Security in RWAs: Building Trust in Tokenized Real Estate

A single missing document can stall a transaction. A single unclear right can turn an “investment” into a dispute. One bad operational week can undo months of confidence.

That’s why Blocksquare’s March 2026 AMA kept coming back to one word: security “on the tip of everyone’s tongue… especially in this climate,” as Mark Mariampillai put it.

The panel was built to cover the trust problem end to end, featuring: Denis Petrovcic (Blocksquare), Matthew Schneider (Building, Inc.), Florian Ehrbar (OnchainLabs), Kevin Yunai (RWA Inc.), and Ludovico Fico Rossi (Brickken).

If you want the short version of what they kept circling: this only works when the asset is solid, the legal structure is clear, the rights can actually be enforced, the information stays checkable, and the whole thing can be operated without improvising every week. Miss any one of those and you feel it later.

What security means

Mark opened with first principles: if blockchain isn’t enough on its own, what legal and technical layers actually secure real estate RWAs?

Denis answered with the line that basically set the tone: the biggest misconception is usually legal, not technical. Title creates confidence because it’s enforceable; the real security question in RWAs is whether the structure gives holders that same peace of mind.

To be fair, this isn’t a perfect framing, real estate can go sideways even with “perfect” title, but it’s a useful one because it forces you to stop talking about “tech security” and start talking about what holds up when people disagree.

Where trust breaks

First: the asset itself

Denis treated diligence as security. Due diligence is an “important factor,” he said, and

Honestly, that’s the part a lot of people want to skip. You can’t. If the asset is messy, everything on top of it gets messy too, and the market will find it for you.

Anyway, on structure…

Denis laid out a choice teams run into quickly: SPV and equity routes versus structures based on economic rights. He highlighted why SPVs exist, equity tokenization isn’t possible in many jurisdictions and then the cost that comes with it: “foreign setup” complexity even when the property is local.

Mark translated the same burden into operator language: SPVs can become “a full time job,” with recurring legal and administrative overhead.

Denis contrasted that with the approach he said Blocksquare focuses on: economic rights derived from ownership. Ownership stays with the corporate owner; token holders receive access to defined economic rights via a corporate resolution. He framed it as easier to execute and easier to understand locally because it follows the laws where the asset sits.

Structure isn’t paperwork you do after the “product.” Structure is the product investors are buying.

And Ludovico’s reality check: “easy to tokenize” depends where you are

People like to talk as if tokenization is now “clear” and “easy,” but that’s only true in some pockets. He gave Spain as an example where it can be “cheap and quick,” then pulled back, because in a lot of places it just takes longer. Sometimes way longer, and you only find out after you’ve already promised timelines you can’t keep.

His answer was practical: act like a software provider, then partner with strong law firms in each jurisdiction so you can guide clients properly in that specific legal environment.

He also said the quiet part out loud: frameworks are often presented as “investor protection,” but “in reality, they are just complicating things a little bit, in my opinion” even though, yes, investor protection matters and you still have to play by the rules.

He flagged two constraints that matter in practice: regulation is often built around issuing securities (even when issuers don’t want to issue a security), and distribution can be capped in Europe because “retailers are not welcome” in the game the way it’s currently set up sometimes you’re effectively limited to a small number of investors.

And he circled back to data: if real-world value moves, the on-chain representation should be able to reflect that, through data, oracles, and things like NAV integration as funds come on-chain.

The first dispute

Denis said investors don’t want protection that depends on “a contractual agreement” they have to “dispute in court if things go wrong.” They want a structure that forces follow-through, and a “Plan B.” He described one approach discussed in the AMA: a notarized framework that “collateralizes the tokens with a charge on the title,” aiming to offer protections closer to secured lending.

I’ll admit it: “Plan B” can sound like hand-waving. But here it’s just a blunt question, if something breaks, what can investors actually do?

Proof gaps

Matthew’s point was simple and slightly uncomfortable: private real estate runs on fragmented records and periodic diligence, and that forces markets to reconstruct the same data over and over, slowing pricing, underwriting, and compliance and raising costs.

His requirement was capital-markets simple: structured, machine-readable data plus verifiability over time records that can be traced, audited to evidence, integrity-checked, and maintained. He explained where blockchain fits when used correctly: cryptographic attestation, a “digital fingerprint,” a hash anchored on-chain, so independent parties can verify integrity without relying on one intermediary.

He added the market consequence: if updates stop, risk rises and price can fall. That’s what “verifiable information” really means not a one-time upload, but something you keep current.

User behavior

Florian made the adoption constraint plain: real estate investors aren’t all crypto-native; many drop off when the flow starts with MetaMask and gas fees. He framed security as non-negotiable end to end “no shortcuts” and pointed out that the wallet is where users understand what they own and what they can do.

In RWAs, usability is part of security.

What a trust-ready model looks like

By the end, the AMA offered something closer to a workable mindset: the pieces have to match, or the whole thing wobbles.

It starts with assets that can survive scrutiny. It chooses structures investors can understand locally and enforce in reality. It designs recourse before the first dispute. It treats data as something you maintain, not something you post once. And it runs on operations that don’t collapse the moment volume shows up.

Mark asked Kevin what serious developers and institutions expect before bringing assets on-chain. Kevin emphasized that security spans cryptography, legal/SPV structure, and governance controls, he specifically called out the importance of governance discipline like multi-sig. He also pointed to licensing readiness and the reality that distribution and demand matter; success depends on assembling an ecosystem (wallets, smart contracts, front ends, onboarding, KYC/AML) into a coherent whole.

The closing round tightened the checklist even further. When asked what must be solved for global trust:

• Ludovico emphasized live value and updates via data and oracles.

• Matthew returned to interoperability and real-world operations: RWAs move, documentation must stay current, “if real estate moves an inch, tokenization moves a mile.”

• Denis brought it back to product basics and market design: good originators, a good product, and information made digestible so capital can “dip their toes” before scaling.

• Kevin added an execution warning: scaling trust means building compliance and legal engines and managing operational risk in tooling, including AI control issues and hallucinations.

I won’t pretend this is neat. It isn’t. But it’s a pretty accurate picture of what “security” actually means once you stop using the word as a slogan.

Closing

Security in RWAs isn’t something you bolt on at the end. It’s the set of choices you keep having to defend, when the documents don’t line up, when a payout is questioned, when a user gets confused, when the market asks for proof instead of promises.

If you missed it live, the recording is here: https://go.blocksquare.io/security-in-RWAs