CertiK warns attackers use AI

CertiK co-founder and CEO Ronghui Gu said on May 14 that decentralized finance attackers are increasingly using artificial intelligence to find vulnerabilities and are moving beyond pure smart-contract bugs into operational-security and supply-chain attacks. Gu made the comments in an interview with The Block at the Consensus Miami conference, after what he described as a severe stretch of DeFi exploits this year. He said April had only three days without hacks and that more than $690 million was stolen from DeFi protocols that month. CertiK’s own recent research has also highlighted deepfakes, phishing and compromised software dependencies as major attack paths in 2026. ### Why is CertiK saying the attack pattern is changing? Ronghui Gu said smart-contract auditing standards have improved enough that attackers are increasingly looking elsewhere. In the May 14 interview, he said hackers now target “supply chain, operational security, and so on” because audited contracts have become harder to break directly. (theblock.co) CertiK wrote on February 9 that crypto infrastructure has become more complex and that third-party dependencies now create wider attack surfaces. The company said malicious code inserted into npm packages, wallet libraries or development frameworks can compromise many projects at once, including protocols that were otherwise widely audited. (theblock.co) ### What does Gu mean by “an unfair game”? Gu said attackers can concentrate computing resources on probing a single protocol, while security firms and internal defenders have to divide time and tooling across many clients and systems. He said AI is making it easier for attackers to discover vulnerabilities and replicate attacks across protocols. (certik.com) Natalie Newson, a senior blockchain investigator at CertiK, made a similar point in April. She said “agentic AI” can autonomously scan smart contracts for bugs, draft exploit code and execute attacks at machine speed, while also making phishing and deepfake campaigns more convincing. ### If code audits improved, where are attackers finding openings? (theblock.co) April’s major incidents gave security researchers examples outside the classic “bug in contract logic” model. The Block reported that Drift Protocol’s roughly $280 million exploit was later linked by the project to an admin takeover tied to suspected North Korean attackers. The same report said attacks on Drift Protocol and Kelp DAO together accounted for nearly $600 million in losses. (cointelegraph.com) Cointelegraph reported on April 22 that the Kelp DAO exploit involved what it described as a single point-of-trust failure in LayerZero infrastructure, and that another North Korea-linked attack used AI for social engineering. Zerion said on April 15 that North Korean-affiliated hackers used AI in a long-running social-engineering campaign to steal about $100,000 from the company’s hot wallets, according to that report. (theblock.co) ### What kinds of operational attacks is CertiK focused on? CertiK’s February 9 threat outlook said real-time deepfakes have made video calls and facial checks less reliable for verifying identity. The company said attackers can mimic executives or trusted contacts to request fund transfers or privileged access, pushing firms toward cryptographic checks, multi-signature approvals and hardware-based verification for sensitive actions. (cointelegraph.com) The same CertiK report said phishing has become more adaptive, with AI-generated landing pages tailored to a victim’s wallet type and transaction flow. It also said QR-code phishing and compromised software dependencies are becoming more common as attack routes. ### What does this change for how protocols are judged? Gu said no system can be proven universally bug-free through testing alone, citing what he called the “halting problem” as a limit on predicting program behavior in every scenario. (certik.com) He said formal verification remains the only known way to prove certain properties of code, but he also said projects are not paying enough attention to operational security and supply-chain risk. CertiK’s own product push reflects that broader framing. On May 6, the company said it had expanded public access to AI Auditor, a tool first built for internal auditors, and said the system achieved an 88.6% cumulative exact hit rate across 35 real-world Web3 security incidents from 2026. ### What should readers watch next? CertiK’s public blog remains the company’s running record of how it thinks the threat model is evolving. (theblock.co) The February 9 post on 2026 attack vectors and the May 6 post on AI Auditor are the clearest recent statements of where the company says defenses need to go next, with Ronghui Gu and CertiK researchers pointing to identity checks, dependency controls and faster incident response as the next line of scrutiny. (certik.com 1) (certik.com 2)