In the first half of 2025, exploits targeting real-world asset (RWA) tokenization protocols resulted in losses of $14.6 million, more than double the $6 million lost in 2024. This rise in hacking incidents aligns with the increased institutional demand for RWAs, which are tangible assets tokenized on blockchain. The shift in the threat landscape, identified by CertiK, highlights that these RWA exploits stem from onchain and operational failures, signaling evolving security risks. The surge may exceed the $17.9 million lost in 2023. Major contributors to these exploits include compromised private keys and oracle price manipulation, as seen in notable attacks on RWA restaking and Loopscale protocols. The RWA market has grown significantly, largely due to tokenized private credit and US Treasury debts, which now dominate the market. However, as RWA tokenization introduces hybrid security challenges involving offchain assets, risks such as oracle manipulation and operational failures pose significant threats to security. CertiK warns that each layer of the RWA security stack can present vulnerabilities, making the sector a focus for increasingly sophisticated cyberattacks.

Source 🔗