CertiK CEO Ronghui Gu said April 2026 was the worst month for DeFi exploits in four years, with hacks occurring on 27 out of 30 days. He attributed the surge to AI-driven attacks, noting that only three days were hack-free. Major incidents included North Korean cybercriminals draining nearly $600 million from Drift Protocol and Kelp Dao, and the $1.46 billion Bybit hack in February 2025. Gu warned that these security risks are a major barrier for traditional financial institutions planning to move trillions of dollars of assets onchain. He explained that hackers have structural advantages, spending $10,000-$20,000 on continuous vulnerability scans, while defenders operate under tight budgets. DefiLlama data shows over $1.1 billion lost to DeFi hacks in the past year, highlighting systemic vulnerabilities in cross-chain infrastructure.

Key facts

• April 2026 had 27 days with DeFi hacks, worst in four years.
• North Korean hackers stole ~$600M from Drift Protocol and Kelp Dao.
• Bybit hack in Feb 2025 was largest ever at $1.46B.
• AI-driven attacks are a key factor in the surge.
• Hackers spend $10k-$20k on scans; defenders have budget limits.