- Hexens found a major bug in Aptos that was fixed before any money was moved.
- This problem would have allowed the attacker to create and push through the bridges.
- Aptos denies its risks, however Polygon’s CTO confirmed the proof of concept.
- The case also revives the chain-breaker debate over fast L1s.
The security firm has revealed that Aptos, one of the fastest-1 blockchains, had a major bug for months before it was quietly installed. On July 4, Hexens went public with a bug that they announced privately to Aptos back on February 25, a weakness in the engine that runs the chain’s smart contracts that, according to their estimates, put $70 billion in speculative risks by playing bridges, fixed income and connected exchanges. Aptos Labs had posted it within hours of the first report, and no user funds were involved.
So why is the five-month patch making news now? Two reasons. Numbers, obviously. And the details underneath: the thing that Aptos sells the most is raw speed, and raw speed is what turns $70 billion from a risky title into a defensive ratio.
A proud story, one day the story broke
On July 5, just 24 hours after the report, the project’s official account went live monthly update of tokenomicsa report of 232,500 APT was burned in the last 30 days, more than 16 million purchases in one day for the month of the new quarter, and a fee of $ 0.0005 following the tenfold interest, all under the tagline “full of markets and working machines.” The article reads very differently when you have the revelation of Hexens in front of you, because the near-free and extensive activities that Aptos is promoting are the same thing that a security researcher first evaluates when calculating how much a single error at the core of the chain can cost money.
Every sale on Aptos is lit $APT. Changes to the new moon:
• 232.5K APT burned in Last 30D
• 1.4M total APT burned since mainnet
• +16M transactions in one day—a new quarterly high
• $0.0005 avg tx interest rate starting at 10x interest rate increasesA whole bunch of markets and working machines. pic.twitter.com/gPEuWzD1Qf
– Aptos (@Aptos) July 5, 2026
This problem lies under the code that reviews the most
Aptos is built on Move, a programming language designed to make this type of attack more difficult. The move handles tokens and other digital assets as secure assets and checks, at the time of operation, that nothing is being handled as something wrong. That promise of security is a big part of why Aptos and Sui both tout Move as more secure than the old site.
The Hexens’ mistake fell under the promise rather than breaking the title. In short, the system worked briefly from the past and ended up interfering with one type of product on another chain. The security people call it “type confusion”, an old programming problem where a program reads something as an error and goes straight through the checks it’s supposed to stop. On the blockchain, that mix is dangerous: an attacker can disguise something malicious as legitimate and trick the network into misreading who owns what and who is allowed to move it.
Polygon CTO Mudit Gupta reviewed the proof of concept independently as well told CoinDesk that it worked out exactly as they saidit is a warning that several things must follow first. From the head of security for a rival chain, that carries more weight than anything Aptos or Hexens can say on their own.
Why lower prices and higher volume make the error worse
Promotion ceases to be a marketing line here and begins to act as a risk multiplier. The Hexens ran a set of more than 30 official products, set up to show real networks, on a server that cost about $3,000 and represented about a third of the official set. It worked 17 or 18 out of 20, with no intrusion or special permits required.
Fold live images and the image will be sharpened. At a small step in the reaction, the chain overflow and the negative load are almost free. With 16 million transactions per day, with confirmation blocks in seconds, a sophisticated attacker only needs a small window to create and delete them before anyone can respond. Speed is neutral. The same engine that removes legitimate volume in seconds can remove fake coins that we run at the same speed, and the people running the network can’t react that fast.
That’s the part that the fireworks post accidentally highlighted.
Two very different numbers, and why the difference is important
Two figures emerged from this, and to treat them as one is how the story is confused. The smaller one is about $250 million, the value found in Aptos DeFi software that the independent company Grego AI saw as a direct risk. The biggest one is $70 billion, and it’s only visible if you follow the bug through horizontal bridges like Wormhole and LayerZero, stablecoin systems, and exchanges that sell APT and its packaged versions.
Bridges are soft spots. They collect assets from multiple chains at the same time, so a fraudulent event that starts on Aptos can drain the funds originally from Ethereum. 70 billion dollars is a huge problem that is built on many ideas, not the money that was there to work on one project.
| Picture | What it represents | Source |
|---|---|---|
| $250M | Value in Aptos DeFi software for direct risk | Greek AI |
| $70B | Worst risk for bridges, stablecoins, exchanges | Hexens |
| $3,000 | The cost of the server is based on about one third of the confirmation | Hexens |
| $1M | Maximum Aptos bug bounty payout section | Aptos bug bounty program |
Aptos Labs does not dispute the report itself. It confirms the February 25 notification through the bug bounty program and says that the issue has already been fixed internally. What contradicts its seriousness, arguing that the real-world experience of the Internet made the task more difficult to remove than the test meant, and put the real-world use “very low.” This goes directly to Gupta’s confirmation, and the two positions have not been reconciled in public.
There is a second difference that is worth noting, and that is about incentives rather than codes. The price tag is $1 million. This kind of activity can take a lot of money on the black market, and the Hexens have revealed, which is the whole way to make a profit.
| Systematic reading-threat | The study of endurance |
|---|---|
| A $3,000 setup can threaten the top-1 segment | Printed within hours, no network interruption |
| The main problem is showing the vulnerability of the Move chain | Aptos says that real-time events kept spending very low |
| One error can reach the property of the bridge and the stablecoin | Bounty led the white hat in sales |
What the APT chart is doing as the argument progresses
Businesses often ignore this. On the 4-hour Aptos/USD chart from Coinbase, is pulled through TradingView, APT changed hands near $0.635 on July 7, holding the top of the 50-time moving average of $0.6061 and its 100-time line at $0.6147, while running in the 200-time of $0.6410 as resistance. The moving average is the closing price of the middle of many candles, and this pattern points to a real breakout that has not yet resolved the major decline, which pulled the APT from around $1.00 in mid-May to around $0.55.

The RSI, the number of buying pressure that goes from 0 to 100, was at 58.77, above the 50 mark but nowhere near the 70 line that indicates a very hot market. CoinMarketCap price had an APT of up to 9.91 percent for the week at $0.6339, so the disclosure appears to be weighting the sentiment rather than triggering actual sales.
A fix that continues in this article
Builders carry local goods. Anyone who has a program on Aptos has reason to re-examine how their code handles the type of Hexens they found, and big investors can take a little higher risk on Move-based tokens like APT and SUI while they are also looking at the network base.
Two things, however, can be fixed after the cover is gone. First is the beautiful roof. The amount of $ 1 million seems very small next to the value that needs to be protected, and the projects that compete with buyers in the black market can not help but raise. The second is to change the question that researchers ask. For many years bragging rights were about how much sales a chain could handle. This phenomenon leads to a different technique: how networks stop themselves. Speed chains need “switches” that freeze and freeze the moment something seems wrong, because as soon as one notices, the situation has already happened.
Aptos is about to experiment on its own. The idea of hiding the details of the process until they confirm, which would make it difficult going forward, is already in the community voting, while other upgrades speed up verification times. Each of these add speed and increase the value at stake, the same combination where the Hexens reveal can turn a single error into a permanent one. Whether Move’s next defensive moment counts as a confirmation or a repeat comes down to one thing: whether these upgrades are the defenses that the division created.a






