TechFlow news, July 5, according to CoinDesk, researchers from blockchain security firm Hexens discovered a "stale cache" type confusion vulnerability in the Aptos blockchain Move virtual machine. Attackers needed only about $3,000 in server costs to launch attacks in a simulated environment with nearly 90% success rate, without requiring validator permissions or internal knowledge. Researchers ran about 20 attacks in simulated tests, succeeding 17-18 times, and verified the potential control capability over management permissions of cross-chain protocols such as LayerZero, Wormhole, and USDC CCTP.
Hexens assessed that this vulnerability directly threatens protocols such as DeFi, stablecoins, and liquid staking on the Aptos chain, involving low single-digit billions of dollars in assets; if spread through paths such as cross-chain bridges, stablecoin minting, and centralized exchanges, systemic risk exposure could reach up to $70 billion. The Aptos team completed the fix and deployed it to the mainnet within hours of receiving the vulnerability report on February 25, and currently no user funds have been compromised.



