Aptos Blockchain Flaw Exposed Up to $70 Billion in Crypto Assets
A critical flaw in the Aptos blockchain was recently discovered by researchers from Hexens, a security firm. The bug, described as a 'stale-cache bug' leading to a type-confusion vulnerability, could have put up to $70 billion in digital assets at systemic risk.
The bug was patched after it was reported to the project's development team through their bug bounty program. However, the researchers found that an attacker with just a $3,000 server could simulate an attack path with a near-90% success rate, putting hundreds of millions of dollars in TVL at risk.
The team's simulation was built to closely approximate real network conditions, using over 30 validator nodes and organic transaction traffic. They found that the exploit could be used to steal protocol capabilities, including those held by LayerZero, Wormhole, and USDC's CCTP.
Grego AI, which independently verified Hexens' proof-of-concept, calculated that approximately $250 million in Aptos-native TVL was directly at risk based on the near-90% success rate. The researchers estimated a broader first-order systemic risk of around $70 billion, including value accessible through bridges and centralized exchanges.




