CertiK CEO warns structural asymmetry favors attackers with unlimited resources. Near-daily exploits could persist through 2025, blocking $10T+ onchain migration.
Traditional finance is preparing to move trillions of dollars of assets onchain. The risk of hacks and exploits is the primary blocker, according to CertiK CEO Ronghui Gu. In an interview with CoinDesk, Gu described a structural asymmetry that makes it irrational for risk-averse capital to migrate without a security overhaul.
"Right now, more and more institutions are trying to move assets onchain," Gu said. "They imagine that, let's say in 10 years, multiple trillion dollars – even tens of trillions of dollars – of assets are going to move onchain." The catch: "When they move assets onchain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks. So, that's being considered as one of the major blockers for all this TradFi to move trillions of dollars of assets onchain."
The simple read is that banks want efficiency. They fear theft. The better market read is that the attack surface is expanding faster than institutional risk appetite can adapt. Until the security infrastructure closes the resource gap between attackers and defenders, the onchain migration will remain a promise, not a pipeline.
Gu's warning is not abstract. April 2025 was the worst month for crypto hacks in four years, with only three days without a reported exploit. CertiK detected attacks nearly every day, fueled primarily by AI-driven methods. "April was the worst month in four years with only three days without a hack," Gu said, adding that CertiK believes this sudden rise could only be possible with AI.
Two high-profile exploits in April targeted Drift Protocol and Kelp Dao, attributed to North Korean cybercriminals. The two attacks drained nearly $600 million from lending pools. In February 2025, Bybit suffered a $1.46 billion hack, described as the largest single crypto exploit in history. DefiLlama data shows more than $1.1 billion lost to DeFi hacks over the past year, with cross-chain infrastructure vulnerabilities spilling into the broader ecosystem.
For institutions evaluating tokenized assets, custody, or settlement layers, this frequency is unacceptable. A single billion-dollar exploit can wipe out years of operational savings. The timeline is not improving: Gu said the nearly-daily trend seen in April could continue through the end of 2025.
Gu described the situation as an "unfair game" in favor of malicious actors because they possess infinite resources. Hackers focus on protocols with massive total value locked (TVL), making the economics of an attack highly attractive.
A single protocol attacker can easily spend $10,000 to $20,000 worth of compute tokens to run continuous vulnerability scans against a target for days or weeks. Defenders, by contrast, operate under strict project budgets.
"We have 5,000 clients," Gu explained. "When we receive a request from a client, there's a budget. We will spend tokens plus human experts within that budget."
That creates a massive structural gap: a defense team is bound by a commercial contract to scan a protocol over a few hours. A hacker's machines never stop hunting for a single crack in the code. The asymmetry means that every high-value protocol is effectively under continuous siege. It is a matter of time before a vulnerability is found.
Key insight: The resource imbalance is the core risk, not any single vulnerability. Until the industry develops shared, persistent threat detection that matches attacker scale, the onchain migration will remain stalled.
Reducing the risk requires closing the resource gap. That could come from:
What would make the situation worse:
Gu's outlook is cautious: the trend of near-daily exploits is likely to persist through 2025. Without a structural shift in how security is funded and deployed, the blocker remains.
The primary targets are DeFi protocols with high TVL, especially those relying on cross-chain bridges and oracles. Bitcoin and Ethereum as base layers are less directly exposed. Ecosystem risk can spill over – a major bridge hack can trigger liquidation cascades across multiple chains.
For traditional finance, the affected assets include tokenized treasuries, stablecoins, and tokenized private credit. If hacks continue, adoption timelines for these products will stretch. Binance Head of VIP and Institutional Catherine Chen recently noted that established crypto firms will merge with traditional finance. Neither Wall Street bankers nor corporate giants will take over the crypto industry. That suggests a hybrid model, one that still depends on solving the security problem.
Risk to watch: The next large-scale exploit of a protocol with institutional backing. That event would likely trigger a pullback in tokenization initiatives and a flight to simpler, audited custody solutions.
For traders and allocators, the immediate question is whether the security industry can demonstrate a scalable defense before the next $1 billion+ exploit. CertiK's data shows the attacker advantage is widening. The onchain migration of trillions is a long-term thesis. The risk event is happening now – every day without a hack is an exception, not the rule.
Gu's framing suggests the window for institutional participation may narrow if the security gap persists. For a deeper look at how crypto markets are pricing this risk, see our crypto market analysis. For profiles of the underlying assets, see Bitcoin (BTC) and Ethereum (ETH).
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.