Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
SlowMist founder Cos reminded users of the NOFX AI open-source automated trading system to be aware of potential security risks. Although the NOFX AI open-source work has shown good intentions, real theft incidents have already occurred, and some users’ wallet private keys as well as CEX/DEX API keys have been leaked as a result. Cos confirmed that this vulnerability also affects the wallet private key security of Aster users. He stated that SlowMist has collaborated with relevant security teams to notify affected users as much as possible to help reduce risks, and advised users to stay vigilant and take timely security measures. Attack method (per SlowMist): Private Key Leakage. Reported loss: -.
- chain
- —
- protocol
- Nofx AI
- bug_class
- private-key
- date_occurred
- 2025-11-17
- loss_usd
- —
- source_id
- sm:nofx-ai::2025-11-17