...
I have 1 extra question:
7 How will you prevent potential abuse of exchange itself buying insurance after the hack but before official announcement?
There can be some different solutions:
1) we can use some KYC service to stop insurance spam
2) we can restrict max insured balance to minimise a potential damage if some of the policies are an abuse
3) we can stop to issue insurance policies after the first minimal signal about hack is received
4) we can discuss with the community another ways to solve this problem
any suggestions?
Another way which would make it harder to abuse would be to put a small delay between the time of purchase and the time the coverage sets in.
Maybe a 24 hour window from the insurance is purchased until a claim can be made. It would give at least give you a chance to spot any anomalies. Perhaps even alert exchange.
Sure it would still be possible to get around but every little bit helps.