Cryptocurrency hackers target real-world asset (RWA) tokenization protocols, pose security threats to the growing institutional demand for this emerging blockchain sector.
Real-world asset tokenization refers to financial and other tangible assets created in immutable blockchain ledgers, increasing the accessibility and trading opportunities for investors of these assets.
A report by blockchain security company Certik found that losses from RWA-specific exploits reached $14.6 million in the first half of 2025, shared with Cointelegraph, and hackers began targeting RWA protocol targets.
$14.6 million is more than double the $6 million lost to the RWA protocol exploit in 2024, potentially exceeding $17.9 million in 2023.
These RWA exploits are defined “fully by onicaine and operational failures” and show “a clear transformation of the 2023-2025 RWA threat landscape.”
RWA exploits through blockchain networks. Source: certik
Related: Inventories that were tokenized in July rose 220%, reminiscent of the “early debt boom.”
Cointelegraph reported that growth in malicious activity around the sector would skyrocket over 260% in the first half of 2025, surpassing the total valuation of over $23 billion.
The total value of the RWA market, the highest chart ever. Source: Binance Research
Tokenized private credit led to a boom in the RWA market, accounting for around 58% of the market share, followed by tokenized US financial obligations, which accounted for 34%, driven by “a more clear regulatory framework,” as “a more clear regulatory framework.”
Related: $2.1 billion encryption stolen in 2025 as hackers shifted focus from code to users: certik
RWA tokenization introduces “hybrid” security risks with off-chain assets
As the value of RWA tokens is an assertion against off-chain assets, expanding the attack surface beyond smart contracts, the RWA protocol presents a more complex “hybrid” security challenge.
RWA tokenization introduces complex, hybrid security risks. Source: certik
According to a Certik report, each component of this five-tier security stack can present a single point of vulnerability.
“The off-chain process involves human actors, subject to legal interpretations and follows operational workflows, creating significant risks from this interaction.”
Risks include Oracle operations, custody and counterparty failures, and “fraudulent evidence of bookings without enforceability of the legal framework.”
RWA’s redevelopment protocol Zoth suffered the largest exploit of the RWA protocol in 2025, losing $8.5 million to a private key that was breached on March 21, “classic operational security failure.”
Loopscale suffered from the second-largest hack worth $5.8 million on April 26, due to Oracle’s price manipulation on the blockchain. However, with a positive turn of events, the protocol had recovered $2.8 million worth of stolen funds by April 29th, Cointelegraph reported.
https://www.youtube.com/watch?v=kynq5yofkwo
Magazine: Tradfi is building Ethereum L2 to tokenize trillions in rwas – Internal Story
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
