Aptos blockchain was exposed to have had a critical vulnerability, putting $70 billion in assets at systemic risk
According to CoinDesk, researchers from the blockchain security company Hexens have discovered a "stale cache" type obfuscation vulnerability in the Aptos blockchain Move virtual machine. Attackers only need about $3,000 in server costs to launch an attack in a simulated environment with nearly a 90% success rate, without requiring validator permissions or insider knowledge.In simulated tests, researchers ran about 20 attacks, successfully executing 17-18 times, and verified the potential control over cross-chain protocol management permissions such as LayerZero, Wormhole, and USDC CCTP.Hexens assesses that this vulnerability directly threatens DeFi, stablecoins, and liquid staking protocols on the Aptos chain, involving low single-digit billion-dollar assets; if spread through cross-chain bridges, stablecoin minting, and centralized exchanges, the systemic risk exposure could reach up to $70 billion. The Aptos team completed the fix and deployed it to the mainnet within hours of receiving the vulnerability report on February 25, and currently, no user funds have been compromised.