Hexens discloses that Aptos has fixed a major vulnerability, with the theoretical risk exposure reaching up to $70 billion.

robot
Abstract generation in progress

Mars Finance News reported that on July 5, blockchain security firm Hexens disclosed that earlier this year in February it discovered a serious vulnerability in the Aptos Move virtual machine, which theoretically could put around $70 billion worth of crypto assets at risk. However, the Aptos team completed a mainnet fix within a few hours after the vulnerability was disclosed, and no user funds were lost.

Hexens said the vulnerability stemmed from a “stale-cache” issue in the Move virtual machine, which could lead to type confusion and give attackers an opportunity to obtain key permissions for stablecoin minting, cross-chain bridges, and DeFi protocols. In simulation tests, the research team built the environment using only servers worth about $3,000, achieving an attack success rate of around 90%, without needing validator-node privileges or internal access permissions.

In response, Aptos said that after the company received the report through its bug bounty program, it quickly completed the fix, and believes the vulnerability’s exploitability in real network conditions is extremely low and will not have any actual impact on users or funds. Hexens believes that if the vulnerability were exploited maliciously, the risk may not be limited to the Aptos ecosystem, and could also affect infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges.

Independent security firm Grego AI estimates that about $250 million in TVL on the Aptos chain is directly affected, while the overall theoretical risk exposure could be as high as around $70 billion.

APT-1.55%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned