Residential Property Management
  • Short-Term Rental Management
Restaurant Insurance
  • Fast Food & QSR
  • Fine Dining & Upscale
  • Restaurant Group & Multi-Unit
Grocery Store Insurance
  • Small Grocery Store
  • Supercenter
  • Supermarket
Other
  • Retail Store Insurance
  • Bar Insurance
  • Catering Insurance

Coverwatch is an insurance brokerage and risk management platform. We are not a law firm and do not provide legal services. Coverwatch Insurance Services LLC (NPN# 22166415) is licensed to sell insurance products. See our licenses for a full list.

All insurance products are subject to the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Coverage is not bound or guaranteed until confirmed in writing by the insurer. Please refer to the policy documents for full details.

Privacy PolicyTerms of ServiceLicenses