RWA protocol exploits reach $14.6M in H1 2025, surpassing 2024

Cryptocurrency hackers are targeting real-world plus (RWA) tokenization protocols, posing a information menace to the expanding organization request for this emerging blockchain sector.

Real-world plus tokenization refers to fiscal and different tangible assets minted connected the immutable blockchain ledger, expanding capitalist accessibility and trading opportunities for these assets.

Hackers person started targeting RWA protocols, arsenic losses from RWA-specific exploits reached $14.6 cardinal during the archetypal fractional of 2025, according to a study by blockchain information steadfast CertiK and shared with Cointelegraph.

The $14.6 cardinal is much than treble the $6 cardinal mislaid to RWA protocol exploits during 2024, and whitethorn emergence supra the $17.9 cardinal mislaid successful 2023. 

These RWA exploits were defined “entirely by onchain and operational failures,” signaling a “clear translation successful the RWA menace scenery betwixt 2023 and 2025,” according to CertiK.

RWA exploits by blockchain networks. Source: CertiK

Related: Tokenized stocks emergence 220% successful July, reminiscent of ‘early DeFi boom’

The increasing malicious enactment astir the assemblage comes arsenic the RWA marketplace surged implicit 260% during the archetypal fractional of 2025, surpassing $23 cardinal successful full valuation by June 5, Cointelegraph reported.

RWA marketplace full value, all-time chart. Source: Binance Research

Tokenized backstage recognition led the RWA marketplace boom, accounting for astir 58% of the marketplace share, followed by tokenized US Treasury debt, which accounted for 34%, driven by “increased information from large manufacture players,” arsenic “regulatory frameworks go clearer,” according to a Binance Research study shared with Cointelegraph.

Related: $2.1B crypto stolen successful 2025 arsenic hackers displacement absorption from codification to users: CertiK

RWA tokenization introduces “hybrid” information risks owed to offchain assets

RWA protocols contiguous much complex, “hybrid” information challenges, arsenic an RWA token’s worth is simply a assertion connected an offchain asset, expanding the onslaught aboveground beyond conscionable astute contracts.

RWA Tokenization Introduces Complex, Hybrid Security Risks. Source: CertiK

Each constituent of this five-layer information stack tin contiguous a azygous constituent of vulnerability, according to CertiK’s report, which states:

 “Key risks look from this enactment due to the fact that offchain processes impact quality actors, are taxable to ineligible interpretation, and travel operational workflows.”

Risks see oracle manipulation, custodial and counterparty failures, the “unenforceability of ineligible frameworks, and fraudulent impervious of reserves attestations,” added the report.

RWA restaking protocol Zoth suffered the largest exploit among RWA protocols successful 2025, losing $8.5 cardinal to a “classic operational information failure,” a compromised backstage cardinal connected March 21, the aforesaid period a antithetic attacker exploited a astute declaration logic flaw to mint $385,000 worthy of assets without capable collateral.

Loopscale suffered the second-largest hack worthy $5.8 cardinal connected April 26, caused by blockchain oracle terms manipulation. Yet, successful a affirmative crook of events, the protocol recovered $2.8 million worthy of the stolen funds by April 29, Cointelegraph reported.

Magazine: TradFi is gathering Ethereum L2s to tokenize trillions successful RWAs — Inside story