Traditional finance has a trillion-dollar problem: the blockchain rails it wants are being dismantled by AI-assisted attackers faster than defenders can patch them.
In an interview published May 30, 2026 at 3:00 p.m. UTC, CertiK CEO and co-founder Ronghui Gu told CoinDesk that AI-driven hacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge exploits now constitute "one of the major blockers for all this TradFi to move trillions of dollars of assets onchain." The statement comes from the firm that audits more than 5,000 protocols — not a research note, but operational intelligence from the people watching the attacks happen.
Gu's framing is precise: institutions aren't philosophically opposed to blockchain. They want the efficiency of decentralized ledgers. What they won't accept is the current operational risk. "More and more institutions are trying to move assets onchain," he said. "They imagine that, let's say in 10 years, multiple trillion dollars — even tens of trillions of dollars — of assets are going to move onchain." The problem is between now and then.
April 2026: the worst month in four years
April was the data point behind Gu's warning. CertiK detected exploits on 27 of the month's 30 days — three clean days total. Gu called it "the worst month in four years" and attributed the acceleration directly to AI: "This sudden rise could only be possible with AI."
The month's two headline losses came from North Korea. The $285 million Drift Protocol breach involved what TRMLabs described as an "unprecedented in-person social engineering" campaign: North Korean proxies spent months in physical meetings with Drift employees before executing the exploit. The $292 million KelpDAO hack took a different route, exploiting a known single-verifier flaw that LayerZero had repeatedly flagged as a risk. Combined, the two attacks account for nearly $600 million, and TRMLabs reports that North Korean-linked groups — DPRK and Lazarus — are responsible for 76% of all crypto hack losses in 2026, with cumulative theft exceeding $6 billion since 2017.
The KelpDAO breach alone triggered a $13 billion DeFi TVL drawdown over two days, with Aave losing $8.54 billion in deposits and accumulating nearly $200 million in bad debt.
The asymmetry that makes defense impossible
Gu describes the contest as structurally unfair. An attacker targeting a high-TVL protocol can spend $10,000 to $20,000 in compute tokens running continuous AI vulnerability scans against that protocol for days or weeks. Their machines never stop. Protocol defenders, by contrast, operate inside fixed commercial contracts. "When we receive a request from a client, there's a budget," Gu said. "We will spend tokens plus human experts within that budget." The defense window is measured in hours. The attack window is open-ended.
That asymmetry means the attacker's AI engine will eventually find a crack. The question is when, not whether.
Historical backdrop
February 2025's Bybit attack — $1.46 billion drained, the largest single exchange hack on record — now sits as the benchmark that April 2026 is measured against. DefiLlama data cited by CoinDesk shows more than $1.1 billion lost to DeFi hacks over the past year. Gu's warning is that April's near-daily cadence may not be an anomaly: he said the trend could continue through the end of 2026.
The gap between what institutions want — efficient, programmable settlement infrastructure — and what they're getting — a protocol environment where exploits are scheduled rather than exceptional — is the structural story of blockchain's institutional adoption window. CertiK's read is that without a security step-change, the gap doesn't close.