Crypto Hackers are Shifting Focus to RWA Projects, CertiK Report Shows

A new report from CertiK assessed the RWA (real-world assets) market in 2025 and found a growing wave of hacks. Criminals have started shifting their approach during the first half of the year, hammering on the technology’s weaknesses.

Also, the report highlights how the majority of tokenized assets sit on Ethereum and a few dominant protocols. This concentration means a single major exploit could ripple through the entire $13.9 billion+ RWA sector.

RWA Hacks on the Rise

Blockchain security researchers at CertiK published their Skynet RWA Security Report today. It shows how threats against RWA projects have evolved since 2023, and the attack surface now extends across both on and off-chain assets.

RWA Hacks By Year. Source: Certik

From January to July, the RWA sector lost $14.6 million to hacks and frauds, which is almost as much as the entirety of 2023. So far, there are no signs of stopping, especially since RWAs received a lot of market attention this year.

Unique Hybrid Vulnerabilities

Nonetheless, CertiK doesn’t ascribe economic forces as the reason for this shift. In previous years, RWA crime focused on off-chain threats, with credit and loan defaults representing a substantial chunk of all incidents.

Today, however, the RWA market is undoubtedly becoming more susceptible to hacks:

“The data highlights a clear transformation in the RWA threat landscape. The first half of 2025 shows a complete shift: losses jumped to nearly $14.6 million, and were caused entirely by on-chain and operational failures. The threat has evolved from exploiting external financial arrangements to attacking the core technology…itself,” CertiK claimed.

And yet, RWA’s unique integration with TradFi makes it vulnerable to hacks on both ends. Oracles are the key link between the on-chain and off-chain worlds, which means a single breach here can cause smart contracts to behave irrationally. It may totally untether the RWA from the underlying assets, allowing for profitable exploits.

In other words, a firm may offer RWAs solely based on “rock solid” assets like gold or US Treasury bonds, but a well-placed hack could cause the entire security structure to collapse.

Plenty of firms base RWAs on other sturdy assets like real estate, but the illiquid nature of this market also enables oracle manipulation. Most RWAs on the US market currently consist of assets like these, not private credit, but that doesn’t necessarily offer real protection.

RWA Underlying Assets. Source: Certik

Security Measures and TradFi’s Role

CertiK describes a few layers of security, some of which may be a little counterintuitive. To be clear, it prioritizes the classic hallmarks of crypto protection, but it also includes other steps.

For example, CertiK firmly stressed the importance of legally sound contracts as “a poorly drafted agreement might…render the entire structure unenforceable.” This would be catastrophic in the event of a major breach.

For this reason, the firm claimed that TradFi institutional participation is a vital component of RWA security. Firms like BlackRock already have well-established principles for most of CertiK’s recommendations, from legal language, solid asset storage, administrative guardrails, and more.

Unfortunately, this makes JPMorgan’s recent report that TradFi institutions are losing interest in RWAs all the more concerning. If crypto-native firms will soon represent the bulk of the RWA market, they’ll need diligent preparations to avoid this growing hack wave.

For now, this report details many measures that can be taken, and it assesses all the largest players in today’s RWA market on their security principles. As long as these companies keep proactively improving their security posture, they can outpace these attacks.