#EthicalHackersFindAptosFlawRisking70B 🛡️ The flaw that could have been catastrophic
Ethical hackers from the firm Hexens discovered a critical vulnerability in the blockchain of
$APT that, had it been exploited, could have put up to $70 billion in digital assets at risk. The swift response from the Aptos team prevented any loss of funds.
🕵️♂️ The discovery
On February 25, researchers reported a flaw in Aptos’s Move Virtual Machine (Move VM), the engine that executes smart contracts. The issue, described as an “obsolete cache bug,” caused a “type confusion” error: the software mistook one type of resource on-chain for another. Because protocol permissions (such as the right to mint stablecoins or manage a bridge) are stored as resources, an attacker could have taken control of these permissions.
💻 The experiment
The researchers used a server that cost just $3,000 to simulate a third of Aptos’s validator network. In the simulations, the attack achieved a success rate of nearly 90%.
💰 The scale of the risk
· Directly in Aptos: ~$250 million in native TVL (DeFi, liquid staking, stablecoins).
· Systemic risk: through cross-chain bridges (LayerZero, Wormhole) and stablecoin-minting systems (USDC CCTP), the risk spread to exchanges and the global ecosystem, reaching $70 billion.
⏱️ Aptos’s response
The team received the report on February 25 and deployed a patch to the mainnet within hours. No user or funds were affected.
The incident serves as a reminder of how fragile DeFi ecosystems are and the importance of proactive security.
Do you think the industry should tighten security standards to prevent this kind of systemic risk? 👇
#Aptos #Seguridad #DEFİ #CriptoNoticias