Hexens disclosed that Aptos has fixed a vulnerability that could affect cross-chain bridges, stablecoins, and other infrastructure.

robot
Abstract generation in progress
Blockchain security firm Hexens disclosed that it discovered a critical vulnerability in the Move Virtual Machine (Move VM) of the Aptos blockchain in February of this year, which was fixed within hours of the report, with no funds lost. Hexens stated that the vulnerability stemmed from a cache-handling flaw that could lead to a type confusion bug, theoretically allowing attackers to gain high-privilege roles such as stablecoin minting, cross-chain bridges, and DeFi protocols. The research team set up a simulation environment close to the mainnet using servers costing approximately $3,000, testing the exploit path about 20 times, succeeding about 17 to 18 times, and assessed that the vulnerability could potentially affect about $250 million in Aptos native TVL; if further impacting infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could be as high as approximately $70 billion. Aptos, however, stated that the exploitability of the vulnerability in real-world environments was extremely low, and noted that it had been promptly fixed through its bug bounty program, without affecting any users or funds. (CoinDesk)
APT-2.19%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 3
  • 2
  • Share
Comment
Add a comment
Add a comment
PeacockSpreadsItsFeathersBut
· 4h ago
The bounty program is fine once fixed, but are there still pitfalls with this type of cache confusion in the Move ecosystem?
View OriginalReply0
ReflectiveChainShadow
· 4h ago
Spending $3,000 to detect a $7 billion risk—the cost-benefit ratio is absolutely ridiculous.
View OriginalReply0
HeavyStakingOnASnowyNight
· 4h ago
Aptos says real-world usability is extremely low, but the near-mainnet success rate of 17/18 sounds quite scary.
View OriginalReply0
  • Pinned