According to Wu Blockchain, the SlowMist security team released a report stating that the open-source cryptocurrency futures auto-trading system NOFX AI (based on DeepSeek/Qwen AI) has a critical security vulnerability that could lead to the leakage of exchange API Keys and private keys. The vulnerability stems from the project enabling 'Admin Mode' by default across multiple versions without authentication checks, allowing attackers to directly access /api/exchanges to obtain key information for exchanges like Binance, Hyperliquid, and Aster DEX. Although the November 5 update introduced a JWT authentication mechanism, the default key can still be exploited, meaning the core issue remains unresolved. SlowMist recommends that deployers immediately disable Admin Mode, replace the JWT key, and minimize the information returned by interfaces to mitigate asset risks. https://www.(wublock123.com)/index.php?m=content&c=index&a=show&catid=6&id=51973