
hexens
1.9K posts

hexens
@hexens
Security for those who cannot afford a mistake.


Breaking down the Aptos bug - LIVE Sitting down with @kemmio, CTO of Hexens, to talk through the Aptos Move VM bug that put up to $70B at systemic risk. We'll go through how it was discovered, what the real attack chain looked like, and how something that cost $3K to build hit a ~90% success rate in simulations. Tomorrow, July 14 at 15:00 UTC, live right here. Set a reminder and bring your questions.



We've engaged @hexens for an independent security audit of Kerne's core protocol (kUSD, skUSD, PSM, vault), as part of their Builder Support Program. Fieldwork begins July 13. Hexens' research team recently identified a critical vulnerability in the Aptos Move VM that put up to $70B at systemic risk, the kind of depth and rigor we wanted behind this audit. The code stays unaudited until the report is public. kerne.fi/security/audits

dfc82c649a0808e5083eb38871fdfcdfb28600a43880dbc21ee3625cf20a5b2f

1/ we found a bug in the Aptos Move VM that put up to $70B at systemic risk. type confusion at the execution layer. a ~90% success rate across hundreds of simulated runs on a 30+ validator cluster. cost to build the attack infrastructure: $3,000. Conducted by @kemmio , to our knowledge this is the first public research that showcases how to land a sophisticated multi-block attack in real-world environments. It includes mempool feng shui, block production specifics and about a dozen of other primitives and tricks chained to get to near-perfect exploitation results. Nonetheless, Aptos called it "extremely low exploitability." [hexens.io/research/aptos…]

