Certik Issues Warning on AI Attacking Old Smart Contracts

On May 15, Certik, a leading cybersecurity company, raised the alarm amid a series of bizarre cyberattacks on the crypto sector, saying that older smart contracts are becoming soft targets for hackers.

According to Certik, hackers are using the booming artificial intelligence (AI) technology to identify vulnerabilities present in these smart contracts.

Certik Co-founder Raises a Warning for Old Smart Contracts 

CertiK co-founder and CEO Ronghui Gu said, “In April, just last month, there were only three days without hacks. More than $690 million was hacked last month in DeFi protocols.”

The crypto market is currently facing one of the worst periods after suffering massive cyber attacks in April and May, where hackers have managed to steal hundreds of millions of dollars from the crypto market. In just April, more than $600 million was stolen in 30 different cyber attacks. It made it one of the worst months for crypto hacks in the last few years. Among all these cyber attacks, there are two major attacks that created catastrophic situations in the DeFi sector, including Drift Protocol and Kelp DAO.

There was not a simple bug in the coding of these platforms, but hackers have also executed sophisticated operations. Most of these cyber attacks are linked to North Korea’s Lazarus Group. These cyber attacks have depleted the trust of investors and sparked intense withdrawals from various platforms. These attacks have exposed the vulnerabilities present in the DeFi infrastructure, including bridges, smart contracts, and others. 

The leading decentralized perpetual futures exchange on the Solana blockchain, Drift Protocol, faced a security incident in April, where the platform lost approximately $285 million in the hack. According to cybersecurity experts, the attack was executed by the Lazarus Group by performing a social engineering attack for 6 months. In order to steal money, they have developed trust with team members via fake business talks, and after that, they deceived members of the security council to pre-sign transactions.

After the hacker managed to gain access to the platform, they created fake tokens to use as collateral on the platform. These fake tokens helped hackers to drain the protocol vaults in just 12 minutes. This attack was so devastating that more than half of Drift’s total value locked (TVL) was wiped out during the hack. However, the smart contract was not affected during the incident. This attack was caused by human error and a lower standard of operational security.

A few days after the cyber attack on Drift protocol, the leading liquid restaking protocol, Kelp DAO, was compromised in a major attack on its bridge. In this cyber attack, approximately $292 million was stolen from the Kelp after hackers had stolen 116,500 rsETH tokens.

Kelp DAO is the DeFi platform that allows users to stake Ethereum derivatives and, in return, they get rsETH tokens. These tokens allow them to generate liquidity and yields. In this hacking incident, hackers linked to the Lazarus Group have targeted the cross-chain bridge that Kelp used, which is powered by LayerZero.

Cross-chain bridges are used to move assets between different blockchain networks, and these DeFi infrastructures need verifiers to validate and approve transactions on the different blockchains. At that time, Kelp was using a single verifier to approve a transaction.

Hackers first took control of an RPC node, which helps the blockchain to read data for verifiers to validate transactions. Along with this, hackers have launched a DDoS attack on other nodes to keep them in the dark.

After this, hackers have started feeding fake data into the RPC node that showed a fake event of token burning. In reality, this token burning event has never happened. This action has tricked the system into releasing real rsETH tokens on Ethereum without any kind of real backing. Despite this cyberattack, Kelp DAO recently restored operations.

Lazarus Group Launches Campaign Against Crypto Sector

Recently, blockchain security firm Certik disclosed a report that revealed alarming details about North Korea. 

The report stated that, “North Korea has transformed cryptocurrency theft into a core state revenue mechanism, operating at a scale and level of coordination unmatched in the digital asset ecosystem. Our report analyzes nearly a decade of activity, finding that DPRK-linked actors have stolen an estimated $6.75 billion across 263 incidents between 2016 and early 2026. This figure likely understates the true scope, as hundreds of smaller attacks targeting individuals and early-stage projects remain underreported.”

Last year, hackers linked to North Korea were responsible for $2.06 billion in the entire year. This is around 60% of all cryptocurrency hacks that took place in the entire year. However, the strange part of this number is that this is just 12% of the total number of hacking incidents. This shows that North Korea’s hackers are preferring big attacks.

“This trend has continued into 2026, where DPRK activity represents 55% of global losses year-to-date, driven by large-scale exploits such as the $291 million KelpDAO attack. The trajectory points to increasingly sophisticated operations, a highly efficient laundering pipeline, and a consistent reliance on human and supply chain vulnerabilities rather than smart contract flaws,” stated in the report.

In the last few months, Certik has observed the pattern of cyber attacks on the cryptocurrency sector. They have observed that most cyber attacks are linked to vulnerabilities present in legacy smart contracts. Most of these smart contracts were using older versions of programming languages like Solidity 0.6. Hackers are actively looking for these smart contracts to exploit the vulnerabilities by using advanced technology of artificial intelligence.

Also Read: Thorchain Suffers Multi-Chain Exploit— $10M+ Drained Across Blockchains