DeFi Attackers Using AI to Outspend Defenders, Says CertiK CEO
14 May 2026 · 19:46 UTC · The Block · Original source
Summary
CertiK, a leading blockchain security firm, warned that DeFi attackers are increasingly targeting operational security and supply-chain vulnerabilities rather than smart contract code bugs. According to CertiK's CEO, attackers are using AI and sophisticated techniques to outmatch defenders in an increasingly uneven confrontation. The statement highlights a concerning shift in attack vectors toward non-code vulnerabilities that are harder to detect and defend against through traditional smart contract auditing alone.
Why it matters
DeFi security is foundational to user confidence and TVL in protocols. The article highlights a troubling evolution in attack vectors—from detectable smart contract bugs to operational security and supply-chain attacks that traditional auditing cannot fully address. Key mechanisms: (1) User fear driving TVL withdrawals and protocol migration; (2) Increased insurance costs and security spending by protocols; (3) Potential contagion if major hacks occur; (4) Reduced institutional adoption of vulnerable DeFi platforms. Uncertainties: CertiK CEO's claims about AI-driven attacks are somewhat speculative and lack specific incident citations. The article provides limited concrete evidence beyond a statement. CertiK has financial incentive to promote security concerns (drives audit demand). Actual market impact depends on whether material hacks result and overall risk sentiment. Altcoins show higher sensitivity due to DeFi concentration; Bitcoin correlation is weaker.
Expected impact
CertiK's warning about increasingly sophisticated DeFi attackers employing AI and targeting operational security and supply-chain vulnerabilities raises significant concerns for the DeFi ecosystem. The characterization of this as an "unfair game" with attackers outmatching defenders could create fear, uncertainty, and doubt (FUD) among DeFi users and trigger near-term selling pressure in altcoins and DeFi-focused tokens. Users may reassess protocol safety and withdraw liquidity. Altcoins are more directly affected given their concentration in DeFi yields; Bitcoin experiences spillover only if broader sentiment deteriorates. The news reinforces demand for professional security auditing services like CertiK's. Long-term impact depends on whether these attack vectors materialize in major actual hacks and how quickly protocols implement defensive countermeasures. The shift from smart contract vulnerabilities to supply-chain attacks represents a structural concern harder to defend against systematically.