Hexens discloses that Aptos has fixed a major vulnerability, with theoretical risk exposure potentially reaching $70 billion.

robot
Abstract generation in progress

BlockBeats news, July 5, blockchain security company Hexens disclosed that in February this year, it discovered a critical vulnerability in the Aptos Move virtual machine that could theoretically jeopardize approximately $70 billion in crypto assets. However, the Aptos team completed the mainnet fix within hours of the vulnerability disclosure, without causing any user fund losses.

Hexens stated that the vulnerability stems from a "stale-cache" issue in the Move virtual machine, which could lead to type confusion and give attackers the opportunity to gain critical permissions such as stablecoin minting, cross-chain bridges, and DeFi protocols. In simulation tests, the research team set up an environment using only a server costing about $3,000 and achieved approximately a 90% attack success rate, without requiring validator node privileges or internal access.

Aptos responded, saying that after receiving the report through its bug bounty program, the company quickly completed the fix and believes that the vulnerability's exploitability in a real network environment is extremely low, posing no actual impact on users or funds.

Hexens believes that if the vulnerability were maliciously exploited, the risk would not be limited to the Aptos ecosystem but could also affect infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges. Independent security firm Grego AI estimates that approximately $250 million TVL on the Aptos chain is directly affected, while the overall theoretical risk exposure could be as high as about $70 billion.

APT-2.37%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned