DOWNLOAD

Executive Summary

The tokenization of Real World Assets (RWAs) represents a significant evolution in financial markets, offering the potential to unlock value by bringing traditional assets on-chain. This convergence of traditional finance (TradFi) and decentralized finance (DeFi) presents opportunities for improved efficiency, transparency, and accessibility. This integration also introduces a complex security paradigm that extends beyond familiar smart contract vulnerabilities.

CertiK’s Skynet RWA Framework offers structured criteria to perform due diligence and review the risks associated with RWA protocols highlighted in this report. To illustrate these hybrid threats, this report introduces a five-layer security stack, providing a model for understanding risks from the underlying physical asset to the on-chain smart contract.

Key Takeaways

• RWA Tokenization Introduces Complex, Hybrid Security Risks: Since an RWA token’s value is a claim on an off-chain asset, the attack surface expands beyond smart contract code. It includes risks of oracle manipulation, custodial and counterparty failures, the unenforceability of legal frameworks, and fraudulent Proof-of-Reserve attestations.

• 2025 Losses Highlight Evolving Threat Landscape: Direct losses from RWA-specific exploits reached approximately $14.6 million in H1 2025, following fluctuating annual losses of $6 million in 2024 and $17.9 million in 2023. The evolution of the threat landscape is more significant than the direct monetary losses. While earlier years were defined by off-chain credit defaults, recent incidents show a shift toward on-chain and operational security failures.

• TradFi-Backed Protocols Offer Stronger Security: The highest-rated protocols in the Skynet RWA framework, such as those offered by entities like BlackRock and Franklin Templeton, exhibit strong security postures by integrating institutional-grade compliance, custody, and transparency. This trend highlights the importance of robust off-chain legal and trust frameworks in securing on-chain value.

• RWA Growth Concentrates Risk on Key Chains and Protocols: The sector's expansion is not evenly distributed and has concentrated both value and risk onto a few dominant blockchains and protocols. The majority of RWA value resides on select blockchain ecosystems such as Ethereum, and within a handful of leading products. This concentration means the overall health of the RWA market is highly dependent on the security and operational integrity of these few key players and their underlying chains.

• CertiK’s RWA Client Spotlight: The 2025 Skynet RWA Security Spotlight Report highlights that top-performing platforms have partnered with CertiK for rigorous security audits and reviews. Among these leaders are Ondo Finance, Paxos, and Tether, all of whom rank in the top five on the RWA Leaderboard for their commitment to security and integrity.

  • Ondo Finance

    • Ranks #3 on the leaderboard with a Security Score of 93.58 (AAA).
    • Positions itself as a bridge for institutional-grade products to DeFi, offering tokens backed by short-term U.S. Treasuries and bank deposits.
    • As an early RWA-dedicated platform, its flexible product design and institutional partnerships have attracted significant capital.

  • Paxos (PAX Gold)

    • Ranks #4 on the leaderboard with a Security Score of 93.25 (AAA).
    • Issues a regulated physical gold token under New York oversight, with each token representing one ounce of vaulted gold.
    • PAXG is a leading example of tokenized gold, offering audited reserves and global liquidity for a high-market-cap safe-haven asset.

  • Tether (Tether Gold)

    • Ranks #5 on the leaderboard with a Security Score of 92.36 (AA).
    • Issues the XAUt token, with each representing one ounce of vaulted gold.
    • Its robust adoption is fueled by rising demand for assets that can serve as a hedge against inflation and geopolitical risk.

In response to the complex security challenges in the RWA sector, proactive collaboration with leading security firms has become a hallmark of top-tier projects. CertiK’s 2025 report highlights several projects that have partnered with security leaders like CertiK to ensure the integrity of their on-chain components.

Download the full report here!