Ethical hackers find flaw in Aptos blockchain

Researchers at Hexens identified a critical vulnerability in the Aptos blockchain that could have exposed up to $70 billion in crypto assets to risk. The issue was reported on February 25 and fixed within days, with no funds lost.

White hat hackers from the security firm Hexens discovered a stale-cache bug in the Aptos Move virtual machine. The flaw allowed potential type-confusion attacks that could bypass core security guarantees of the Move programming language.

The team simulated the attack using a $3,000 server setup that approximated one-third of the validator network. They achieved a success rate of over 90 percent across roughly 20 test runs under conditions that matched mainnet traffic and stake distribution.

Aptos Labs received the report through its bug bounty program on February 25. A fix was developed, tested, and deployed to mainnet within hours. An Aptos spokesperson stated that no users or funds were impacted.

Independent reviewers including Mudit Gupta of Polygon confirmed the proof-of-concept worked as described. Grego AI separately estimated that about $250 million in Aptos-native value was directly at risk, while broader cross-chain exposure could have reached the higher systemic figure.

Makala yanayohusiana

Illustration of a laptop cybersecurity breach stealing cryptocurrency tokens from Humanity Protocol
Picha iliyoundwa na AI

Humanity Protocol loses $36 million in laptop key breach

Imeripotiwa na AI Picha iliyoundwa na AI

Humanity Protocol said hackers stole more than $36 million in H tokens by compromising an employee's laptop that held multiple bridge admin keys. The decentralized identity project has halted bridge activity and is working with law enforcement.

Decentralized finance recorded far fewer losses in recent years, according to new industry data. Total incidents dropped from $2.62 billion in 2022 to $534 million in 2024. A single November 2025 exploit across six networks illustrated the remaining threat.

Imeripotiwa na AI

AI-powered systems are driving down the price of smart contract reviews in cryptocurrency projects, according to security researchers. The changes could raise expectations for due diligence by developers and institutions alike.

SecondFi, the Cardano wallet formerly known as Yoroi, confirmed losses of 16 million ADA worth about 2.4 million dollars from 374 user wallets in three attacks. The firm secured an additional 129 million ADA before further drains occurred. A flaw in its proprietary wallet generation software caused the breach.

Imeripotiwa na AI

Zcash token ZEC dropped sharply after developers disclosed a vulnerability in the Orchard shielded pool that could have allowed undetected counterfeiting of tokens. The flaw, present since 2022, was found on May 29 using an AI model and patched by June 1. No evidence of exploitation was found, though privacy features prevent cryptographic proof.

The Ethereum Foundation dismissed 54 employees and reduced its annual budget by roughly 40 percent on June 23 as part of a reorganization. The cuts follow the launch of EthLabs, a new research organization, the previous day. Officials described the changes as a shift toward a leaner structure focused on core protocol priorities.

Imeripotiwa na AI

A Palo Alto security firm says it built a working macOS exploit in five days with help from Anthropic's Claude Mythos Preview. The researchers met Apple officials at Apple Park to discuss the findings.

Jumamosi, 27. Mwezi wa sita 2026, 06:15:03

Polymarket updates hack losses to $3.1 million

Jumatatu, 22. Mwezi wa sita 2026, 16:04:19

Taiko halts Ethereum layer-2 after bridge exploit

Jumamosi, 6. Mwezi wa sita 2026, 07:09:23

AI uncovers long-hidden flaw in Zcash privacy pool

Ijumaa, 22. Mwezi wa tano 2026, 01:55:31

Polymarket internal wallet drained of over $500,000

Jumanne, 19. Mwezi wa tano 2026, 09:16:25

Echo protocol hit by 76 million dollar admin key exploit

Jumamosi, 16. Mwezi wa tano 2026, 17:25:48

Thorchain opens refund portal after $10 million exploit

Jumamosi, 9. Mwezi wa tano 2026, 18:48:20

LayerZero admits mistake in $292 million Kelp exploit

Jumatatu, 4. Mwezi wa tano 2026, 03:24:17

Aave fights to unfreeze $71 million amid Kelp DAO hack court battle

Jumamosi, 2. Mwezi wa tano 2026, 16:31:31

$292 million Kelp DAO exploit exposes DeFi vulnerabilities

Ijumaa, 1. Mwezi wa tano 2026, 01:14:18

North Korean hackers steal $6 billion in crypto since 2017

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa