Traditional financial institutions are preparing to move trillions of dollars of assets on-chain, but the risk of hacks and exploits is putting them off, according to blockchain security firm CertiK CEO Ronghui Gu.
“Right now, more and more institutions are trying to move assets onchain,” Gu told CoinDesk in an interview. “They imagine that, let’s say in 10 years, several trillion dollars — even tens of trillions of dollars — of assets will move on the chain.”
The potentially massive migration of financial assets is hitting a wall because while bankers and legacy institutions want to capture the efficiency of decentralized finance, the current operational reality is still too risky for conservative capital allocators.
“When they move assets on-chain, they have to face all these AI attacks, smart contract vulnerabilities, oracle manipulation and cross-chain bridge hacks,” Gu explained. “So that’s being seen as one of the biggest blocks to all this TradFi moving trillions of dollars of assets on-chain.”
Gu said their concerns are valid, noting that CertiK detected hacks almost every day in April, making it the worst month in four years driven primarily by AI-powered attacks, despite “April was the worst month in four years with only three days without a hack,” Gu said, adding that CertiK believes this sudden increase could only be possible with AI.
Drift Protocol and Kelp Dao were hacked by North Korean cybercriminals in April in two exploits that drained nearly $600 million from the two crypto-lending pools. In February 2025, Bybit suffered a $1.46 billion attack, described as the largest hack ever.
DefiLlama data recently showed that more than $1.1 billion had been lost to DeFi hacks in one year, revealing how vulnerabilities in cross-chain infrastructure can quickly spread into the wider ecosystem.
Persistent outages are the primary symptom of what Gu calls an “unfair game” in favor of malicious actors because they possess infinite resources.
Deep pockets
Hackers focus on highly lucrative protocols with massive total value locked (TVL), so they are financially incentivized to pump huge capital into their holdings.
A single protocol attacker can easily spend $10,000 to $20,000 in computer tokens to keep advanced engines running continuous vulnerability scans against a protocol for days or weeks on end. Conversely, Gu said, protocol defenders work under strict, localized project budget constraints.
“We have 5,000 customers,” Gu explained. “When we receive a request from a client, there is a budget. We will use tokens plus human experts within that budget.” This creates a massive structural gap: while a defense team is bound by a strict commercial contract to scan a protocol over a few hours, the machines of a hacker or group of hackers never stop looking for a single crack in the code.
Gu said exploits have increased in speed and efficiency with artificial intelligence, and what’s worse, the near-daily trend seen in April could continue until the end of this year.
