Hexens: Aptos Has Fixed a Critical Vulnerability in the Move VM, with Theoretical Risk Exposure of up to Approximately $70 Billion
Odaily Odaily Planet Daily reports that blockchain security company Hexens disclosed that it discovered a critical vulnerability in the Move Virtual Machine (Move VM) of the Aptos blockchain in February this year. The issue was fixed within hours of the report, with no funds lost. Hexens stated that the vulnerability stemmed from a cache handling defect, which could lead to a type confusion vulnerability. An attacker could theoretically exploit this to gain high-privilege roles such as stablecoin minting, cross-chain bridges, and DeFi protocols. The research team set up a simulated environment close to the mainnet using a server costing approximately $3,000. They tested the exploit path around 20 times, succeeding about 17 to 18 times, and assessed that the vulnerability could potentially affect approximately $250 million in Aptos' native TVL; if it further impacted infrastructure like cross-chain bridges, stablecoins, and centralized exchanges, the theoretical systemic risk exposure could be as high as approximately $70 billion. Aptos stated that the exploitability of this vulnerability in a real-world environment is extremely low and confirmed that it was promptly fixed through a bug bounty program, with no impact on any users or funds.
