Aptos Blockchain Had Serious Vulnerability, Risking $70 Billion in Assets
Security firm Hexens' white hat hackers discovered an "expired cache vulnerability" in the Aptos blockchain's Move virtual machine, leading to type confusion risks. If exploited, it could affect up to $70 billion in digital assets, including stablecoins and cross-chain bridges.
In late February, Hexens reported to the Aptos team that researchers had a success rate of over 90% in simulating attacks on the mainnet, requiring only a $3,000 server to simulate one-third of the validator network, with no special permissions needed.
The Aptos team quickly fixed the issue, preventing any financial losses.
Source: Public Information
ABAB AI Insight
Hexens' discovery of the Move VM expired cache vulnerability highlights potential risks in Layer 1 execution environments. Type confusion could be used for asset forgery or cross-chain attacks, and the $70 billion potential impact indicates the significant scale of the Aptos ecosystem.
On the capital front, Aptos' rapid response and fix prevented losses, and the white hat collaboration mechanism effectively reduced actual risks, strategically enhancing the project's security reputation, which is beneficial for attracting more DeFi and cross-chain projects.
Similar to previous VM vulnerability incidents on Solana or other chains, this event serves as a reminder that public chains need to continuously audit their execution layers, with capital concentrating on projects with good security records and quick responses.
Essentially, this is about security governance. Although the Move language is innovative, it still has implementation vulnerabilities. The discovery and timely fixing by white hats reflect a mature defense mechanism in the industry, with capital leaning towards high-security infrastructure.
ABAB News · Cognitive Law
The earlier a vulnerability is discovered, the smaller the potential loss.
The white hat collaboration mechanism is an important guarantee for public chain security.
The safety of the execution environment directly determines the trustworthiness of on-chain assets.