CertiK warns AI abuse and infrastructure gaps to drive 2026 crypto hacks
AI-driven exploits and cross-chain errors have brought crypto security risks into focus by 2026, CertiK experts warn, with losses already exceeding $600 million.
Summary
- Crypto losses exceeded 600 million dollars in 2026, driven mainly by massive exploitation linked to North Korean actors.
- The $293 million Kelp DAO breach related to LayerZero’s infrastructure failure and the $280 million Drift Protocol hack accounted for most of April’s losses.
- Security experts warn that AI-driven phishing, deepfakes, and automated exploit tools are making attacks faster and harder to detect.
According to a blockchain security firm, attackers are relying on a mix of social engineering, infrastructure vulnerabilities, and increasingly advanced tools to pull off the biggest breach of the year.
Losses are concentrated in a few high-impact events. April alone saw the biggest theft involving North Korean actors.
One of them involved the $293 million Kelp DAO exploit, where a failure of the cross-messaging infrastructure tied to LayerZero allowed attackers to bypass defenses built around guesswork. Another breach targeted the Drift Protocol, which resulted in an estimated loss of $280 million.
CertiK’s senior blockchain researcher Natalie Newson said the speed and nature of the attack points to a more serious threat scenario. Real-time deepfakes, phishing campaigns, supply chain compromises, and cross-chain vulnerabilities, he said, are likely to remain among the biggest activities heading into 2026.
A previous incident highlighted how AI tools are already being used in practice. On April 15, crypto wallet provider Zerion disclosed that hackers linked to North Korea conducted a long-running social engineering campaign, eventually withdrawing about $100,000 from its hot wallets.
“The best way for investors to protect themselves is to be aware of the current threats they may face… For example, to protect against phishing, always verify the authenticity of URLs and smart contracts,” Newson said.
Security concerns are not limited to external attacks. Storage practices remain a weak point, especially for retail associates.
“Using cold wallets can help keep non-frequent assets safe and allow you to sign transactions without revealing your private keys,” he added.
Attention has also turned to how artificial intelligence is changing both sides of the equation. Tools capable of producing convincing deepfakes and automated exploit development are becoming increasingly accessible.
“There are now convincing deepfakes, independent attack agents, and ‘agent AI’ that can automatically scan smart contracts for bugs, exploit codes, and attack at machine speed,” Newson said.
Earlier this month, a threat actor known as “Jinkusu” was reportedly providing cybercrime tools designed to bypass Know Your Customer checks across banks and crypto platforms, relying on the use of voice and deepfake technology.
At the same time, the defense use of AI is starting to grow. Increased automation has led to an increase in the submission of bug bounty across the industry, even if not all findings are valid. One example includes Claude Mythos, an AI system developed by Anthropic, which has been tested in limited applications to identify vulnerabilities in large operating systems.
