Conventional monetary establishments are making ready to maneuver trillions of {dollars} of property onchain, however the threat of hacks and exploits is placing them off, in response to blockchain safety agency CertiK’s CEO Ronghui Gu.
“Right now, more and more institutions are trying to move assets onchain,” Gu instructed CoinDesk in an interview. “They imagine that, let’s say in 10 years, multiple trillion dollars — even tens of trillions of dollars — of assets are going to move onchain.”
The possibly large migration of economic property is hitting a wall as a result of, though bankers and legacy establishments need to seize the effectivity of decentralized ledgers, the present operational actuality continues to be too dangerous for conservative capital allocators.
“When they move assets onchain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks,” Gu defined. “So, that’s being considered as one of the major blockers for all this TradFi to move trillions of dollars of assets onchain.”
Gu mentioned their issues are professional, noting that CertiK detected hacks practically on daily basis in April, making it the worst month in 4 years, fueled largely by AI-driven assaults, however “April was the worst month in four years with only three days without a hack,” Gu mentioned, including that CertiK believes this sudden rise might solely be doable with AI.
Drift Protocol and Kelp Dao have been hacked by North Korean cybercriminals in April in two exploits that drained practically $600 million from the 2 lending crypto swimming pools. In February 2025, Bybit suffered a $1.46 billion assault, described as the largest hack of all time.
DefiLlama knowledge just lately confirmed greater than $1.1 billion had been misplaced to DeFi hacks in a yr, exposing how vulnerabilities in cross-chain infrastructure can shortly spill into the broader ecosystem.
Persistent operational failure is the first symptom of what Gu calls an “unfair game” in favor of malicious actors, as a result of they possess infinite sources.
Deep pockets
Hackers concentrate on extremely profitable protocols with large whole worth locked (TVL), so they’re economically incentivized to pump immense capital into their exploits.
A single protocol attacker can simply spend $10,000 to $20,000 value of pc tokens to maintain superior engines operating steady vulnerability scans in opposition to a protocol for days or perhaps weeks on finish. Conversely, Gu mentioned, protocol defenders function beneath strict, localized venture budgetary constraints.
“We have 5,000 clients,” Gu defined. “When we receive a request from a client, there’s a budget. We will spend tokens plus human experts within that budget.” That creates a large structural hole: whereas a protection group is certain by a strict industrial contract to scan a protocol over a number of hours, the machines of a hacker or group of hackers by no means cease looking for a single crack within the code.
Gu mentioned exploits have elevated in pace and effectivity with AI and what’s worse is that the nearly-daily pattern seen in April might proceed via to the top of this yr.
