How ethical hackers with just a $3,000 server found a flaw that could’ve put $70 billion in crypto at risk
A critical flaw in the Aptos blockchain, which was patched, gave researchers a near-90% success rate at breaking a core security guarantee, with attack costs of just hundreds of dollars.
Make preferred on
Share this article
Summary
- Ethical hackers from security firm Hexens discovered a flaw in the Aptos blockchain that was patched but could have put up to $70 billion in digital assets at systemic risk, including stablecoins and cross-chain bridges.
- Researchers simulated the attack with a over-90% success rate under real network conditions, using a well-provisioned server setup that cost just $3,000 to simulate about 1/3 of the validator network, and the attack required no insider access or special permissions.
- The vulnerability was reported through emergency security channels on Feb. 25, and a patch was deployed within days to prevent any funds from being lost.

