Blockchain security firm Hexens disclosed that it discovered a serious vulnerability in the Aptos blockchain’s Move Virtual Machine (Move VM) this February, and completed the fix within hours after filing the report, with no loss of funds. Hexens said the vulnerability stemmed from a caching-handling defect that could lead to a type confusion vulnerability, which in theory could allow attackers to obtain high-privilege roles such as stablecoin minting, cross-chain bridges, and DeFi protocols. The research team built a simulated environment close to the mainnet using servers costing about $3,000, tested the exploit path about 20 times, and succeeded about 17 to 18 times, and assessed that the vulnerability could potentially affect about $250 million in Aptos native TVL. If the vulnerability further impacted infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could be as high as about $70 billion. Aptos, however, said the vulnerability had extremely low exploitability in real-world environments, and stated that it had been fixed in a timely manner through its bug bounty program, with no impact on any users or funds. (CoinDesk)

APT-3.06%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned