News

RWA Protocol Hacks Hit $14.6M in H1 2025, Doubling Last Year’s Losses

Rising Threats to RWA Tokenization

The rapidly growing sector of real-world asset (RWA) tokenization-where tangible assets like private credit or government debt are minted as blockchain tokens-is attracting significant hacker attention. These protocols, increasingly favored by institutional investors, face growing security risks.

A new report by blockchain security firm CertiK reveals that losses from RWA protocol exploits reached $14.6 million in the first half of 2025. This figure more than doubles the $6 million lost in all of 2024, and is on track to surpass the $17.9 million recorded in 2023.

What’s Behind the Growing Losses?

CertiK classifies these exploits primarily as results of onchain and operational failures, marking a clear shift in the threat landscape between 2023 and 2025.

This spike in attacks coincides with a market boom: the RWA sector grew over 260% in H1 2025, reaching a valuation exceeding $23 billion by early June.

Market Breakdown & Drivers

Tokenized private credit leads with roughly 58% market share.
Tokenized US Treasury debt accounts for about 34%.
Growth fueled by major players entering the space and the development of clearer regulatory frameworks, according to a Binance Research report.

Complex Security Challenges

Unlike typical crypto tokens, RWA tokens represent claims on offchain assets, creating “hybrid” security risks that span blockchain and real-world systems.

CertiK outlines a five-layer security model, each posing potential vulnerabilities:

Oracle manipulation
Custodial and counterparty failures
Legal enforceability challenges
Fraudulent proof of reserves

Notable Attacks in 2025

Zoth, an RWA restaking protocol, suffered an $8.5 million loss in March due to a compromised private key-labelled a “classic operational failure.”
In the same month, another attacker exploited a logic bug to mint $385,000 worth of assets without proper collateral.
Loopscale faced a $5.8 million hack in April, caused by blockchain oracle price manipulation. The protocol impressively recovered $2.8 million of those funds within days.

With RWAs representing a critical bridge between traditional finance and DeFi, securing these complex systems is essential. Developers, founders, and researchers must remain vigilant against evolving multi-dimensional threats as the market expands rapidly.

Intel and AMD Chip Security Falls to Low-Cost Physical Attacks Exploiting Memory Encryption Flaws

Source: Intel and AMD trusted enclaves-the backbone of network security-fall to physical attacks Intel and AMD’s secure enclaves, relied upon by cloud providers to protect sensitive data, have been compromised by new physical attacks targeting memory encryption techniques. These findings raise significant concerns for projects depending on Trusted Execution

MYX Finance Exposed: $170M “Mathematical Impossibility” Crypto Scam Uncovered

Source: rekt.news - Parabolic Mirage MYX Finance’s meteoric rise wasn’t just luck or hype-it was a carefully orchestrated market manipulation backed by irrefutable statistical evidence. Analysis of over 9,200 minute-by-minute trades revealed trading patterns so precise they defy probability, exposing what experts call "a mathematical

How the U.S. Uncovered $110M Crypto Laundering Tied to Human Trafficking Scams

Source: How the U.S. Traced $110M Crypto Money Laundering Cases - BlockSec U.S. authorities recently revealed a massive $110 million crypto money laundering operation tied to human trafficking scams across Southeast Asia, exposing critical compliance weaknesses in offshore banking and digital asset ecosystems. Blockchain security firm BlockSec analyzed

Rising Threats to RWA Tokenization

What’s Behind the Growing Losses?

Market Breakdown & Drivers

Complex Security Challenges

Notable Attacks in 2025

Read next