Crypto Hackers Pivot to RWA Targets - CertiK Exposes New Attack Frontier

Real-world asset projects become hackers' newest playground as security firm CertiK sounds the alarm.

The Threat Shifts Ground

Blockchain's bridge to traditional finance just got riskier. CertiK's latest security report reveals crypto attackers are abandoning DeFi temporarily to exploit emerging RWA vulnerabilities. These projects—tokenizing everything from real estate to commodities—represent crypto's hottest growth sector and now its juiciest target.

Security experts note RWAs' complex legal structures and cross-chain integrations create fresh attack surfaces. While DeFi protocols hardened defenses after years of assaults, RWA platforms remain the new kid on the blockchain—armed with innovation but lacking battle-tested security.

Wall Street's long-awaited 'crypto revolution' now faces its first real stress test—because nothing attracts hackers like traditional finance finally taking digital assets seriously.

RWA Hacks on the Rise

Blockchain security researchers at CertiK published their Skynet RWA Security Report today. It shows how threats against RWA projects have evolved since 2023, and the attack surface now extends across both on and off-chain assets.

From January to July, the RWA sector lost $14.6 million to hacks and frauds, which is almost as much as the entirety of 2023. So far, there are no signs of stopping, especially since RWAs received a lot of market attention this year.

Unique Hybrid Vulnerabilities

Nonetheless, CertiK doesn’t ascribe economic forces as the reason for this shift. In previous years, RWA crime focused on off-chain threats, with credit and loan defaults representing a substantial chunk of all incidents.

Today, however, the RWA market is undoubtedly becoming more susceptible to hacks:

“The data highlights a clear transformation in the RWA threat landscape. The first half of 2025 shows a complete shift: losses jumped to nearly $14.6 million, and were caused entirely by on-chain and operational failures. The threat has evolved from exploiting external financial arrangements to attacking the Core technology…itself,” CertiK claimed.

And yet, RWA’s unique integration with TradFi makes it vulnerable to hacks on both ends. Oracles are the key LINK between the on-chain and off-chain worlds, which means a single breach here can cause smart contracts to behave irrationally. It may totally untether the RWA from the underlying assets, allowing for profitable exploits.

In other words, a firm may offer RWAs solely based on “rock solid” assets like Gold or US Treasury bonds, but a well-placed hack could cause the entire security structure to collapse.

Plenty of firms base RWAs on other sturdy assets like real estate, but the illiquid nature of this market also enables oracle manipulation. Most RWAs on the US market currently consist of assets like these, not private credit, but that doesn’t necessarily offer real protection.

Security Measures and TradFi’s Role

CertiK describes a few layers of security, some of which may be a little counterintuitive. To be clear, it prioritizes the classic hallmarks of crypto protection, but it also includes other steps.

For example, CertiK firmly stressed the importance of legally sound contracts as “a poorly drafted agreement might…render the entire structure unenforceable.” This WOULD be catastrophic in the event of a major breach.

For this reason, the firm claimed that TradFi institutional participation is a vital component of RWA security. Firms like BlackRock already have well-established principles for most of CertiK’s recommendations, from legal language, solid asset storage, administrative guardrails, and more.

Unfortunately, this makes JPMorgan’s recent report that TradFi institutions are losing interest in RWAs all the more concerning. If crypto-native firms will soon represent the bulk of the RWA market, they’ll need diligent preparations to avoid this growing hack wave.

For now, this report details many measures that can be taken, and it assesses all the largest players in today’s RWA market on their security principles. As long as these companies keep proactively improving their security posture, they can outpace these attacks.