2 weeks ago
CertiK CEO and co-founder Ronghui Gu says April was the worst period for DeFi successful 4 years with exploits connected 27 retired of 30 days.
May 30, 2026, 3:00 p.m. 2 min read
Traditional fiscal institutions are preparing to determination trillions of dollars of assets onchain, but the hazard of hacks and exploits is putting them off, according to blockchain information steadfast CertiK's CEO Ronghui Gu.
"Right now, much and much institutions are trying to determination assets onchain," Gu told CoinDesk successful an interview. "They ideate that, let's accidental successful 10 years, aggregate trillion dollars — adjacent tens of trillions of dollars — of assets are going to determination onchain."
The perchance monolithic migration of fiscal assets is hitting a partition because, though bankers and bequest institutions privation to seizure the ratio of decentralized ledgers, the existent operational world is inactive excessively risky for blimpish superior allocators.
"When they determination assets onchain, they request to look each these AI attacks, astute declaration vulnerabilities, oracle manipulation, and cross-chain span hacks," Gu explained. "So, that's being considered arsenic 1 of the large blockers for each this TradFi to determination trillions of dollars of assets onchain."
Gu said their concerns are legitimate, noting that CertiK detected hacks astir each time successful April, making it the worst period successful 4 years, fueled mostly by AI-driven attacks, notwithstanding "April was the worst period successful 4 years with lone 3 days without a hack," Gu said, adding that CertiK believes this abrupt emergence could lone beryllium imaginable with AI.
Drift Protocol and Kelp Dao were hacked by North Korean cybercriminals successful April successful 2 exploits that drained astir $600 cardinal from the 2 lending crypto pools. In February 2025, Bybit suffered a $1.46 billion attack, described arsenic the biggest hack of each time.
DefiLlama information recently showed more than $1.1 cardinal had been mislaid to DeFi hacks successful a year, exposing however vulnerabilities successful cross-chain infrastructure tin rapidly spill into the broader ecosystem.
Persistent operational nonaccomplishment is the superior grounds of what Gu calls an “unfair game” successful favour of malicious actors, due to the fact that they person infinite resources.
Deep pockets
Hackers absorption connected highly lucrative protocols with monolithic full worth locked (TVL), truthful they are economically incentivized to pump immense superior into their exploits.
A azygous protocol attacker tin easy walk $10,000 to $20,000 worthy of machine tokens to support precocious engines moving continuous vulnerability scans against a protocol for days oregon weeks connected end. Conversely, Gu said, protocol defenders run nether strict, localized task budgetary constraints.
"We person 5,000 clients," Gu explained. "When we person a petition from a client, there's a budget. We volition walk tokens positive quality experts wrong that budget." That creates a monolithic structural gap: portion a defence squad is bound by a strict commercialized declaration to scan a protocol implicit a fewer hours, the machines of a hacker oregon radical of hackers ne'er halt hunting for a azygous ace successful the code.
Gu said exploits person accrued successful velocity and ratio with AI and what’s worse is that the nearly-daily inclination seen successful April could proceed done to the extremity of this year.
English (US) 