{"id":866860,"date":"2025-08-21T21:12:47","date_gmt":"2025-08-22T02:12:47","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/08\/21\/rwa-protocol-exploits-reach-14-6m-in-h1-2025-surpassing-2024\/"},"modified":"2025-08-21T21:12:47","modified_gmt":"2025-08-22T02:12:47","slug":"rwa-protocol-exploits-reach-14-6m-in-h1-2025-surpassing-2024","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/08\/21\/rwa-protocol-exploits-reach-14-6m-in-h1-2025-surpassing-2024\/","title":{"rendered":"RWA protocol exploits reach $14.6M in H1 2025, surpassing 2024"},"content":{"rendered":"
\n

Cryptocurrency hackers are targeting real-world asset (RWA) tokenization protocols, posing a security threat to the increasing institutional demand for this emerging blockchain sector.<\/p>\n

Real-world asset tokenization<\/a> refers to financial and other tangible assets minted on the immutable blockchain ledger, increasing investor accessibility and trading opportunities for these assets.<\/p>\n

Hackers have started targeting RWA protocols, as losses from RWA-specific exploits reached $14.6 million during the first half of 2025, according to a report by blockchain security firm CertiK and shared with Cointelegraph.<\/p>\n

The $14.6 million is more than double the $6 million lost to RWA protocol exploits during 2024, and may rise above the $17.9 million lost in 2023.\u00a0<\/p>\n

These RWA exploits were defined \u201centirely by onchain and operational failures,\u201d signaling a \u201cclear transformation in the RWA threat landscape between 2023 and 2025,\u201d according to CertiK.<\/p>\n

RWA exploits by blockchain networks. Source: CertiK<\/em><\/figcaption><\/figure>\n

Related: <\/strong><\/em>Tokenized stocks rise 220% in July, reminiscent of \u2018early DeFi boom\u2019<\/strong><\/em><\/a><\/p>\n

The growing malicious activity around the sector comes as the RWA market surged<\/a> over 260% during the first half of 2025, surpassing $23 billion in total valuation by June 5, Cointelegraph reported.<\/p>\n

RWA market total value, all-time chart. Source: Binance Research<\/em><\/figcaption><\/figure>\n

Tokenized private credit led the RWA market boom, accounting for about 58% of the market share, followed by tokenized US Treasury debt, which accounted for 34%, driven by \u201cincreased participation from major industry players,\u201d as \u201cregulatory frameworks become clearer,\u201d according to a Binance Research report shared with Cointelegraph.<\/p>\n

Related: <\/strong><\/em>$2.1B crypto stolen in 2025 as hackers shift focus from code to users: CertiK<\/strong><\/em><\/a><\/p>\n

RWA tokenization introduces \u201chybrid\u201d security risks due to offchain assets<\/h2>\n

RWA protocols present more complex, \u201chybrid\u201d security challenges, as an RWA token\u2019s value is a claim on an offchain asset, expanding the attack surface beyond just smart contracts.<\/p>\n

RWA Tokenization Introduces Complex, Hybrid Security Risks. Source: CertiK<\/em><\/figcaption><\/figure>\n

Each component of this five-layer security stack can present a single point of vulnerability, according to CertiK\u2019s report, which states:<\/p>\n

\u00a0\u201cKey risks emerge from this interaction because offchain processes involve human actors, are subject to legal interpretation, and follow operational workflows.\u201d<\/p><\/blockquote>\n

Risks include oracle manipulation, custodial and counterparty failures, the \u201cunenforceability of legal frameworks, and fraudulent proof of reserves attestations,\u201d added the report.<\/p>\n

RWA restaking protocol Zoth suffered<\/a> the largest exploit among RWA protocols in 2025, losing $8.5 million to a \u201cclassic operational security failure,\u201d a compromised private key on March 21, the same month a different attacker exploited a smart contract logic flaw to mint $385,000 worth of assets without sufficient collateral.<\/p>\n

Loopscale suffered the second-largest hack worth $5.8 million on April 26, caused by blockchain oracle price manipulation. Yet, in a positive turn of events, the protocol recovered $2.8 million<\/a> worth of the stolen funds by April 29, Cointelegraph reported.<\/p>\n