EddieJayonCrypto
21 Aug 25
Cybersecurity firm Certik reports that real-world asset (RWA) protocols suffered approximately $14.6 million in exploits during the first half of 2025, an increase from $6 million in 2024 but less than $17.9 million in 2023. Attacks involve complex risks beyond smart contract vulnerabilities, includ...
New data from cybersecurity firm Certik reveals that real-world asset (RWA) protocols experienced tens of millions of dollars in exploits during the first half of 2025, totaling approximately $14.6 million. This marks an increase compared to previous years, with $6 million in losses recorded in 2024 and $17.9 million in 2023. Certik's 2025 RWA security report highlights that attacks on these protocols extend beyond simple smart contract vulnerabilities due to the fact that RWAs derive their value from off-chain assets.
According to Certik, the broader attack surface includes risks such as oracle manipulation, custodial and counterparty failures, challenges related to the enforceability of legal frameworks, and fraudulent proof-of-reserve attestations. This complexity means attackers must navigate both on-chain and off-chain factors, making the security landscape more intricate than before. Notably, the report signals a shift from earlier years, which were dominated by off-chain credit defaults, to more recent incidents characterized by on-chain and operational security failures.
Furthermore, Certik emphasizes that most RWA protocols are deployed on a limited number of blockchain ecosystems, particularly Ethereum. This concentration of value and activity means that the overall security and health of the RWA market heavily depend on the operational integrity and safeguards implemented by these key players and their underlying blockchains. As a result, securing these core systems is critical to maintaining trust and stability within the RWA sector.