What did CertiK's CEO say about DeFi security?

Ronghui Gu said attackers now use AI to probe operational and supply-chain weaknesses faster than white-hat budgets can match, calling it "an unfair game" and framing the gap as structural rather than cyclical.

Where are DeFi attackers shifting their focus?

According to CertiK, attackers have moved away from smart-contract bugs and toward operational security lapses and compromised third-party dependencies — gaps that sit outside the audit perimeter.

How does the Arbitrum asset freeze affect hack responses?

Gu warned the legal aftermath could expose white-hat teams to litigation risk when they move seized funds back to victims, potentially chilling future coordinated responses across the industry.

What should DeFi protocols do in response?

CertiK's CEO suggested protocols need to budget for continuous operational monitoring rather than treating a one-time smart-contract audit as sufficient defense against AI-augmented attackers.

🩸BEARISH 46d ago

TheBlock

CertiK CEO: DeFi Attackers Now Outspend Defenders

Ronghui Gu says the cost gap is structural: attackers lean on AI to scan operational and supply-chain gaps faster than white-hat budgets can keep up, while the Arbitrum freeze fallout threatens…

Zipp Editorial Aggregated from TheBlock

CertiK CEO Ronghui Gu told attendees at an industry conference that the economics of DeFi security have flipped against defenders, with attackers now leaning on AI to probe operational weaknesses and supply-chain gaps at a pace white-hat budgets struggle to match. "It's an unfair game," Gu said, framing the gap as structural rather than cyclical.

Why it matters

CertiK's internal data shows attackers have shifted away from smart-contract bugs — long the dominant exploit surface — toward operational security lapses and compromised third-party dependencies. That pivot matters because it sits outside the audit perimeter: a perfectly audited protocol can still lose funds through a compromised frontend, a hijacked deployer key, or a malicious library pushed upstream.

Market impact

Gu separately warned that the legal aftermath of Arbitrum's recent asset freeze could chill future coordinated hack responses, with white-hat teams now more exposed to litigation risk for moving seized funds back to victims. The combination — AI-augmented attackers on one side, legal ambiguity on the other — puts pressure on protocols to budget for 24/7 ops monitoring rather than treating a one-time audit as sufficient.

#DeFi #CertiK #AIRisk #Security

Frequently asked questions

What did CertiK's CEO say about DeFi security?

Ronghui Gu said attackers now use AI to probe operational and supply-chain weaknesses faster than white-hat budgets can match, calling it "an unfair game" and framing the gap as structural rather than cyclical.
Where are DeFi attackers shifting their focus?

According to CertiK, attackers have moved away from smart-contract bugs and toward operational security lapses and compromised third-party dependencies — gaps that sit outside the audit perimeter.
Why does the shift to operational attacks matter?

A perfectly audited protocol can still lose funds through a compromised frontend, a hijacked deployer key, or a malicious upstream library — none of which a code audit catches.
How does the Arbitrum asset freeze affect hack responses?

Gu warned the legal aftermath could expose white-hat teams to litigation risk when they move seized funds back to victims, potentially chilling future coordinated responses across the industry.
What should DeFi protocols do in response?

CertiK's CEO suggested protocols need to budget for continuous operational monitoring rather than treating a one-time smart-contract audit as sufficient defense against AI-augmented attackers.

Source attribution

Aggregated from TheBlock · Verified · Last refreshed 46d ago

Open original →

Bitcoin Slides Under $60K as 550K BTC Floods Binance, OKX

Bitcoin lending hits $67B as SVB declares new institutional era

JPMorgan Backs Tokenization as Core US Financial Infrastructure