SlowMist, a renowned blockchain security platform, has recently investigated the security ecosystem of NOFX AI, an open-source crypto futures trading entity. SlowMist has identified a critical vulnerability in NOFX AI’s trading system. As per the official report of SlowMist, the severe vulnerabilities of the trading framework of NOFX AI pose a risk to the thousands of consumers. Additionally, the findings signify notable authentication failures that could result in the leakage of API keys, delicate exchange credentials, and private keys.
NOFX AI Experiences Alarming Authentication Vulnerabilities, Warns SlowMist
The investigation of SlowMist on the trading system of NOFX AI highlights substantial security risks. These vulnerabilities could present a high-risk setting for the traders operating under NOFX AI. While reflecting on this investigation, the platform mentioned that a community member, going by “@Endlessss20,” requested the respective inquiry after suspecting the exposure of sensitive consumer data.
Subsequently, SlowMist confirmed the presence of a couple of key authentication flaws impacting the project’s diverse commit versions. Particularly, the most alarming detection included the “zero-authentication” vulnerability existing in the project’s October 31, 2025 commit. The respective version comprised the default enablement of admin mode, permitting every request to easily bypass validation altogether. So, there was no requirement for any login to reach the /api/exchanges endpoint, permitting the restoration of all stored private keys and API keys.
The respective flaw comprehensively exposed full ExchangeConfig data, taking into account Binance API keys, Hyperliquid Wallet addresses, Aster private keys, and secret keys. So any hacker could access complete administrative access with a “GET” request. After that, the 2nd vulnerability appeared in the update that went live on the 5th of November this year. This update unveiled JWT-based authentication while still depending on hard-coded jwt_secret. With this, the hackers could simply generate verified tokens to continue recovering delicate exchange credentials. Moreover, irrespective of the following improvements, the root issue is still present in November 13’s update.
Users Need to Upgrade or Immediately Disconnect to Prevent Damages
According to SlowMist’s report revealing NOFX AI’s security vulnerabilities, the over 1,000 of its deployments are openly accessible online. This simplifies the extent of potential damage. Therefore, SlowMist collaborated with OKX and Binance to establish a mutual task force to respond to any incident. Leveraging the exposed API keys, they traced impacted consumers, warned them, and coordinated the compromised keys’ revocation. Ultimately, the consumers engaged in the deployment of older commits, specifically the zero-authentication version, need immediate upgradation or isolation of systems from open internet.
