AI-powered attackers are outpacing defenders so decisively that traditional financial institutions are now blocking their own plans to migrate trillions of dollars of assets onchain, according to Ronghui Gu, CEO and co-founder of blockchain security firm CertiK.
Gu told CoinDesk that April was the worst month for DeFi exploits in four years, with hacks detected on 27 of 30 days. He attributes the surge to AI-driven attacks targeting smart contracts, oracles, and cross-chain bridges — and said the pace is likely to hold through the end of 2025. The $1.46 billion Bybit hack in February, described as the largest in crypto history, anchors the trend, alongside April exploits on Drift Protocol and Kelp Dao that together drained nearly $600 million.
Why it matters
Gu framed the threat as a structural blocker on Wall Street's onchain migration, not a marginal risk to be priced in. "When they move assets onchain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks," he said, calling these the principal brakes on a decade-long push to put trillions onchain. DefiLlama data shows more than $1.1 billion lost to DeFi hacks in the trailing year, and Gu warned the recent cadence is unlikely to reverse without a fundamental shift in defensive economics.
Market impact
The bigger story is the resource asymmetry. Gu said a single attacker can spend $10,000 to $20,000 in compute tokens to run continuous vulnerability scans against a protocol for days or weeks, while his own 5,000 clients operate under fixed per-engagement budgets that bound human-plus-AI defensive scans to a few hours. Defenders are locally constrained by commercial contracts; attackers are globally patient. That gap — combined with a North Korean state-aligned attack profile, per the Drift and Kelp Dao incidents — is exactly the operational failure mode that conservative institutional allocators cite when they decline to deploy treasury capital onchain, even as the efficiency case for doing so strengthens.
Frequently asked questions
-
What did CertiK's CEO say about AI-powered hacks in April 2025?
Ronghui Gu said April was the worst month for DeFi exploits in four years, with hacks detected on 27 of 30 days. He attributed the surge to AI-driven attacks on smart contracts, oracles, and cross-chain bridges, and said the pace is likely to hold through the end of 2025.
-
Why are AI-powered hacks keeping Wall Street off the blockchain?
Gu said institutions preparing to move trillions of dollars onchain view AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge exploits as the principal blockers. Conservative capital allocators are not yet willing to absorb that operational risk despite the efficiency gains from…
-
How big was the Bybit hack and when did it happen?
The Bybit hack occurred in February 2025 and drained $1.46 billion, which CertiK and the broader industry have described as the largest crypto hack on record. It anchors a broader 12-month picture in which DefiLlama tracks more than $1.1 billion in DeFi losses.
-
What is the resource asymmetry between DeFi attackers and defenders?
Gu said a single attacker can spend $10,000 to $20,000 in compute tokens to run continuous vulnerability scans on a protocol for days or weeks. Defenders at firms like CertiK work under fixed per-engagement budgets that cap human-plus-AI scans to a few hours, creating a structural disadvantage for protocol teams.
-
Which recent DeFi exploits did CertiK highlight as examples?
Gu pointed to the $1.46 billion Bybit attack in February 2025 and the April exploits on Drift Protocol and Kelp Dao, which together drained nearly $600 million. He linked the April attacks to North Korean cybercriminals and described them as evidence of state-aligned, well-funded adversaries targeting high-TVL lending…
CoinDesk