Hexens said it discovered a critical vulnerability in the Aptos blockchain’s Move virtual machine (Move VM) in February and that the issue was fixed within hours after being reported, with no loss of funds.
According to Odaily, Hexens said the flaw stemmed from a cache-handling defect that could lead to a type confusion vulnerability, which in theory could allow an attacker to obtain high-privilege roles involving stablecoin minting, cross-chain bridges, and DeFi protocols.
Hexens said its research team built a near-mainnet simulation environment using about $3,000 in servers and tested the exploit path around 20 times, succeeding about 17 to 18 times. The firm estimated the vulnerability could affect about $250 million in Aptos native total value locked (TVL). It added that if the issue extended to infrastructure such as cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could be as high as about $70 billion.
Aptos said the vulnerability had extremely low exploitability in real-world conditions and that it was fixed in time through a bug bounty program, without affecting any users or funds.
Hexens Reports Aptos Move VM Vulnerability Found in February and Patched Within Hours
2026-07-05 00:53:39
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
BTC触及关键价位或引发清算