Wall Street’s Trillion-Dollar Dilemma: AI Hackers & Blockchain

Wall Street’s Trillion-Dollar Dilemma: AI Hackers Block Trillions from Onchain Migration

Wall Street wants blockchain speed, but AI-driven hacks make the risk hard to stomach. The sales pitch is clean: move traditional assets onchain, settle trades faster, cut costs, and remove some middlemen. Fine. But the security side is getting nastier by the month. April was reportedly the worst month for crypto hacks in four years, and AI-driven attacks were blamed for much of the damage. Why does this matter? Because banks do not need blockchain to be exciting. They need it to be survivable. If banks hold back, traders lose the signal they have been waiting for: big pools of capital moving past pilots and ETFs into real onchain systems.

CertiK CEO Ronghui Gu says the idea of tens of trillions of dollars moving onchain this decade has run into a security wall. I’ll be honest: that sounds dramatic until you look at the attack pace. Bankers may like the efficiency of decentralized ledgers. Their risk teams, reasonably, do not like waking up to another exploit headline. Gu pointed to AI attacks, smart contract bugs, oracle manipulation, and bridge hacks as the main threats. Most adoption guides say regulation is the main blocker. That is only half right. CertiK detected hacks almost every day in April, with only three days passing without an exploit, and Gu argues that pace is hard to explain unless AI is doing some of the work.

The numbers are hard to ignore. Drift Protocol and Kelp Dao were hit in April by North Korean cybercriminals, who drained nearly $600 million from the two lending pools. In February 2025, Bybit suffered a $1.46 billion hack, described as the largest crypto hack so far. DefiLlama data also shows more than $1.1 billion lost to DeFi hacks in a single year. One bridge breaks, then the loss jumps rails. That is the part I keep coming back to. In crypto, one weak link rarely stays contained.

The security problem weakens the “adoption signal” crypto investors want from large financial firms. When firms like BlackRock or Fidelity look beyond spot ETFs, infrastructure risk stops being a footnote. Nobody wants to tell clients their tokenized assets disappeared because a bridge contract failed at 3 a.m. Is that fear exaggerated? For a tiny test wallet, maybe. For institutional balance sheets, no. Ethereum (ETH) would probably benefit if tokenized real world assets moved onto public blockchains, but that upside depends on institutions trusting the plumbing. Right now, that trust is thin. My take: without a credible security path, the multi trillion dollar migration stays closer to a pitch deck than reality, and ETH’s near term upside may stay limited.

Hackers have better economics than defenders, which is the ugly part. One attacker can spend $10,000 to $20,000 worth of compute tokens and run scans for weeks. Protocol defenders usually have fixed budgets. Gu said CertiK has 5,000 clients and assigns tokens and human experts based on each request. So a security team might review a protocol for a few hours while an attacker keeps testing it until a flaw appears. Bad bargain. Counter to the usual advice, more audits alone may not fix that mismatch. Repeated exploits can push TVL out of vulnerable protocols, pressure related tokens, cause forced liquidations, and dent trust in the entire category. A large lending protocol hack could even shake stablecoin pegs or market sentiment, the way Terra-Luna’s collapse spread through crypto in May 2022.

Gu says AI has made exploits faster, and he expects the near daily pattern seen in April could continue through the end of the year. That matters for the broader flow of capital into crypto. Bitcoin (BTC) is often treated as a hedge against trouble in traditional finance, but institutions still care about the rest of the crypto stack. If the market looks unsafe, some money that might have gone into BTC or tokenized assets may go somewhere duller, like gold. Boring wins sometimes. We tried to frame this as a pure Bitcoin story at first. It broke. The weaker the surrounding stack looks, the harder it is for big allocators to treat crypto as a clean institutional lane.

What this means

Institutional crypto adoption now comes down to a practical question: can the industry make onchain finance boring enough for Wall Street? Gu’s “unfair game” point lands because it describes the mismatch plainly. Attackers can keep scanning. Defenders have budgets, contracts, vendor queues, and deadlines. Yes, this slightly contradicts the usual bullish tokenization narrative. Bear with me. Until that gap narrows, trillions of dollars are unlikely to move onchain with confidence. The issue also matters for Ethereum (ETH) and Solana (SOL), since both need secure infrastructure if tokenized assets are going to be more than a conference talking point.

Investors should watch security tools, insurance markets, and what large financial firms actually say about their onchain plans. Better AI-based defense systems would help. So would real onchain insurance that pays when things break, not just polished announcements. What is the cleanest signal? Follow the behavior, not the keynote. TVL in major DeFi protocols and bridges is worth tracking too. If it keeps falling, capital is still nervous. A large tokenization deal would show confidence. A delay blamed on security would say the opposite.