Traditional financial institutions are assessing the migration of more assets to the blockchain, but security risks continue to slow large-scale deployments. Ronghui Gu, CEO of blockchain security company CertiK, stated that smart contract vulnerabilities, oracle manipulation, and cross-chain bridge attacks remain among the biggest concerns for institutional investors.
The frequency of attacks increased significantly in April.
In an interview with CoinDesk, Gu Ronghui stated that an increasing number of traditional financial institutions hope to leverage on-chain systems to improve settlement and operational efficiency, envisioning trillions of dollars in assets migrating to the blockchain over the next decade. However, in practice, frequent hacking incidents still make it difficult for conservative funds to allocate their assets freely.
He stated that April was the worst month for DeFi security in the past four years, with hacking incidents occurring on 27 out of 30 days. CertiK believes that the increased frequency of attacks is related to the use of AI tools for vulnerability scanning and attack preparation.
The risks are concentrated in contracts and cross-chain facilities.
According to Gu Ronghui, when evaluating blockchain implementation, institutions not only focus on asset custody but also examine whether the underlying protocol can withstand sustained attacks. Common risks currently include smart contract defects, oracle price manipulation, and the cascading losses caused by the exploitation of cross-chain bridges.
Recent incidents have reinforced these concerns. Reports indicate that Bybit suffered an attack in February 2025 that cost approximately $1.46 billion, considered one of the largest hacks in crypto history. Drift Protocol and Kelp Dao were also attacked in April, with the two incidents resulting in a combined loss of nearly $600 million.
The investment in offense and defense is not equal.
According to DefiLlama data, DeFi hacks have caused losses exceeding $1.1 billion in the past year. These incidents not only affect individual protocols but also spread to a wider ecosystem through cross-chain infrastructure.
Gu Ronghui believes that the current offense and defense are not on equal footing. Attackers typically target protocols with large locked tokens because the rewards, once successful, are enough to cover the long-term investment. To continuously run automated scanning and attack tools, a single attacker may invest $10,000 to $20,000 worth of computing power and token resources, running them continuously for days or even weeks.
In contrast, contracting parties and security service providers are often constrained by project budgets and can only complete audits and investigations within a set time and cost. This means that defenders typically work in phases, while attackers can repeatedly search for code vulnerabilities around the same target over a long period of time.
Gu Ronghui stated that as AI improves attack efficiency, the high-frequency attack trend that emerged in April is likely to continue for the remainder of the year. For institutions hoping to promote the on-chaining of more traditional assets, security capabilities remain a prerequisite for deciding whether to expand their participation.
