Aptos Patches Critical Vulnerability in Move VM Threatening $70 Billion

Aptos Patches Critical Vulnerability in Move VM Threatening $70 Billion

First seen 5 Jul 2026, 05:49 UTC BitgetKucoinCryptobriefingPluangwww.cointime.ai+1 81% similarity 60.6

Article Content

Browse articles
ThreatCluster

Aptos Labs has addressed a critical vulnerability in its Move virtual machine, identified by Hexens, which could have been exploited for as little as a few hundred dollars. The flaw, a stale-cache bug, posed a potential risk to up to $70 billion in assets, including stablecoins and cross-chain bridges. Hexens demonstrated that a simulated attack could succeed nearly 90% of the time with a server setup costing around $3,000. The vulnerability was reported in February 2026 and patched within hours, preventing any financial loss. Aptos disputed claims regarding the exploitability of the vulnerability in real-world conditions, emphasizing that no user funds were lost. The incident underscores the importance of rapid vulnerability management in blockchain security. The patch was part of Aptos's bug bounty program, which incentivizes responsible disclosure.

Key Points: • Aptos fixed a critical stale-cache vulnerability in its Move VM before any funds were lost. • The flaw could have allowed attackers to manipulate core blockchain data, risking $70 billion in assets. • Hexens demonstrated a 90% success rate in simulated attacks using a $3,000 server setup.

ThreatCluster AI

Timeline

2026-02-25
Vulnerability discovered by Hexens
Hexens identified a stale-cache bug in the Move VM that could lead to serious exploits.
Cryptobriefing
2026-02-27
Patch deployed to mainnet
Aptos Labs patched the vulnerability within hours of discovery, preventing exploitation.
Cryptobriefing
2026-07-05
Public disclosure of vulnerability and fix
Hexens publicly disclosed the vulnerability and its resolution, highlighting the potential systemic risk.
Bitget

Community

Browse all →