How hackers with a $3,000 server found a flaw that could have put $70 billion in crypto at risk

Meanwhile, Grego AI, which independently verified Hexens’ proof of concept, calculated that approximately $250 million of Aptos’ native TVL was directly at risk based on a nearly 90% success rate, regardless of broader cross-chain exposure.

The $70 billion risk

The vulnerability, discovered by Vahe Karapetyan, CTO and co-founder of Hexens, could have, if left unchecked, exposed a much larger surface area of ​​systemic risk across bridges, stablecoins, DeFi protocols and centralized exchanges, costing billions and creating a crisis far beyond Aptos itself.

And all it would have taken was a few thousand dollars worth of servers.

The total cost of setting up the infrastructure needed to run this experiment was approximately $3,000 for a server simulating an environment designed to approximate Aptos mainnet conditions. However, if a malicious attacker had actually used the exploit, it would have required much less, without requiring access to the validator, insider knowledge, or privileged protocol permissions.

The team ran the exploit path about 20 times in a simulated environment and was successful 17 or 18 times. The two or three failed attempts did not shut down the network, meaning the attacker could have simply been given another window to try again.

The simulation was designed to closely approximate real network conditions, using a cluster of 30+ validator nodes, mainnet-shaped stake distribution, organic transaction traffic, and strong execution contention. The Hexens team also tested what it calls “unarmed calibration techniques”: dry runs that measured mempool and block construction conditions before committing to an armed attempt. The company said these measures significantly reduced the uncertainty introduced by the probabilistic elements of the exploit, making the attack path more reliable in practice.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top