CertiK's CEO and co-founder, Ronghui Gu, indicated that April marked the worst month for DeFi in four years, with 27 out of 30 days experiencing hacks.
By Olivier Acuna|Edited by Jamie Crawley May 30, 2026, 3:00 p.m. 2 min readMake preferred on According to CertiK's Ronghui Gu, April was the worst month in four years regarding DeFi hacks.Key Insights:
- Legacy financial institutions are eager to transition trillions of dollars in assets to blockchain technology over the next decade but are held back by widespread security threats.
- Ronghui Gu of CertiK stated that frequent hacks, many driven by AI, that target smart contracts, oracles, and cross-chain bridges, pose significant challenges to institutional adoption.
- High-profile incidents, such as the $1.46 billion Bybit hack and the substantial losses suffered by Drift Protocol and Kelp Dao, demonstrate how well-funded attackers can exploit systemic vulnerabilities in DeFi.
Traditional financial entities are looking to shift trillions of dollars in assets to blockchain systems, yet the fear of hacks and exploits is a significant deterrent, as noted by CertiK CEO Ronghui Gu.
Gu explained to CoinDesk, "Currently, more institutions are exploring the possibility of moving assets onchain. They envision that, in a decade, multiple trillions — potentially tens of trillions — of dollars could be transitioned to blockchain platforms."
This anticipated shift in financial assets faces obstacles because, while banks and traditional institutions seek to leverage the advantages of decentralized ledgers, the operational risks remain too high for cautious investors.
Gu elaborated, stating, "As they shift assets onchain, they must contend with AI-driven attacks, vulnerabilities in smart contracts, oracle manipulations, and cross-chain bridge hacks. These factors are among the main hurdles preventing traditional finance from moving vast amounts of assets to blockchain."
The CEO acknowledged the validity of these concerns, highlighting that April saw near-daily hacks, making it the worst month in four years, primarily due to attacks enhanced by AI. "April had only three days without a hack," Gu remarked, suggesting that this surge was likely facilitated by AI technologies.
In April, North Korean hackers targeted Drift Protocol and Kelp Dao, leading to nearly $600 million in losses across two lending pools. Additionally, Bybit experienced a $1.46 billion breach in February 2025, which was labeled the largest hack to date.
Data from DefiLlama revealed that over $1.1 billion was lost to DeFi hacks in the past year, illustrating how vulnerabilities in cross-chain systems can have far-reaching effects on the wider ecosystem.
Gu pointed out that ongoing operational failures illustrate what he describes as an “unfair game” that favors malicious entities due to their limitless resources.
Financial Resources
Hackers are increasingly targeting profitable protocols with significant total value locked (TVL), giving them strong financial incentives to invest heavily in their attacks.
An attacker can easily allocate $10,000 to $20,000 worth of computer tokens to run advanced vulnerability scans against a protocol continuously for extended periods. In contrast, Gu noted that defenders are constrained by strict budget limitations for their projects.
"We have 5,000 clients," Gu explained. "When a client reaches out for assistance, there's a budgetary limit. We can spend tokens and employ human experts within that budget." This creates a substantial disparity: while a defense team is bound by a contract to scan a protocol for a limited time, hackers have machines that can perpetually search for weaknesses in the code.
Gu stated that the speed and effectiveness of exploits have risen due to AI, warning that the alarming trend observed in April may persist throughout the year.