The Rise of RWA Tokenization and Security Threats
The rise in institutional interest in real-world asset (RWA) tokenization is now under threat from malicious hackers, as highlighted by a recent report from blockchain security firm CertiK that was shared with Cointelegraph. RWA tokenization refers to the process of creating digital representations of tangible assets, such as financial instruments, on the blockchain, which enhances accessibility and facilitates trading opportunities for investors.
Escalating Security Breaches
However, security breaches targeting RWA protocols have escalated dramatically, with losses attributed to these exploits reaching a staggering $14.6 million in the first half of 2025 alone. This figure marks a significant increase compared to the approximately $6 million reported in 2024 and suggests potential losses might eclipse the $17.9 million recorded in 2023.
CertiK’s report underscores that the vulnerabilities leading to these financial losses stem from both on-chain failures and operational shortcomings, illustrating a marked shift in the security landscape for RWAs since 2023.
Market Growth and Unique Security Risks
Notably, the burgeoning RWA market has expanded over 260% during this same timeframe, surpassing a valuation of $23 billion by early June 2025, largely due to increased investments in tokenized private credit and U.S. Treasury securities, driven by clearer regulatory frameworks.
Nevertheless, along with the tremendous growth of the RWA market comes a set of unique security risks termed “hybrid” due to their relationship with off-chain assets. RWA tokens are inherently tied to physical assets, thus complicating the risk profile beyond just smart contract vulnerabilities.
CertiK points out that the integration of off-chain processes introduces various potential points of failure, including manipulations through oracle attacks, custodial risks, breaches of counterparty obligations, and challenges regarding legal enforceability of asset claims.
Significant Exploits in 2025
The most significant exploit reported in 2025 involved the Zoth protocol, which suffered an $8.5 million loss as a result of compromised operational security on March 21, coinciding with another incident where a flaw in smart contract logic allowed attackers to create $385,000 worth of assets collateralized insufficiently. Another notable breach occurred with the Loopscale protocol, which lost $5.8 million due to price manipulation of blockchain oracles but managed to recover approximately $2.8 million of that amount shortly after.
Overall, the evolving narrative of RWA tokenization underlines the dual nature of opportunity and risk as this sector continues to attract substantial institutional interest.
