According to Gu Ronghui, co-founder and CEO of CertiK, AI tools have exacerbated the imbalance between DeFi attack and defense, making it easier for attackers to discover vulnerabilities and replicate attack paths. The DeFi security situation was severe in April this year, with only 3 days without any hacker attacks and a cumulative loss of over 690 million US dollars. If the Bybit attack in February 2025 is excluded, April is the month with the highest hacker losses since March 2022. He pointed out that attackers concentrate their computing power on testing a single protocol, while security companies need to distribute resources to serve multiple clients, putting the defensive end at a disadvantage. The focus of recent attacks has shifted from smart contract vulnerabilities to operational security and weak links in the supply chain. He emphasized that AI cannot prove the complete security of code, and formal verification is still a more reliable way of security assurance.
