www.cointime.ai
Aptos Patches Critical Vulnerability in Move VM Threatening $70 Billion
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Aptos Labs has addressed a critical vulnerability in its Move virtual machine, identified by Hexens, which could have been exploited for as little as a few hundred dollars. The flaw, a stale-cache bug, posed a potential risk to up to $70 billion in assets, including stablecoins and cross-chain bridges. Hexens demonstrated that a simulated attack could succeed nearly 90% of the time with a server setup costing around $3,000. The vulnerability was reported in February 2026 and patched within hours, preventing any financial loss. Aptos disputed claims regarding the exploitability of the vulnerability in real-world conditions, emphasizing that no user funds were lost. The incident underscores the importance of rapid vulnerability management in blockchain security. The patch was part of Aptos's bug bounty program, which incentivizes responsible disclosure.
Key Points: • Aptos fixed a critical stale-cache vulnerability in its Move VM before any funds were lost. • The flaw could have allowed attackers to manipulate core blockchain data, risking $70 billion in assets. • Hexens demonstrated a 90% success rate in simulated attacks using a $3,000 server setup.