Summary of the Security Incident

‍

In October 2025, Blockhound conducted an independent forensic investigation into a security breach affecting a third-party market maker (MM) wallet operating on the BNB Smart Chain.

This wallet, which was fully controlled and operated by the market maker and not by Astra Nova, was compromised by an external attacker.

‍

Within a short window of approximately thirty minutes, the attacker gained unauthorized access to the MM’s wallet, withdrew USDT stored inside it, and intercepted RVV tokens that were automatically routed there as part of the market maker’s settlement processes.

‍

In total, around 187,370 USDT and 199,771,980 RVV were drained from the MM wallet.

‍

Astra Nova’s internal systems, smart contracts, and operational wallets were never compromised.

‍

Timeline of Events

‍

3:52 PM UTC ,October 18, 2025

‍

The attacker accessed the MM-operated wallet and withdrew 118,612 USDT.

‍

3:56 PM UTC

‍

As part of routine market maker settlement activity, 100 million RVV was automatically routed into the MM’s wallet. Because the attacker had gained control, the tokens were immediately transferred out.

‍

4:13 PM UTC

‍

A second settlement transfer of 100 million RVV was routed into the same wallet and again immediately drained by the attacker.

‍

Note: These transfers were part of the MM’s automated liquidity and settlement system. Astra Nova did not initiate or manually approve these transactions.

‍

4:22 PM UTC

‍

Blockhound’s monitoring tools detected the consolidation of all drained RVV into an address controlled by the attacker.

‍

Upon detecting the abnormal activity, Astra Nova immediately halted all interactions with the compromised MM infrastructure.

‍

4:48 PM UTC

‍

Astra Nova promptly notified Binance and other exchanges, requesting emergency freezes and providing early forensic information to assist with containment and potential recovery.

‍

Attacker Behavior and Movement of Funds

‍

Blockhound’s analysis shows that the attacker moved the stolen assets across several wallets before consolidating most of the value into a primary address.

Preliminary indicators suggest portions of the stolen funds may have passed through automated routing services such as Changelly and may have partially reached LBank.

Further confirmation of these paths depends on internal logs held by the respective platforms.

‍

Blockhound has supplied all relevant addresses and flows to impacted exchanges.

‍

Root Cause

‍

The breach was caused by the compromise of a third-party market maker’s hot wallet, which was externally operated and not under Astra Nova’s control.

The investigation found no evidence of compromise or vulnerability in Astra Nova’s own systems, contracts, or private infrastructure.

‍

Response & Ongoing Recovery Efforts

‍

Following the detection of the breach, Astra Nova and Blockhound took the following actions:

‍

Immediately notified Binance and other exchanges to freeze associated assets

‍

Collaborated with HitBTC, Changelly, and other platforms to block attacker-linked funds

‍

Contacted Tether to request the freezing of remaining USDT tied to the attacker’s addresses

‍

Delivered forensic data packages to all relevant exchanges

‍

Engaged in ongoing monitoring of attacker addresses for any movement of funds

‍

Blockhound continues to support Astra Nova and exchange partners as additional information becomes available.

‍

Security Enhancements Implemented

‍

To prevent future incidents involving external service providers, Astra Nova has adopted a strengthened operational framework:

‍

Mandatory verification of all third-party wallet activities

‍

Multi-person approval process for large transfers

‍

Real-time alerting and monitoring tools for all externally operated wallets

‍

Stricter audit and security requirements for market makers and partners

‍

Additional safeguards around routing, settlement, and liquidity operations

‍

These improvements significantly reduce the likelihood of similar incidents and enhance ongoing protection for the project and its community.

‍

Conclusion

‍

Blockhound’s investigation confirms that this incident resulted from the external compromise of a third-party market maker’s wallet, not from a breach of Astra Nova’s infrastructure.

‍

Astra Nova responded rapidly once abnormal behavior was detected and has taken robust steps to strengthen its security posture going forward.

‍

Blockhound will continue to support the recovery and monitoring process as additional developments occur.

‍