Security researchers found critical Aptos blockchain flaw that could have endangered $70B in crypto
By
Oliver Knight
Summary
Blockchain security firm Hexens discovered a critical vulnerability in the Aptos blockchain's Move virtual machine that could have put up to $70 billion in crypto infrastructure at risk. Using just a $3,000 server, researchers simulated an attack path that achieved a near-90% success rate at breaking a core security guarantee of the blockchain, with attack costs as low as a few hundred dollars. The flaw was responsibly disclosed to Aptos in late February and has since been patched. The vulnerability stemmed from Aptos's Move smart contract language, originally developed from Facebook's shelved Diem project.
Source
Key quotes
· 3 pulledA $3,000 server was enough for a blockchain security researcher to simulate an attack path they say could have put as much as $70 billion in crypto infrastructure at risk.
Researchers at the blockchain security firm Hexens reported a critical vulnerability in the Aptos Move virtual machine, the execution environment that processes smart contracts on the chain, to the project.
The flaw in Aptos, a layer-1 blockchain built on Move, the smart contract language used by Aptos and Sui, that stems from Facebook's shelved Diem project.
You might also wanna read
Critical Aptos Move VM Vulnerability Enables Arbitrary On-Chain Struct Hijacking via Stale Type-Tag Cache
This article details a critical security vulnerability in the Aptos Move VM involving a stale type-tag cache that enables storage-level type
Academic Research on Bitcoin Security Vulnerabilities from Derivatives Markets
The article presents a defense of Bitcoin against recent academic criticism, specifically addressing a 2024 research paper by Soroush Farokh
Critical Vulnerability Discovery in Nix Package Manager Ecosystem
The article details how the author and a colleague discovered a critical vulnerability in the Nix package manager ecosystem that could have

GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m

Thousands of crypto wallets at risk from ‘Ill Bloom’ vulnerability: Coinspect
Resolv DeFi Protocol Hack: How a Compromised Key Led to $23 Million Exploit
The article analyzes the March 2026 Resolv DeFi protocol hack where an attacker exploited a compromised private key to mint $23 million in u

Comments
Sign in to join the conversation.
No comments yet. Be the first.