Summary of the security incident
In October 2025, BlockHound conducted an independent forensic investigation into a security breach affecting a third-party market maker (MM) wallet operating on the BNB Smart Chain.
The wallet, which was fully controlled and operated by the market maker and not by Astra Nova, was compromised by an external attacker.
Within a short window of approximately thirty minutes, the attacker gained unauthorized access to the MM's wallet, withdrew USDT stored inside it, and intercepted RVV tokens that were automatically routed there as part of the market maker's settlement processes.
In total, around 187,370 USDT and 199,771,980 RVV were drained from the MM wallet.
Astra Nova's internal systems, smart contracts, and operational wallets were never compromised.
Timeline of events
All times are UTC on October 18, 2025.
Attacker behavior and movement of funds
BlockHound's analysis shows that the attacker moved the stolen assets across several wallets before consolidating most of the value into a primary address.
Preliminary indicators suggest portions of the stolen funds may have passed through automated routing services such as Changelly and may have partially reached LBank.
Further confirmation of these paths depends on internal logs held by the respective platforms. BlockHound has supplied all relevant addresses and flows to impacted exchanges.
Root cause
The breach was caused by the compromise of a third-party market maker's hot wallet, which was externally operated and not under Astra Nova's control.
The investigation found no evidence of compromise or vulnerability in Astra Nova's own systems, contracts, or private infrastructure.
Response and ongoing recovery efforts
Following the detection of the breach, Astra Nova and BlockHound took the following actions:
- Immediately notified Binance and other exchanges to freeze associated assets.
- Collaborated with HitBTC, Changelly, and other platforms to block attacker-linked funds.
- Contacted Tether to request the freezing of remaining USDT tied to the attacker's addresses.
- Delivered forensic data packages to all relevant exchanges.
- Engaged in ongoing monitoring of attacker addresses for any movement of funds.
BlockHound continues to support Astra Nova and exchange partners as additional information becomes available.
Security enhancements implemented
To prevent future incidents involving external service providers, Astra Nova has adopted a strengthened operational framework:
- Mandatory verification of all third-party wallet activities.
- Multi-person approval process for large transfers.
- Real-time alerting and monitoring tools for all externally operated wallets.
- Stricter audit and security requirements for market makers and partners.
- Additional safeguards around routing, settlement, and liquidity operations.
These improvements significantly reduce the likelihood of similar incidents and enhance ongoing protection for the project and its community.
Conclusion
BlockHound's investigation confirms that this incident resulted from the external compromise of a third-party market maker's wallet, not from a breach of Astra Nova's infrastructure.
Astra Nova responded rapidly once abnormal behavior was detected and has taken robust steps to strengthen its security posture going forward.
BlockHound will continue to support the recovery and monitoring process as additional developments occur.

