Traditional Finance Grapples with On-Chain Security Risks
The vision of traditional financial institutions migrating trillions of dollars in assets onto blockchain networks is encountering a significant obstacle: the escalating threat of cyberattacks and smart contract exploits. Despite the promise of efficiency offered by decentralized ledgers, the current security landscape presents an unacceptable risk profile for conservative capital allocators.
“Right now, more and more institutions are trying to move assets on-chain,” Ronghui Gu, CEO of blockchain security firm CertiK, told CoinDesk. “They imagine that, let’s say in 10 years, multiple trillion dollars — even tens of trillions of dollars — of assets are going to move on-chain.”
The Gauntlet of Digital Threats
This ambitious migration faces a complex array of threats. As assets transition to blockchain, they become targets for sophisticated attacks, including AI-driven exploits, vulnerabilities within smart contracts, oracle manipulation, and critical weaknesses in cross-chain bridges. These challenges are widely recognized as primary deterrents for traditional finance (TradFi) considering a large-scale shift to on-chain operations.
“When they move assets on-chain, they need to face all these AI attacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge hacks,” Gu explained. “So, that’s being considered as one of the major blockers for all this TradFi to move trillions of dollars of assets on-chain.”
April: A Record Month for Exploits
CertiK‘s data paints a stark picture. April marked the worst month for crypto exploits in four years, with hacks occurring almost daily. Gu noted that only three days in April passed without a detected security incident, attributing this sudden surge largely to the increasing sophistication of AI-driven attacks.
- In April, Drift Protocol and Kelp Dao were targeted by North Korean cybercriminals, resulting in nearly $600 million drained from these lending crypto pools.
- A staggering $1.46 billion attack hit Bybit in February 2025, an incident described as the largest hack ever recorded.
- Recent DefiLlama data indicates over $1.1 billion lost to DeFi hacks within a single year, highlighting how vulnerabilities in decentralized finance (DeFi) and cross-chain infrastructure can rapidly impact the broader digital asset ecosystem.
An Unfair Game: Attackers vs. Defenders
Gu characterizes the current security environment as an “unfair game,” heavily skewed in favor of malicious actors who often possess seemingly infinite resources. Hackers are economically motivated to target highly lucrative protocols with substantial total value locked (TVL), investing considerable capital into their exploits. A single attacker might spend $10,000 to $20,000 on computational resources to run continuous vulnerability scans against a protocol for weeks.
Conversely, protocol defenders operate under strict budgetary constraints. CertiK, for instance, works within predefined client budgets for security audits.
“We have 5,000 clients,” Gu explained. “When we receive a request from a client, there’s a budget. We will spend tokens plus human experts within that budget.”
This creates a critical structural disparity: while defense teams are bound by commercial contracts to conduct scans over limited periods, attackers’ automated systems relentlessly search for any weakness in the code, without such financial or time restrictions. The speed and efficiency of exploits have dramatically increased with the integration of AI, a trend Gu warns could persist through the end of the year.
Frequently Asked Questions (FAQ)
- Why are traditional financial institutions hesitant to move assets on-chain?
They are primarily concerned about the high risk of hacks, smart contract vulnerabilities, oracle manipulation, and cross-chain bridge exploits, which currently pose significant threats to digital assets. - What role does AI play in recent crypto hacks?
AI is increasingly used by malicious actors to enhance the speed, efficiency, and sophistication of attacks, making it harder for defensive measures to keep pace. - What is the “unfair game” in blockchain security?
It refers to the imbalance where attackers can dedicate vast, continuous resources to finding vulnerabilities, while protocol defenders are often limited by project-specific budgets and timeframes for security audits. - Which recent hacks highlight these security concerns?
Notable incidents include the $600 million drained from Drift Protocol and Kelp Dao, and the $1.46 billion attack on Bybit, demonstrating the scale of potential losses.
