Tokenized money market funds (MMFs) are transforming institutional liquidity but also introducing new cybersecurity threats. Issued as blockchain-based tokens, these funds offer institutions a modern alternative to static cash: programmable collateral, faster settlement, and composable yield.
Recent pilot programs by major players like Franklin Templeton, DBS, Goldman Sachs, and BNY Mellon show the industry is strategically thinking about the viability of these funds.
But with innovation comes exposure. While traditional MMFs live on secure, closed systems, tokenized funds interact with public or semi-public blockchains, smart contracts, and digital wallets. This shifts the cybersecurity threat model away from back-office fraud to technical exploits, key theft, and protocol-layer compromise.
Each of these risks has been seen in the DeFi world, with hundreds of millions of dollars in losses, and institutional platforms must now build security models that combine blockchain integrity with legacy controls. Below we outline what portfolio managers, treasurers, and risk officers should do now to operate securely. While daily vigilance is required to guard against cyberattacks, October is Cybersecurity Awareness Month and is as good a time as any to reevaluate enterprise cyber-risk management.
Human Risk: The Cybersecurity Education Gap
Even with world-class technical controls, a poorly trained team can open the door to disaster. Blockchain infrastructure introduces new operational behaviors that most traditional finance professionals are unfamiliar with wallet management, signing mechanics, phishing prevention, and smart contract awareness.
Institutions looking to use or issue tokenized MMFs must educate their staff not just on cybersecurity hygiene, but on the core principles of blockchain-based finance.This means training treasury, ops, and compliance teams on wallet architecture, running simulated phishing attacks, and updating incident response playbooks to include blockchain-specific scenarios.
Here are six critical safeguards for institutions exploring tokenized MMFs:
Audited Smart Contracts:Ensure all smart contracts undergo independent security audits to detect vulnerabilities and verify that code aligns with intended financial and regulatory functions.
Key Management Best Practices:Implement multi-signature wallets, hardware security modules, and strict access controls to safeguard private keys and prevent unauthorized transactions.
Certified Custodians with Incident Transparency:Partner only with regulated, certified custodians who maintain clear, timely disclosure of security incidents and maintain robust recovery protocols.
Dual-Sourced Oracle Infrastructure:Use multiple, independently operated Oracle providers to prevent single points of failure and ensure accurate, tamper-resistant market data feeds.
Redemption Circuit Breakers:Integrate automated circuit breakers to temporarily halt redemptions or transfers during anomalies, preserving liquidity and protecting investors from cascading risks.
Employee Training on Digital Asset Operations:Conduct continuous, role-specific training on cybersecurity, compliance, and digital asset handling to minimize human error and insider threats.
The Regulatory Signal: Cyber Risk is Not Optional
U.S. and global regulators are rapidly tightening digital asset oversight. Firms waiting for regulatory mandates may find themselves reacting too late. Early movers will gain not just compliance readiness—but market trust.
Actionable Next Steps
Cybersecurity in the tokenized era isn’t just about code and cryptography, it’s about people. Institutions entering digital markets need to think beyond firewall settings and toward comprehensive education and training. The firms that succeed with tokenized MMFs will be those that treat staff fluency in blockchain and cybersecurity as seriously as they treat fiduciary duty.
Next steps can include:
1. Create an internal blockchain/cyber education program in partnership with HR or L&D.2. Perform a cyber audit of every third-party provider.3. Run incident simulations involving token loss, oracle failure, and protocol attacks.4. Review insurance coverage for digital asset exposure.5. Update access control policies to reflect blockchain access risk.
Empowered Staff = Secure Infrastructure
As MMFs evolve from pilot to portfolio building block, CIOs and risk officers must not only assess external security risks but also prepare their internal teams to operate responsibly in a digital finance environment.
