If you have spent any time in DeFi, you know the pattern. A protocol offers yield, and that yield comes from incentives, emissions, or some recursive loop that works until it doesn't. When it breaks, it usually breaks fast.
Here’s a clear breakdown of how ONyc works, what stands behind it, and where the real risks sit.
What ONyc is
ONyc is a yield-bearing token on Solana. Its value increases over time as the underlying reinsurance portfolio generates returns, reflected in a compounding NAV.
It represents a proportional share of a regulated, segregated account underwriting short-duration reinsurance contracts, with returns driven by real world premium income, not emissions or subsidies.
Where the yield comes from
Reinsurance is how insurance companies offload risk. When a major insurer underwrites policies covering events like hurricanes, earthquakes, or other catastrophes, they don't retain all of that exposure. A portion is passed to reinsurers, who earn premium income for taking on that risk.
OnRe brings that market to DeFi. The capital backing ONyc is deployed into reinsurance contracts through a Special Purpose Insurer (SPI) regulated by the Bermuda Monetary Authority (BMA). The yield ONyc holders earn comes from those premiums, reflected in a NAV that grows over time.
The portfolio also maintains a collateral pool consisting of stablecoins, cash equivalents, yield-bearing stablecoin positions, and T-bill exposure. These serve a mix of liquidity, risk management, and capital efficiency purposes, with some components generating additional yield alongside the core reinsurance income. Full details are available on our transparency dashboard.
How minting and redemption work
This is probably the part people care about most, so it's worth explaining in some detail.
When you deposit USDC or USDG to mint ONyc, the contract computes how much ONyc you receive using an on-chain pricing formula. It takes the current base price and applies a time-based yield curve, an annual rate compounding in discrete intervals, to arrive at the current NAV. How much ONyc you get is a function of how much you deposited and what the NAV is at that moment. That's it.
There's no off-chain service that decides this number and no external key that signs off on the amount. The program calculates it and enforces it.
We also enforce a maximum supply cap in the minting logic. Every mint operation checks that the new total supply won't exceed the configured cap before it goes through. You can't mint more ONyc than the system allows, regardless of who's calling the instruction.
To exit, you deposit your ONyc back and receive USDC or USDG at the current NAV. Same formula, reversed.
Both open access and institutional access use the same mechanism. The deposit is the mint. No separate step, no queue.
Who controls what
A lot of DeFi exploits come down to the same thing: one key with too much power. We've designed around that.
The mint authority for ONyc is a Program Derived Address (PDA). That's a Solana account that only the smart contract program itself can use. Nobody holds it, it doesn't live in a cloud service, and the only path to minting ONyc is through the program logic. The program enforces the pricing formula and the supply cap on every transaction.
For the things that do require human oversight, like updating the pricing parameters that define the NAV, managing vaults, or changing protocol settings, are protected by multisig approval. Multiple signers have to agree before any change goes through. No single signer can unilaterally update the NAV or move funds from the vault.
Ownership transfers use a two-step process: a proposal and a separate acceptance from the incoming owner. Even if an admin wallet were compromised, it can't silently take over the program.
In addition, there's a kill switch. A set of admin accounts can halt all offer execution immediately. It's checked on every transaction.
Why the collateral can't be drained
Most yield protocols keep their collateral in the smart contract. Vulnerability in the contract, collateral gets extracted. That's the trade-off.
ONyc's collateral doesn't sit in the smart contract. It's held in a regulated, legally segregated insurance account in Bermuda, managed by On Re SAC Ltd. The contract handles minting, redemption, and NAV tracking. It records everything on-chain. But the actual capital is elsewhere, in an account that the contract doesn't control and an attacker can't reach through a contract exploit.
What about the NAV? Can it be manipulated?
The NAV is computed from on-chain pricing vectors stored in the contract: a base price, an annual rate, and a time interval. The contract uses these to calculate the current value at any given moment, and that value is what gates every mint and redemption.
Chainlink publishes NAV data for protocol integrations. Pyth provides market pricing for collateral valuation. But neither of them controls what happens when you mint or redeem. The contract's own pricing logic does. A compromised oracle feed wouldn't affect the mint/redeem price.
The pricing vectors themselves can only be updated through multisig operations. No single account can change them.
So what are the actual risks?
ONyc is not risk-free. The primary risk is underwriting risk.
A severe hurricane season, a large earthquake, a cluster of correlated natural disasters. If payouts exceed the premium income the portfolio generated, the NAV takes a hit. That's called tail risk. It's real, but it's also the kind of risk that's been measured, modeled, and priced by institutional capital for a long time. Our portfolio includes specialty lines like cyber, travel, and marine, plus property catastrophe coverage (Industry Loss Warranties on US and global windstorm and earthquake).
The failure modes that are common in DeFi don’t apply here, and it’s worth to be specific about why. A contract exploit can’t drain the collateral pool because the collateral isn’t in the contract. A compromised key can’t print unbacked tokens because the mint authority isn’t a key held by anyone, anywhere. For things like governance changes and parameter updates, we use multisig controls.
We made these choices early, on purpose.
Verify it yourself
ONyc's reserves, NAV, collateral composition, and yield data are on the OnRe transparency dashboard. The smart contract is open source on GitHub. Capital positions, premiums, and loss ratios are on-chain.
If you're putting capital into a protocol, you should be able to see what's behind it.
https://app.onre.finance/earn/transparency
Disclosure: This content is for informational purposes only and does not constitute an offer to sell or solicitation to buy any securities or digital assets. ONyc may be accessible via decentralized protocols; OnRe does not operate or control secondary markets. Investments involve risk, including potential loss of capital. Redemption through OnRe is limited to qualified investors and may be restricted in certain jurisdictions. See applicable terms for details.
