Traditional financial institutions are preparing to move trillions of dollars of assets onchain, but the risk of hacks and exploits is putting them off, according to blockchain security firm CertiK’s CEO Ronghui Gu.
“Right now, more and more institutions are trying to move assets onchain,” Gu told CoinDesk in an interview. “They imagine that, let’s say in 10 years, multiple trillion dollars — even tens of trillions of dollars — of assets are going to move onchain.”
The potentially massive migration of financial assets is hitting a wall because, although bankers and legacy institutions want to capture the efficiency of decentralized ledgers, the current operational reality is still too risky for conservative capital allocators.
“When they move assets onchain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks,” Gu explained. “So, that’s being considered as one of the major blockers for all this TradFi to move trillions of dollars of assets onchain.”
Gu said their concerns are legitimate, noting that CertiK detected hacks nearly every day in April, making it the worst month in four years, fueled mostly by AI-driven attacks, notwithstanding “April was the worst month in four years with only three days without a hack,” Gu said, adding that CertiK believes this sudden rise could only be possible with AI.
Drift Protocol and Kelp Dao were hacked by North Korean cybercriminals in April in two exploits that drained nearly $600 million from the two lending crypto pools. In February 2025, Bybit suffered a $1.46 billion attack, described as the biggest hack of all time.
DefiLlama data recently showed more than $1.1 billion had been lost to DeFi hacks in a year, exposing how vulnerabilities in cross-chain infrastructure can quickly spill into the broader ecosystem.
Persistent operational failure is the primary symptom of what Gu calls an “unfair game” in favor of malicious actors, because they possess infinite resources.
Deep pockets
Hackers focus on highly lucrative protocols with massive total value locked (TVL), so they are economically incentivized to pump immense capital into their exploits.
A single protocol attacker can easily spend $10,000 to $20,000 worth of computer tokens to keep advanced engines running continuous vulnerability scans against a protocol for days or weeks on end. Conversely, Gu said, protocol defenders operate under strict, localized project budgetary constraints.
“We have 5,000 clients,” Gu explained. “When we receive a request from a client, there’s a budget. We will spend tokens plus human experts within that budget.” That creates a massive structural gap: while a defense team is bound by a strict commercial contract to scan a protocol over a few hours, the machines of a hacker or group of hackers never stop hunting for a single crack in the code.
Gu said exploits have increased in speed and efficiency with AI and what’s worse is that the nearly-daily trend seen in April could continue through to the end of this year.
