Certik issues warning about AI attacking legacy smart contracts

On May 15, Certik, a leading cybersecurity company, sounded the alarm amid a series of bizarre cyberattacks on the cryptocurrency sector, saying that legacy smart contracts were becoming easy targets for hackers.

According to Sirtek, hackers are using the burgeoning artificial intelligence (AI) technology to identify vulnerabilities found in these smart contracts.

Certik co-founder raises warning about legacy smart contracts

CertiK co-founder and CEO Ronghui Gu said, “In April, just last month, there were only three days without hacks. Over $690 million was hacked last month in DeFi protocols.”

The cryptocurrency market is currently facing one of its worst periods after being exposed to large-scale cyberattacks in April and May, where hackers were able to steal hundreds of millions of dollars from the cryptocurrency market. In the month of April alone, more than $600 million was stolen in 30 different cyberattacks. It has made it one of the worst months for cryptocurrency hacks in the past few years. Among all these cyber attacks, there are two major attacks that have created disastrous situations in the DeFi sector, including Drift Protocol and Kelp DAO.

There was not a simple error in the encryption of these platforms, but the hackers also carried out complex operations. Most of these cyber attacks are linked to the Lazarus Group in North Korea. These cyber attacks have sapped investor confidence and triggered massive withdrawals from various platforms. These attacks exposed vulnerabilities in DeFi infrastructure, including bridges, Smart contractset al.

The leading perpetual decentralized futures exchange on the Solana blockchain, Drift Protocol, faced a security incident in April, with the platform losing approximately $285 million in the hack. According to cybersecurity experts, the attack was carried out by the Lazarus Group by carrying out a social engineering attack for 6 months. In order to steal the money, they developed trust with team members through fake business conversations and, later, tricked Security Council members into pre-signing the transactions.

After the hacker gained access to the platform, they created fake tokens to use as collateral on the platform. These fake codes helped hackers drain the protocol’s vaults in just 12 minutes. This attack was so devastating that more than half of the Drift’s total value locked (TVL) was wiped out during the hack. However, the smart contract was not affected during the incident. This attack was caused by human error and poor operational security.

Just days after the cyberattack on the Drift Protocol, the leading liquid recovery protocol, Kelp DAO, was hacked in a major attack on its bridge. In this cyberattack, approximately $292 million was stolen from Kelp after hackers stole 116,500 rsETH tokens.

Kelp DAO is a DeFi platform that allows users to stake Ethereum derivatives and in return receive rsETH tokens. These tokens allow them to generate liquidity and returns. In this hacking incident, hackers associated with the Lazarus group targeted the cross-chain bridge used by Kelp, which is powered by LayerZero.

Cross-chain bridges are used to transfer assets between different blockchain networks, and these DeFi infrastructures need validators to validate and approve transactions on different blockchains. At the time, Kelp was using a single validator to approve the transaction.

Hackers first took control of an RPC node, which helps the blockchain read data for verifiers to validate transactions. Besides, hackers launched a DDoS attack on other nodes to keep them in the dark.

After that, the hackers started injecting fake data into the RPC node that showed a fake token burning event. In fact, this token burning event never happened. This action tricked the system into releasing real rsETH tokens on Ethereum without any kind of real support. Despite this cyber attack, Kelp DAO was recently restored Operations.

Lazarus Group launches a campaign against the cryptocurrency sector

Recently, blockchain security firm Certik unveiled a report that revealed disturbing details about North Korea.

the a report He stated that “North Korea has turned cryptocurrency theft into a primary revenue mechanism for the state, operating at a scale and level of coordination unparalleled in the digital assets ecosystem. Our report analyzes nearly a decade of activity, finding that North Korea-linked actors stole an estimated $6.75 billion across 263 incidents between 2016 and early 2026. This number likely underestimates the true scale, as hundreds of small attacks targeting individuals and early-stage projects remain underreported.“

Last year, North Korea-linked hackers were responsible for $2.06 billion in the entire year. This represents approximately 60% of all cryptocurrency hacks that occurred during the entire year. However, the strange part of this number is that this represents only 12% of the total number of hacking incidents. This shows that North Korean hackers prefer large attacks.

“This trend has continued into 2026, with DPRK activity accounting for 55% of global losses year-to-date, driven by large-scale exploits such as the $291 million KelpDAO attack. The trajectory points to increasingly sophisticated operations, a highly efficient washing pipeline, and a continued reliance on human and supply chain vulnerabilities rather than smart contract flaws.

In the past few months, Cirtec has noticed a pattern of cyber attacks on the cryptocurrency sector. They note that most cyberattacks are linked to vulnerabilities found in legacy smart contracts. Most of these smart contracts were using older versions of programming languages ​​such as Solidity 0.6. Hackers are actively searching for these smart contracts to exploit vulnerabilities using advanced AI technology.

Read also: Thorchain suffers from a cross-chain exploit – over $10 million has been drained via Blockchains