All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical Aptos Move VM Vulnerability Enables Arbitrary On-Chain Struct Hijacking via Stale Type-Tag Cache

By

@hexens

18h ago· 53 min readenInsight

Summary

This article details a critical security vulnerability in the Aptos Move VM involving a stale type-tag cache that enables storage-level type confusion. An attacker can exploit this to hijack and overwrite arbitrary on-chain structs. While a local proof-of-concept works with a single validator, real-world exploitation is more complex because cache structures are in-memory objects that don't synchronize across multiple validators — a naive attack could cause a chain halt. The research explores using strong node primitives to internally synchronize these caches and execute a sophisticated multi-block attack in production environments. The vulnerability was disclosed by Hexens.

Source

Twitter / XCritical Aptos Move VM Vulnerability Enables Arbitrary On-Chain Struct Hijacking via Stale Type-Tag Cachehexens.io

Key quotes

· 4 pulled
A stale type-tag cache in the Aptos Move VM enables storage-level type confusion, letting an attacker hijack and overwrite arbitrary on-chain structs
While the local PoC works without complications, it works with only a single validator.
A simple attack vector will most likely not succeed, as validators will have different struct indexes mapped, which can cause a chain halt.
This section describes research on how to use strong primitives of the node to internally synchronize these caches and land a sophisticated multi-block attack in a real-world environment.
Snippet from the RSS feed
A stale type-tag cache in the Aptos Move VM enables storage-level type confusion, letting an attacker hijack and overwrite arbitrary on-chain structs — disclosed by Hexens.

You might also wanna read

Security researchers found critical Aptos blockchain flaw that could have endangered $70B in crypto

Blockchain security firm Hexens discovered a critical vulnerability in the Aptos blockchain's Move virtual machine that could have put up to

coindesk.com·3d ago

Security researchers found critical Aptos blockchain flaw that could have endangered $70B in crypto

Blockchain security firm Hexens discovered a critical vulnerability in the Aptos blockchain's Move virtual machine that could have put up to

coindesk.com·3d ago

Critical LangChain Core Vulnerability (CVE-2025-68664) Allows Serialization Injection Attacks

Cyata Research discloses LangGrinch (CVE-2025-68664), a critical vulnerability in LangChain Core that allows serialization injection attacks

cyata.ai·6mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561

Datadog·3mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

socket.dev·3mo ago

APT Attack Compromises Reverse Gateway Infrastructure Through Kernel and NFS Server Malware

A detailed incident response blog post describing a sophisticated Advanced Persistent Threat (APT) attack discovered during a routine securi

igor-blue.github.io·24d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.