Cryptocurrency hackers are focusing on real-world asset (RWA) tokenization protocols, posing a safety risk to the rising institutional demand for this rising blockchain sector.
Actual-world asset tokenization refers to monetary and different tangible property minted on the immutable blockchain ledger, rising investor accessibility and buying and selling alternatives for these property.
Hackers have began focusing on RWA protocols, as losses from RWA-specific exploits reached $14.6 million through the first half of 2025, in line with a report by blockchain safety agency CertiK and shared with Cointelegraph.
The $14.6 million is greater than double the $6 million misplaced to RWA protocol exploits throughout 2024, and should rise above the $17.9 million misplaced in 2023.
These RWA exploits have been outlined “fully by onchain and operational failures,” signaling a “clear transformation within the RWA risk panorama between 2023 and 2025,” in line with CertiK.
Associated: Tokenized shares rise 220% in July, harking back to ‘early DeFi increase’
The rising malicious exercise across the sector comes because the RWA market surged over 260% through the first half of 2025, surpassing $23 billion in complete valuation by June 5, Cointelegraph reported.
Tokenized personal credit score led the RWA market increase, accounting for about 58% of the market share, adopted by tokenized US Treasury debt, which accounted for 34%, pushed by “elevated participation from main trade gamers,” as “regulatory frameworks grow to be clearer,” in line with a Binance Analysis report shared with Cointelegraph.
Associated: $2.1B crypto stolen in 2025 as hackers shift focus from code to customers: CertiK
RWA tokenization introduces “hybrid” safety dangers on account of offchain property
RWA protocols current extra complicated, “hybrid” safety challenges, as an RWA token’s worth is a declare on an offchain asset, increasing the assault floor past simply sensible contracts.
Every element of this five-layer safety stack can current a single level of vulnerability, in line with CertiK’s report, which states:
“Key dangers emerge from this interplay as a result of offchain processes contain human actors, are topic to authorized interpretation, and observe operational workflows.”
Dangers embrace oracle manipulation, custodial and counterparty failures, the “unenforceability of authorized frameworks, and fraudulent proof of reserves attestations,” added the report.
RWA restaking protocol Zoth suffered the most important exploit amongst RWA protocols in 2025, shedding $8.5 million to a “traditional operational safety failure,” a compromised personal key on March 21, the identical month a distinct attacker exploited a sensible contract logic flaw to mint $385,000 price of property with out enough collateral.
Loopscale suffered the second-largest hack price $5.8 million on April 26, attributable to blockchain oracle value manipulation. But, in a constructive flip of occasions, the protocol recovered $2.8 million price of the stolen funds by April 29, Cointelegraph reported.
Journal: TradFi is constructing Ethereum L2s to tokenize trillions in RWAs — Inside story