New data from the cybersecurity firm Certik reveals that real-world asset (RWA) protocols were hit with tens of millions of dollars worth of exploits during the last six months.
In its 2025 RWA security report, Certik says that during the first half of the year, RWA protocols saw $14.6 million worth of exploits, up from both of the previous years.
-->According to Certik, since RWAs hold their value off-chain, attacks on their protocols require more than just exploiting smart contract code – the bad actors need to dive deeper.
“Since an RWA token’s value is a claim on an off-chain asset, the attack surface expands beyond smart contract code. It includes risks of oracle manipulation, custodial and counterparty failures, the enforceability of legal frameworks, and fraudulent proof-of-reserve attestations.
Direct losses from RWA-specific exploits reached approximately $14.6 million in H1 2025, following fluctuating annual losses of $6 million in 2024 and $17.9 million in 2023.
The evolution of the threat landscape is more significant than the direct monetary losses. While earlier years were defined by off-chain credit defaults, recent incidents show a shift toward on-chain and operational security failures.”
Certik goes on to note that since most RWA protocols are built over select blockchains such as Ethereum (ETH), the second-largest digital asset by market cap, the sector’s health is largely linked to how well these protocols secure themselves.
“The majority of RWA value resides on select blockchain ecosystems such as Ethereum, and within a handful of leading products. This concentration means the overall health of the RWA market is highly dependent on the security and operational integrity of these few key players and their underlying chains.”
Follow us on X, Facebook and Telegram
