Hexens: Aptos has fixed a critical vulnerability in the Move VM, with a theoretical maximum risk exposure of about $70 billion.

robot
Abstract generation in progress
Odaily Planet Daily News: Blockchain security firm Hexens disclosed that in February this year it discovered a serious vulnerability in the Move virtual machine (Move VM) of the Aptos blockchain. Hexens said it completed the fix within a few hours after filing the report, with no loss of funds. Hexens stated that the vulnerability originated from a caching handling flaw, which could enable a type confusion vulnerability. The attackers could theoretically use it to obtain high-privilege roles such as stablecoin minting, cross-chain bridges, and DeFi protocols. The research team used servers costing about $3,000 to set up a simulated environment close to the mainnet, tested the vulnerability exploitation path about 20 times, and succeeded about 17 to 18 times. They estimated that the vulnerability could potentially affect about $250 million in Aptos native TVL; if it further impacts infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could be as high as $70 billion. Aptos said that the vulnerability has extremely low exploitability in real-world environments and added that it had completed the fix in a timely manner through its bug bounty program, without affecting any users or funds.
APT-2.37%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned