Cryptocurrency hackers are increasingly targeting real-world asset (RWA) tokenization protocols, a trend that poses serious security risks to the growing institutional demand for this emerging blockchain sector. RWA tokenization allows financial and tangible assets to be minted on the immutable blockchain ledger, offering increased investor access and trading opportunities for these assets. However, recent data from Certik highlights a worrying trend: RWA protocol exploits have reached $14.6 million in the first half of 2025, more than double the losses reported in 2024. This alarming surge may even surpass the $17.9 million lost in 2023, signaling a significant shift in the RWA threat landscape.
The substantial increase in malicious activity coincides with a surge in the RWA market, surpassing $23 billion in total valuation by June 5, according to Cointelegraph. This growth is largely driven by tokenized private credit and US Treasury debt, both experiencing significant participation from major industry players as regulatory frameworks become clearer.
However, these rising figures come with a caveat. RWA protocols present ‘hybrid’ security challenges due to offchain asset claims, expanding the attack surface beyond just smart contracts. This complex interconnectivity exposes vulnerabilities through oracle manipulation, custodial and counterparty failures, and fraudulent proof of reserve attestations.
Further fueling the concerns is the recent high-profile exploits. The Zoth protocol suffered a massive $8.5 million exploit in March 2025 due to a compromised private key, while Loopscale faced a $5.8 million hack caused by blockchain oracle price manipulation. However, this wasn’t without good news; Loopscale recovered over $2.8 million of the stolen funds by April 29th.
These incidents demonstrate the growing need for more robust security measures and highlight the importance of addressing these complex challenges to ensure continued growth in the RWA market.