Ethical hackers find flaw in Aptos blockchain

Researchers at Hexens identified a critical vulnerability in the Aptos blockchain that could have exposed up to $70 billion in crypto assets to risk. The issue was reported on February 25 and fixed within days, with no funds lost.

White hat hackers from the security firm Hexens discovered a stale-cache bug in the Aptos Move virtual machine. The flaw allowed potential type-confusion attacks that could bypass core security guarantees of the Move programming language.

The team simulated the attack using a $3,000 server setup that approximated one-third of the validator network. They achieved a success rate of over 90 percent across roughly 20 test runs under conditions that matched mainnet traffic and stake distribution.

Aptos Labs received the report through its bug bounty program on February 25. A fix was developed, tested, and deployed to mainnet within hours. An Aptos spokesperson stated that no users or funds were impacted.

Independent reviewers including Mudit Gupta of Polygon confirmed the proof-of-concept worked as described. Grego AI separately estimated that about $250 million in Aptos-native value was directly at risk, while broader cross-chain exposure could have reached the higher systemic figure.

Relaterade artiklar

Illustration of a laptop cybersecurity breach stealing cryptocurrency tokens from Humanity Protocol
Bild genererad av AI

Humanity Protocol loses $36 million in laptop key breach

Rapporterad av AI Bild genererad av AI

Humanity Protocol said hackers stole more than $36 million in H tokens by compromising an employee's laptop that held multiple bridge admin keys. The decentralized identity project has halted bridge activity and is working with law enforcement.

Decentralized finance recorded far fewer losses in recent years, according to new industry data. Total incidents dropped from $2.62 billion in 2022 to $534 million in 2024. A single November 2025 exploit across six networks illustrated the remaining threat.

Rapporterad av AI

AI-powered systems are driving down the price of smart contract reviews in cryptocurrency projects, according to security researchers. The changes could raise expectations for due diligence by developers and institutions alike.

SecondFi, the Cardano wallet formerly known as Yoroi, confirmed losses of 16 million ADA worth about 2.4 million dollars from 374 user wallets in three attacks. The firm secured an additional 129 million ADA before further drains occurred. A flaw in its proprietary wallet generation software caused the breach.

Rapporterad av AI

Zcash token ZEC dropped sharply after developers disclosed a vulnerability in the Orchard shielded pool that could have allowed undetected counterfeiting of tokens. The flaw, present since 2022, was found on May 29 using an AI model and patched by June 1. No evidence of exploitation was found, though privacy features prevent cryptographic proof.

The Ethereum Foundation dismissed 54 employees and reduced its annual budget by roughly 40 percent on June 23 as part of a reorganization. The cuts follow the launch of EthLabs, a new research organization, the previous day. Officials described the changes as a shift toward a leaner structure focused on core protocol priorities.

Rapporterad av AI

A Palo Alto security firm says it built a working macOS exploit in five days with help from Anthropic's Claude Mythos Preview. The researchers met Apple officials at Apple Park to discuss the findings.

 

 

 

Denna webbplats använder cookies

Vi använder cookies för analys för att förbättra vår webbplats. Läs vår integritetspolicy för mer information.
Avböj