Crypto hackers are turning their attention to Real World Asset projects, exposing security flaws in a new and different way, warns CertiK in its 2025 Skynet RWA Security Report.
Crypto hackers are moving towards Real World Asset (RWA) projects. This is a new phase in crypto security risks. This transition is noted by the 2025 Skynet RWA Security Report by CertiK. WAs bridge the gap between conventional financial assets and blockchain transactions. This combination adds value and new risks.
RWA tokenization is a process that would affect an on-chain real-world asset. It establishes a connection between traditional finance (TradFi) and decentralized finance (DeFi).
The convergence is expected to be more efficient and transparent. It also creates a complex security issue. Risks now go beyond dumb smart contract bugs
RWA Token Risks Stretch Beyond Code
RWA tokens are its claims to physical, off-chain assets. This configuration enlarges the attack surface. CertiK presents a five-layer protective model. It discusses the physical asset risks, custody, oracles, legality, and smart contracts.
Every layer is subjected to different weak points. Oracle attacks may falsify asset pricing data. The risk of custody is loss or mismanagement of property. Poor legal systems lead to difficulty in the recovery of stolen tokens
It is possible to fabricate the reports that serve as proof of reserve. These fraudulent certifications deceive investors about asset backing. Projects have to obtain on-chain and off-chain components. Hackers hit the weakest element in the system
Rising Losses and Evolving Threats
In the first half of 2025, RWA abuses led to losses totaling 14.6 million dollars. It is important to note that this comes after a loss of six million dollars in 2024 and $17.9 million in 2023. But hackers have changed their tactics, as observed by CertiK. Previous attacks targeted credit defaults out of the chain.
More hacks are now based on the basis of on-chain failures and operational errors. By researching new vulnerabilities, attackers are able to circumvent higher defenses. This is an indication of altering threats in the RWA ecology.
TradFi Backing Means Stronger Security
Protocols associated with established TradFi participants are safer. BlackRock and Franklin Templeton are some of the firms mentioned by CertiK. These entities use strict compliance and custodial standards.
RWA platforms use CertiK as their security audit partner. Ondo Finance scores #3 with a 93.58 score. It provides U.S. Treasury- and bank deposit-collateralized tokens. Ondo moves institutional products to DeFi
Paxos is at #4 with 93.25. It mints gold tokens that are regulated and whose gold is vaulted. The tokens are under are governed under strict New York laws
Tether Gold (XAUt) is ranked 5th at 92.36. It releases tokens that are secured in real gold bullion. There is an increasing demand for these tokens as concerns of inflation arise. These leaders are unique because of their transparency and security orientation.
Concentrated Blockchains Heighten Systemic Risks
Most RWA value focuses on the selected blockchains. Most of these assets are carried on Ethereum. This concentration puts the market at risk of systemic threats.
A significant break on these key blockchains or protocols could wreak havoc. According to CertiK, the security of the RWA market is dependent on a select few companies.
The partnerships between security firms are essential in the reduction of risk. Reviews and audits boost the defenses. RWA is hybrid in nature, which requires enhanced security on and off-chain.
