RWA Cyberattacks Rise 146% in 2025 as Hackers Target Tokenized Gold and Real Estate

Generated by AI AgentCoin World
Saturday, Aug 23, 2025 6:48 am ET1min read
ETH
--
Aime RobotAime Summary

- CertiK's 2025 report reveals rising crypto attacks on Real World Asset (RWA) projects tokenizing gold/real estate, exposing hybrid security risks beyond smart contracts.

- RWA exploit losses surged to $14.6M in H1 2025, with attacks shifting from off-chain credit defaults to sophisticated on-chain failures and operational errors.

- Platforms like Ondo Finance (93.58) and Paxos (93.25) show stronger security through TradFi partnerships, but market concentration on Ethereum poses systemic risks.

- CertiK emphasizes need for enhanced audits and security partnerships to address vulnerabilities in both on-chain infrastructure and off-chain custody/oracle systems.

Crypto hackers are increasingly focusing on Real World Asset (RWA) projects, a trend revealed in CertiK’s 2025 Skynet RWA Security Report [1]. These initiatives tokenize tangible assets like gold and real estate, creating a bridge between traditional finance and DeFi. While this integration offers benefits in transparency and efficiency, it also introduces multifaceted security risks beyond conventional smart contract vulnerabilities.

The tokenization process involves both on-chain and off-chain components, such as physical asset custody, legal compliance, and data oracles. CertiK highlights a five-layer model where each stage presents unique security weaknesses—ranging from

oracle
manipulation to fraudulent reserve reporting. These vulnerabilities allow attackers to exploit the weakest link in the system, often leading to financial loss or misrepresentation of asset backing [1].

Losses from RWA-related attacks have steadily increased over recent years. In the first half of 2025, RWA exploits led to $14.6 million in losses, following $6 million in 2024 and $17.9 million in 2023 [1]. The methods of attack have also evolved: whereas earlier incidents targeted off-chain credit defaults, current threats increasingly focus on on-chain failures and operational errors, indicating a shift toward more sophisticated and adaptive hacking techniques.

Platforms with strong traditional finance (TradFi) backing tend to demonstrate superior security. CertiK identifies protocols linked to well-established institutions like

BlackRock
and Franklin Templeton as more secure due to their adherence to rigorous compliance and custodial standards [1]. For example, Ondo Finance ranks third in CertiK’s security score at 93.58, offering tokenized U.S. Treasury and bank deposit assets. Paxos, ranked fourth at 93.25, mints gold tokens that are vaulted and regulated under New York laws. Tether Gold (XAUt), at fifth with a score of 92.36, sees growing demand as investors seek inflation-hedging assets [1].

Despite these robust examples, the concentration of RWA value on a limited number of blockchains—primarily Ethereum—raises systemic risks. A major disruption to these foundational protocols could cause widespread market instability. CertiK notes that the RWA market's security is heavily dependent on a small number of platforms and infrastructure providers [1]. To reduce this risk, enhanced security partnerships and ongoing audits are necessary. Given the hybrid nature of RWA projects, both on-chain and off-chain defenses must be reinforced to ensure resilience against evolving threats.

Source: [1] Why Crypto Hackers Are Racing to Exploit Real World Asset Projects – The Silent Threat You Can’t Ignore (https://www.livebitcoinnews.com/why-crypto-hackers-are-racing-to-exploit-real-world-asset-projects-the-silent-threat-you-cant-ignore/)