CertiK: AI misuse and infrastructure weaknesses set to drive 2026 crypto hacks
Blockchain security firm CertiK warns that a mix of AI-powered tools, social engineering, and infrastructure gaps is reshaping the crypto threat landscape and will likely drive major breaches into 2026. The company says attackers have already drained more than $600 million this year, with losses concentrated in a few high-impact incidents.
Big losses, familiar patterns
April was particularly costly: two major thefts linked to North Korean actors included a $293 million exploit at Kelp DAO and roughly $280 million taken from Drift Protocol. In Kelp’s case, CertiK says a failure in cross-chain messaging infrastructure tied to LayerZero let attackers bypass safeguards that relied on trust assumptions—illustrating how brittle cross-chain systems can be when underlying messaging or bridge components fail.
AI and social engineering in the wild
CertiK senior blockchain investigator Natalie Newson told Crypto News that attacks are becoming more complex and automated. Real-time deepfakes, sophisticated phishing, supply-chain compromises, and cross-chain vulnerabilities are likely to sit at the center of the next wave of major exploits.
An earlier incident underlines the human-angle: on April 15, crypto wallet provider Zerion disclosed a prolonged social engineering campaign attributed to North Korean-linked actors that extracted about $100,000 from hot wallets. “The best way for investors to protect themselves is to be aware of the current threats they may face… For instance, to protect yourself against phishing, always verify the authenticity of URLs and smart contracts,” Newson said.
Storage and basic hygiene still matter
CertiK stresses that many losses still stem from poor storage and operational practices, especially among retail users. Newson recommended cold wallets to keep assets not used for day-to-day trading offline, allowing transaction signing without exposing private keys.
AI: empowering attackers and defenders
AI is changing both offense and defense. On the malicious side, tools that generate convincing deepfakes and autonomous “agentic” systems can scan smart contracts for bugs, draft exploit code, and execute attacks at machine speed. CertiK flagged a threat actor named “Jinkusu” reportedly selling tools that use voice manipulation and deepfakes to bypass Know Your Customer (KYC) checks on banks and crypto platforms.
Defensive AI is also rising: increased automation has driven a surge in bug-bounty submissions industry-wide—though not every AI-found bug is valid. CertiK points to limited deployments of systems like Anthropic’s Claude Mythos being tested to identify vulnerabilities in major operating systems as an example of AI-assisted defensive work.
Mitigation checklist (CertiK highlights)
- Verify URLs and smart contract addresses to avoid phishing.
- Use cold wallets for long-term holdings; minimize hot wallet exposure.
- Monitor cross-chain integrations and insist on rigorous audits for messaging/bridge components.
- Treat AI-driven social engineering and deepfakes as real threats—train teams and users to spot inconsistencies.
- Leverage automated scanning and bug-bounty programs, but validate findings carefully.
As exploits grow more automated and cross-chain complexity increases, CertiK’s message is clear: technical hardening, improved operational hygiene, and AI-aware defenses will be essential to limit the scale of hacks heading into 2026.
Read more AI-generated news on: undefined/news
