CoinWorld News: In February, blockchain security company Hexens disclosed a Move VM vulnerability in the Aptos blockchain. The vulnerability stems from a cache-handling defect and could lead to type confusion, which theoretically may allow attackers to obtain high permissions for stablecoin minting, cross-chain bridges, and DeFi protocols. Hexens built a simulated environment for testing using a $3,000 server and assessed that the vulnerability impacted approximately $250 million in Aptos’ native TVL. The theoretical systemic risk exposure could be as high as $70 billion. Aptos said the vulnerability has extremely low exploitability in real-world environments and has been fixed via its vulnerability bounty program, with no funds lost.

APT-3.06%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 4
  • 1
  • Share
Comment
Add a comment
Add a comment
DaoScraps
· 6h ago
Hexens did well this time, Aptos reacted quickly too, glad nothing went wrong.
View OriginalReply0
GateUser-953e1a14
· 6h ago
A real impact of 250 million TVL versus a theoretical exposure of 700 billion—this huge gap clearly shows that the utilization conditions are indeed extremely stringent.
View OriginalReply0
DewdropSapling
· 6h ago
Cache handling flaws lead to type confusion, and the security model of Move VM still needs refinement.
View OriginalReply0
  • Pinned