News

ChainCatcher reported that, according to monitoring by Lookonchain, address 0x6834 has held a long position in ASTER for 38 days and has deposited an additional 1 million USDC to the platform in the past two hours to further increase its ASTER long position. Currently, this address holds approximately 2.3 million ASTER, with a position value of about $2.86 million.

According to ChainCatcher, the SlowMist security team recently analyzed the open-source automated futures trading system NOFX AI, which is based on DeepSeek/Qwen, and discovered multiple critical authentication vulnerabilities. They pointed out that the system has a "zero authentication" mode enabled by default, where the administrator mode is directly activated, allowing all requests to pass without verification. Attackers can access /api/exchanges and obtain the complete API key and private key. In the "authorization required" mode, although JWT is added, the default jwt_secret still exists, and if the environment variable is not set, it will revert to the default key. In addition, in this mode, sensitive fields are still output as raw JSON, so if the token is forged or stolen, it will also lead to key leakage. SlowMist stated that so far, they have identified over a thousand publicly deployed instances using vulnerable configurations and have coordinated with a certain exchange's security team to complete the replacement of related credentials. The team reminds all users to upgrade their systems immediately, especially those running bots on Aster or Hyperliquid, who should check their settings as soon as possible.