On July 5, blockchain security company Hexens disclosed that it discovered a serious vulnerability in the Aptos blockchain's Move Virtual Machine (Move VM) in February of this year. The issue was reported and fixed within hours, preventing any financial loss. Hexens stated that the vulnerability stemmed from a caching processing flaw, which could lead to a type confusion vulnerability, theoretically allowing attackers to gain high-privilege roles such as minting stablecoins, accessing cross-chain bridges, and interacting with DeFi protocols. The research team set up a near-mainnet simulation environment using approximately $3,000 worth of servers and tested the exploit path about 20 times, successfully exploiting it approximately 17 to 18 times. They assessed that the vulnerability could potentially impact around $250 million of Aptos's native Total Value Locked (TVL). If it further affected cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could reach approximately $70 billion. Aptos stated that the exploitability of the vulnerability in a real environment is extremely low and confirmed that it was promptly fixed through a bug bounty program, with no impact on any users or funds.
All Comments