SlowMist uncovers major security flaws in NOFX AI that exposed user keys

SlowMist, a blockchain security firm, has led an investigation that has uncovered critical vulnerabilities in NOFX AI, an open-source cryptocurrency futures trading system built on DeepSeek and Qwen’s large-language-model architecture. 

According to findings published on Web3Caff, flaws in multiple versions of the system left some users exposed to credential leakage, with attackers able, in certain cases, to obtain wallet private keys and centralized and decentralized exchange API credentials.

After making those discoveries, the SlowMist team reached out to the security teams of Binance and OKX, who worked with the team to identify affected users and revoke compromised keys.

Authentication flaws exposed in multiple versions

The SlowMist investigation began after the team received intelligence from a community researcher operating under the handle @Endlessss20, who suspected that NOFX AI might be leaking exchange API keys. 

Cos, the founder of SlowMist, who uses the X handle @evilcos, initially had praise for NOFX AI’s open-source efforts, calling them commendable.

However, he then stated that the risks they have “disclosed have already led to real theft incidents, where some users’ wallet private keys and CEX/DEX API Keys were leaked as a result.”

Cos added that SlowMist’s initial disclosure effort was deliberately coordinated with exchange security teams to ensure that those affected were notified before details were released publicly.

SlowMist’s subsequent analysis identified two core authentication issues affecting different commit generations of the open-source repository.

This issue was reportedly present in older and newer versions of the open-source platform; the system reportedly ran in an “Authorization Required” state that nonetheless lacked actual access controls, leaving sensitive administrator (admin) functions open without authentication.

So, attackers could interact with admin APIs without needing credentials.

Compounding these authentication weaknesses, one of the system’s API endpoints returned sensitive connection data by default, including API keys and associated secrets for exchanges such as Binance, Hyperliquid, and Aster DEX.

Coordinated security response with exchanges

After confirming the severity of the issues, SlowMist contacted the security divisions of Binance and OKX.

They reportedly set up a joint security operations room where SlowMist supplied intelligence and an impact assessment, while the exchange teams independently analyzed and verified the compromised API data.

The groups then worked backwards from exposed keys to identify at-risk accounts on their platforms.

The exchanges initiated countermeasures, informing each affected user and immediately revoking their API keys, secret keys, and any linked automation credentials.  “As of November 17, all affected CEX users have been notified, and their relevant keys have been revoked, and their assets are safe,” SlowMist stated in its report.

However, it admitted that reaching users on decentralized exchanges was relatively more difficult. SlowMist said they and the Binance team tried to contact a small number of Aster and Hyperliquid users directly, but could not “due to the decentralized wallet addresses.”

“If you are using automated trading systems on Aster or Hyperliquid, please promptly check and address any related risks,” the security firm warned users.

Warnings for the AI-trading ecosystem

SlowMist also pointed out that there is a rise in large-scale AI model quantization projects; however, most open-source implementations are still in their early stages.

Therefore, those deploying such emerging open-source systems are advised to “conduct thorough code security audits and strengthen risk control measures to avoid financial losses.”

The security firm also had recommendations for the NOFX AI team and users, advising them to refuse to run the program if a template key is detected, disable admin mode unless explicitly configured and protected with a strong password and OTP authentication, and redesign sensitive endpoints to return only non-critical metadata while requiring secondary verification for private-key or API-key access, among others.

The firm warned that “until the development team completes these fixes, any deployment to the public internet should be considered high-risk.”

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.