CertiK's 2025 Skynet RWA Security Report

CertiK has released its 2025 Skynet RWA Security Report. The report notes that RWA tokenization is reshaping the blockchain financial landscape at an astonishing pace. By mid-2025, the RWA market is projected to exceed $26 billion, a fivefold increase from approximately $5 billion in 2022, making it one of the most dynamic segments in the digital asset ecosystem. While RWA is becoming a critical bridge between traditional finance (TradFi) and decentralized finance (DeFi), it also presents new security threats. The report released the Skynet RWA Rankings. The top ten projects in the first half of 2025 are: BlackRock BUIDL, Franklin Templeton On-Chain Fund, Ondo Finance, Paxos Gold, Tether Gold, Binance RWUSD, Ethena USDtb, Centrifuge, Usual, and SKY (MakerDAO RWA Vaults). These projects cover a variety of sub-sectors, including government bonds, gold, stablecoins, and accounts receivable, representing the diverse development directions of the RWA ecosystem. With compliant legal structures, transparent proof of reserves, and institutional-grade security measures, these protocols demonstrate the highest standards in the RWA industry. Their practices in compliance, transparency, and risk management are setting new benchmarks for the entire industry. The Double-Edged Sword of RWA Growth and Security Risks Tokenization of RWAs has unlocked enormous value potential, bringing efficiency and transparency to the financial system. However, the security risks of these assets go far beyond traditional smart contract vulnerabilities, encompassing issues such as oracle manipulation, custodian and counterparty risks, unenforceable legal frameworks, and fraudulent reserve certificates. Furthermore, the threat landscape surrounding RWAs has undergone significant transformation over the past two years. In the first half of 2025, losses from RWA-related security incidents reached $14.6 million, compared to just $6 million in 2024. More notably, the sources of risk have fundamentally shifted: while the primary threat in 2023 and 2024 came from off-chain credit defaults, such as borrowers failing to perform, losses in 2025 were almost entirely due to on-chain and operational vulnerabilities. This shift indicates that the RWA security landscape is undergoing a profound evolution, with the focus of risk shifting from off-chain financial defaults to on-chain technical vulnerabilities and operational management errors. To help the market more systematically identify and manage risks, CertiK proposed a "Five-Layer Security Stack" model in its report. This model covers five layers: assets, legal, operations, data, and on-chain. From oracle security and proof of reserves to compliance and governance mechanisms, it forms a full-stack security assessment methodology. Based on this five-layer security stack, CertiK launched the Skynet RWA Security Scoring Framework, which comprehensively assesses risks across six dimensions: assets, legal, operations, and smart contracts. The Skynet Security Framework is built around the RWA Core Risk Dimensions, each of which is calibrated to its potential impact on the overall security and stability of the RWA protocol. This structure ensures that key off-chain components representing the latest and greatest risk vectors receive appropriate weighting in the final assessment.

RWA Security Scoring Framework

Outlook: From a 26 Billion to a Trillion-Dollar Market

The report also summarizes three core trends in the RWA sector:

• U.S. Treasury products dominate the market: The scale of tokenized U.S. Treasury bonds has increased by 400% year-on-year and has become the "entry asset" for RWA.

• Integration of income and stablecoins: Emerging stablecoins distribute government bond interest directly to users, reshaping the stablecoin landscape.

• Traditional financial giants are deeply involved: The participation of institutions such as BlackRock and Franklin Templeton has raised compliance and transparency standards and accelerated the mainstreaming of the industry.

As of mid-2025, the total market value of RWA has exceeded US$26 billion and is expected to continue to grow rapidly. Boston Consulting Group predicts that by 2030, up to US$16 trillion in assets may be tokenized globally.

CertiK concluded the report by emphasizing that RWA security has become a key issue for the healthy development of the entire Web3 ecosystem. A transparent and systematic security assessment framework will help investors, institutions, and regulators make more robust decisions in the trillion-dollar market of the future.