April 2026 marked the most severe month for decentralized finance security in four years, with exploits occurring on 27 of the month’s 30 days, according to CertiK CEO Ronghui Gu. The sharp acceleration in attack frequency has been driven largely by AI-powered hacking techniques targeting smart contracts, oracles, and cross-chain bridges.
“April was the worst month in four years with only three days without a hack. CertiK believes this sudden rise could only be possible with AI,” Gu said.
The spike represents a structural challenge to institutional capital migration into crypto. Traditional financial firms are preparing to move trillions of dollars of assets onchain over the next decade, but security vulnerabilities are emerging as a critical barrier to that transition.
“Right now, more and more institutions are trying to move assets onchain. They imagine that, let’s say in 10 years, multiple trillion dollars, even tens of trillions of dollars, of assets are going to move onchain,” Gu said. “When they move assets onchain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks. So, that’s being considered as one of the major blockers for all this TradFi to move trillions of dollars of assets onchain.”
North Korean attackers target major protocols
In April, North Korean cybercriminals hacked Drift Protocol and Kelp Dao, draining a combined $600 million from the two lending pools. The attacks underscore the vulnerability of high-value targets to state-sponsored threat actors.
The April exploits extend a troubling trend. In February 2025, cryptocurrency exchange Bybit suffered a $1.46 billion attack. According to data from DefiLlama, DeFi protocols have lost $1.1 billion to hacks over the past year.
Asymmetric resource allocation favors attackers
CertiK, a blockchain security firm with 5,000 clients, operates under budget constraints that create a structural disadvantage against well-funded adversaries. Attackers can conduct vulnerability scans for as little as $10,000 to $20,000 in computer token spending, while defenders must allocate fixed budgets across multiple security layers.
“We have 5,000 clients. When we receive a request from a client, there’s a budget. We will spend tokens plus human experts within that budget,” Gu explained.
This economic asymmetry is fundamental. Attackers face minimal capital requirements to identify and exploit vulnerabilities across thousands of protocols. Defenders, by contrast, must distribute limited resources across audits, monitoring, and incident response for each client. The gap widens as AI tools lower the barrier to entry for attackers while protocol teams face rising complexity in securing multiple attack surfaces.
Gu predicted the near-daily exploit frequency could persist through the end of 2026 absent significant improvements in defensive infrastructure or regulatory intervention. The frequency of attacks in April, he noted, would have been mathematically implausible without AI acceleration.
Institutional hesitation amid security concerns
The explosion in exploit frequency arrives at a critical juncture for crypto adoption. Institutions evaluating onchain asset storage now face quantifiable evidence that DeFi security remains fragmented and reactive. Until defenders can match the speed and scale of AI-driven attacks, institutional capital will likely remain in traditional custody.
CertiK’s role as a security auditor places the firm at the center of this tension. The company audits smart contracts and protocols for vulnerabilities before deployment, but April’s results suggest that even audited systems remain exposed to novel AI-driven attack vectors that emerge post-launch.
