Decentralized finance (DeFi) security researchers are sounding the alarm over a growing asymmetric threat: artificial intelligence is empowering hackers to find and exploit vulnerabilities far more efficiently than defenders can protect against them. In an interview at the Consensus Miami conference, CertiK co-founder and CEO Ronghui Gu called this a fundamentally "unfair game" where attackers pour computing resources into probing single protocols while security firms must spread limited resources across many clients.
The warning follows an exceptionally violent month for DeFi exploits. "In April, just last month, there were only three days without hacks," Gu said, noting that more than $690 million was stolen from DeFi protocols during the month. Excluding the February 2025 Bybit exploit, April marked the highest monthly financial loss from DeFi hacks since March 2022. Major incidents included a $280 million exploit on Drift Protocol linked to an admin takeover by suspected North Korean attackers, and a $292 million exploit on Kelp DAO stemming from infrastructure and governance failures.
Gu attributed the surge to AI tools that lower the marginal cost of running exploit attempts. Attackers can use language models and automated fuzzing to scan for weaknesses around the clock, while defenders still rely heavily on manual audits and formal analysis. "Even if you run an AI model for 30 hours and it doesn't find a vulnerability, it can't prove that your code is bug-free," Gu explained, pointing to the halting problem in computer science. The only known solution, he argued, is formal verification — a mathematical approach to prove smart contract code behaves correctly under every possible input.
The Kelp DAO hack further illustrated how attackers are shifting strategies away from code flaws toward supply-chain and operational security weaknesses. In that case, attackers compromised a LayerZero validator setup before routing stolen assets through Aave. The incident triggered a controversial freeze of about $72 million in assets by Arbitrum, which later became entangled in legal disputes. Gu said these episodes underline the complexity of crypto incident responses, where protocols, blockchains, and exchanges must coordinate rapidly to freeze and recover funds. "The industry needs to work together," he stressed.
CertiK's own Hack3d 2025 report documents how defensive spending has not kept pace with the threat landscape. While AI compresses the time attackers need to find exploit paths, most DeFi teams still prioritize speed to market over exhaustive security proofs. Gu's framing suggests a structural shift is overdue: if attackers automate discovery at near-zero cost, defenders must adopt assurance methods that are provably complete rather than probabilistically sufficient. The warning lands at a moment when DeFi protocols manage ever-larger total value locked and the consequences of ignoring the asymmetry are increasingly measured in lost user funds.
