RWA Protocol Exploits Reach $14.6M in H1 2025, Surpassing 2024
The real-world asset protocols present an "evolving" threat landscape that offers a larger attack surface for hackers, according to CertiK. Cryptocurrency hackers are targeting real-world asset (RWA) tokenization protocols, posing a security threat to the increasing institutional demand for this emerging blockchain sector.
Real-World Asset Tokenization: A Growing Sector with Increasing Security Threats
Real-world asset tokenization refers to financial and other tangible assets minted on the immutable blockchain ledger, increasing investor accessibility and trading opportunities for these assets. As a result, the RWA market has surged over 260% during the first half of 2025, surpassing $23 billion in total valuation by June 5.
Tokenized private credit led the RWA market boom, accounting for about 58% of the market share, followed by tokenized US Treasury debt, which accounted for 34%, driven by "increased participation from major industry players," as "regulatory frameworks become clearer," according to a Binance Research report shared with Cointelegraph.
The Growing Malicious Activity Around RWA Protocols
The growing malicious activity around the sector comes as the RWA market surged over 260% during the first half of 2025, surpassing $23 billion in total valuation by June 5. However, hackers have started targeting RWA protocols, posing a security threat to this emerging blockchain sector.
Risks and Challenges
RWA protocols present more complex, "hybrid" security challenges, as an RWA token's value is a claim on an offchain asset, expanding the attack surface beyond just smart contracts. Each component of this five-layer security stack can present a single point of vulnerability, according to CertiK’s report.
Risks include oracle manipulation, custodial and counterparty failures, the "unenforceability of legal frameworks, and fraudulent proof of reserves attestations," added the report. These risks highlight the need for robust security measures to protect RWA protocols from hackers.
Notable Exploits
RWA restaking protocol Zoth suffered the largest exploit among RWA protocols in 2025, losing $8.5 million to a "classic operational security failure," a compromised private key on March 21. The same month, a different attacker exploited a smart contract logic flaw to mint $385,000 worth of assets without sufficient collateral.
Loopscale suffered the second-largest hack worth $5.8 million on April 26, caused by blockchain oracle price manipulation. However, in a positive turn of events, the protocol recovered $2.8 million worth of the stolen funds by April 29, Cointelegraph reported.
A Call to Action
The increasing malicious activity around RWA protocols highlights the need for robust security measures and cooperation among industry players to protect this emerging blockchain sector. As the RWA market continues to grow, it is essential to address these security threats head-on and ensure that investors can trust their assets are secure.