A newly disclosed security warning has drawn attention to potential risks at the HitBTC Exchange after blockchain security firm SlowMist reported identifying a potentially critical vulnerability on the platform.
SlowMist revealed the issue in a public post on X (formerly Twitter), after efforts to contact HitBTC through direct messages reportedly went unanswered. According to the blockchain security firm, responsible disclosure protocols were followed before the public warning, but the absence of acknowledgment left researchers with limited options to ensure user safety.
In its official statement, SlowMist wrote, “We have identified a potential critical vulnerability and reached out via DM in advance under responsible disclosure, but have not yet received a response. Please contact us promptly to coordinate next steps.”
Although no technical details were released to prevent misuse, SlowMist stressed that the vulnerability could pose serious risks to both user funds and sensitive data held on the HitBTC Exchange.
HitBTC Exchange and Ongoing Cryptocurrency Security Concerns
Founded in 2013, HitBTC Exchange is one of the oldest cryptocurrency trading platforms still in operation. Registered in the British Virgin Islands, the exchange offers access to more than 250 cryptocurrencies and over 800 trading pairs. Recent figures show that HitBTC processed more than $110 million in trading volume within 24 hours.
Despite its long-standing presence, the platform has faced criticism in recent years related to transparency, customer support responsiveness, and communication practices. The current incident has intensified those concerns, especially since similar situations have occurred elsewhere in the cryptocurrency sector.
The warning involving HitBTC marks at least the third instance in recent weeks where SlowMist publicly disclosed vulnerability concerns after failing to establish contact with an exchange. In December, the firm issued comparable notices to Seychelles-registered Azbit and Turkey-based ICRYPEX Global, both of which reportedly did not respond despite managing daily trading activity.
Data Shows Rising Impact of Cryptocurrency Attacks
The unfolding situation reflects broader security trends affecting the cryptocurrency ecosystem. According to SlowMist’s 2025 annual security report, approximately 200 blockchain-related security incidents occurred during the year, resulting in estimated losses of $2.935 billion. While the number of incidents declined compared to 2024, the total financial impact increased by 46%, indicating more targeted and high-impact attacks.
Exchange-related incidents numbered only 12 in 2025 but accounted for losses totaling $1.809 billion. In contrast, decentralized finance (DeFi) protocols experienced 126 incidents, leading to $649 million in losses. Supporting this data, blockchain security firm CertiK reported that $117.8 million was lost to cryptocurrency exploits in December 2025 alone.
SlowMist continues to play an important role in monitoring and mitigating these threats. During 2025, the firm helped freeze or recover approximately $19.29 million in stolen assets using its threat intelligence network and MistTrack analysis platform. Across 18 major incidents, around $387 million of $1.957 billion in stolen funds was recovered, representing a recovery rate of 13.2%.