- On May 15, Certik raised the alarm about AI-based attacks on smart contracts, as hackers are looking at these smart contracts in a new way.
- Criminals are using AI tools to detect the locations found in old smart contracts.
- North Korea’s Lazarus group has been targeting the crypto sector by carrying out large-scale digital attacks over the past few months.
On May 15, Certik, a leading cyber security company, raised the alarm amid cyber security concerns in the crypto sector, saying that old smart contracts are becoming a soft target for hackers.
According to Certik, hackers are using artificial intelligence (AI) technology to identify vulnerabilities in these smart contracts.
Certik Co-founder Raises Warning on Old Smart Contracts
Founder and CEO of CertiK Ronghui Gu said, “In April, last month, there were only three days without hacks. More than $690 million was stolen last month in the DeFi protocol.”
The crypto market is currently going through a rough time after the worst cyber attacks in April and May, where hackers managed to steal hundreds of millions of dollars from the crypto market. In April, more than $600 million was stolen from 30 different online games. It made it one of the worst months for crypto hacks in the past few years. Among all these cyber threats, there are two major threats that have caused accidents in the DeFi sector, including Drift Protocol and Kelp DAO.
There was no simple mistake in writing on these platforms, but hackers have also done some sophisticated work. Most of these are linked to North Korea’s Lazarus group. These cyber attacks have destroyed the confidence of investors and caused people to leave various platforms. These attacks have exposed vulnerabilities in DeFi infrastructure, including bridges, smart contractsand others.
The leading decentralized permanent exchange on the Solana blockchain, Drift Protocol, faced a security incident in April, where the platform lost about $285 million in a hack. According to cybersecurity experts, the attack was carried out by the Lazarus Group in a 6-month technical attack. In order to extort money, they built trust with the team members through fake business stories, and later, tricked members of the security organization into pre-signing events.
After the hacker managed to gain access to the platform, he created fake credentials to use as collateral on the platform. These fake passwords enabled hackers to leak protocols in just 12 minutes. This attack was so destructive that more than half of the total value of the Drift lock (TVL) was wiped out during the hack. However, the strategic partnership was not affected at this time. These attacks were caused by human error and poor job security.
A few days after the cyber attack on the Drift protocol, the leading liquid protocol, Kelp DAO, was compromised in a massive attack on its bridge. In this cyber attack, approximately $292 million was stolen from Kelp after thieves stole 116,500 rsETH tokens.
Kelp DAO is the DeFi platform that allows users to stake Ethereum derivatives and, in return, earn rsETH tokens. These tokens allow them to generate income and productivity. In this hacking scenario, hackers linked to the Lazarus Group targeted the bridge used by Kelp, which is managed by LayerZero.
Integrated bridges are used to move assets between different blockchain networks, and these DeFi devices require verifiers to verify and approve transactions on different blockchains. At the time, Kelp was using one-factor authentication to approve the transaction.
Hackers began to control the RPC protocol, which enables the blockchain to read data to verifiers to verify transactions. Along with this, the hackers launched a DDoS attack on some nodes to keep them in the dark.
After this, the hackers will start feeding fake data into the RPC node which will show the fake event of burning the token. In fact, this fiery event has never happened before. This tricked the system into issuing real rsETH tokens on Ethereum without any kind of real support. Even though this cyberattack happened, Kelp DAO has recently been restored work.
Lazarus Group Launches Campaign Against Crypto Sector
Recently, the blockchain security company Certik released a report that revealed a lot of information about North Korea.
The report he said, “North Korea has turned cryptocurrency piracy into a major source of income, operating on a scale and scale unmatched by the ecosystem. Our report examines nearly ten years of work, finding that actors affiliated with the DPRK stole 6.75 billion dollars in 263 events between 2016 and the beginning of 2026. This number may not contradict the real reality, as the hundreds of small attacks on people and initial operations remain uncounted.“
Last year, hackers linked to North Korea made $2.06 billion over the course of the year. This is about 60% of all cryptocurrency hacks that took place throughout the year. However, the strange part of this number is that this is only 12% of the total number of incidents. This shows that North Korean hackers are interested in large-scale attacks.
“This has continued until 2026, where DPRK activity represents 55% of global losses year-on-year, led by major events such as the $291 million KelpDAO attack. “The report points to increased efficiency, a better cleaning process, and a constant reliance on human and supply chain risk rather than corporate error,” the report said.
In the past few months, Certik has observed the impact of cyber attacks on cryptocurrency. They have noted that most cyber attacks are linked to vulnerabilities found in smart contracts. Many of these smart contracts were using older versions of programming languages such as Solidity 0.6. Hackers are actively looking for these smart contracts to exploit vulnerabilities using advanced artificial intelligence technology.
Also Read: Thorchain Suffers from Multi-Collaboration- $10M+ Poured on All Machines
