Firewall Daily

SlowMist Flags Potential Security Risk at HitBTC Exchange

A newly disclosed security warning has drawn attention to potential risks at the HitBTC Exchange after blockchain security firm SlowMist reported identifying a potentially critical vulnerability on the platform.  

SlowMist revealed the issue in a public post on X (formerly Twitter), after efforts to contact HitBTC through direct messages reportedly went unanswered. According to the blockchain security firm, responsible disclosure protocols were followed before the public warning, but the absence of acknowledgment left researchers with limited options to ensure user safety. 

In its official statement, SlowMist wrote, “We have identified a potential critical vulnerability and reached out via DM in advance under responsible disclosure, but have not yet received a response. Please contact us promptly to coordinate next steps.” 

Although no technical details were released to prevent misuse, SlowMist stressed that the vulnerability could pose serious risks to both user funds and sensitive data held on the HitBTC Exchange.  

HitBTC Exchange and Ongoing Cryptocurrency Security Concerns

Founded in 2013, HitBTC Exchange is one of the oldest cryptocurrency trading platforms still in operation. Registered in the British Virgin Islands, the exchange offers access to more than 250 cryptocurrencies and over 800 trading pairs. Recent figures show that HitBTC processed more than $110 million in trading volume within 24 hours. 

Despite its long-standing presence, the platform has faced criticism in recent years related to transparency, customer support responsiveness, and communication practices. The current incident has intensified those concerns, especially since similar situations have occurred elsewhere in the cryptocurrency sector. 

The warning involving HitBTC marks at least the third instance in recent weeks where SlowMist publicly disclosed vulnerability concerns after failing to establish contact with an exchange. In December, the firm issued comparable notices to Seychelles-registered Azbit and Turkey-based ICRYPEX Global, both of which reportedly did not respond despite managing daily trading activity. 

Data Shows Rising Impact of Cryptocurrency Attacks

The unfolding situation reflects broader security trends affecting the cryptocurrency ecosystem. According to SlowMist’s 2025 annual security report, approximately 200 blockchain-related security incidents occurred during the year, resulting in estimated losses of $2.935 billion. While the number of incidents declined compared to 2024, the total financial impact increased by 46%, indicating more targeted and high-impact attacks.

Exchange-related incidents numbered only 12 in 2025 but accounted for losses totaling $1.809 billion. In contrast, decentralized finance (DeFi) protocols experienced 126 incidents, leading to $649 million in losses. Supporting this data, blockchain security firm CertiK reported that $117.8 million was lost to cryptocurrency exploits in December 2025 alone. 

SlowMist continues to play an important role in monitoring and mitigating these threats. During 2025, the firm helped freeze or recover approximately $19.29 million in stolen assets using its threat intelligence network and MistTrack analysis platform. Across 18 major incidents, around $387 million of $1.957 billion in stolen funds was recovered, representing a recovery rate of 13.2%. 

Ashish Khaitan

Ashish is a technical writer at The Cyber Express. He adores writing about the latest technologies and covering the latest cybersecurity events. In his free time, he likes to play horror and open-world video games.

Recent Posts

AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

The report noted that cyber risk has become a major financial stability concern as India's financial ecosystem becomes increasingly digital…

21 hours ago

Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

Apple said the flaws were addressed through improved memory management, input validation, bounds checking, and stronger security origin tracking.

2 days ago

Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

ARMA said receiving the cryptocurrency marks an important step in the evolution of Ukraine's asset management system.

2 days ago

U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

The domain seizure operation was coordinated with international partners through the International Computer Hacking and Intellectual Property (ICHIP) Network.

2 days ago

Operation Endgame Disrupts SocGholish, StealC Malware Networks

The operation forms part of Operation Endgame, described by Europol as the largest international initiative to disrupt ransomware enablers worldwide.

3 days ago

UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

The UAE Cybersecurity Council shares cybersecurity best practices to help users secure digital footprints and reduce cyberattack risks.

3 days ago

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.

Read More