The cryptocurrency exchange HitBTC has been flagged for a potential critical vulnerability by the blockchain security firm SlowMist. Despite reaching out to HitBTC for responsible disclosure, SlowMist has yet to receive a response. This situation marks the third instance in recent weeks where SlowMist has struggled to get timely reactions from crypto exchanges regarding security threats. Previous alerts were issued to Azbit and ICRYPEX Global, both of which also failed to respond.
HitBTC, one of the oldest exchanges since its inception in 2013 and registered in the British Virgin Islands, recorded a trading volume exceeding $110 million in the past 24 hours. The platform offers over 250 cryptocurrencies and 800 trading pairs.
Security concerns remain a pressing issue in the crypto industry. SlowMist’s 2025 security report highlighted 200 incidents leading to losses of nearly $2.935 billion, a 46% increase from the previous year. Although exchange-related incidents were fewer, they accounted for significant financial damage, with losses reaching up to $1.809 billion. Meanwhile, decentralized finance protocols faced 126 incidents with $649 million in losses.
The trend indicates a shift towards more sophisticated and targeted attacks, often orchestrated by professional hacker groups, including state-sponsored actors. These groups are moving from random attacks to systematic operations aimed at high-profile targets. Additionally, major AI companies have reported that criminals are using their platforms for phishing and other digital attacks, further complicating the security landscape.
Experts recommend that crypto exchanges establish clear communication channels for reporting vulnerabilities and respond promptly to security warnings to protect user funds. SlowMist has played a crucial role in the blockchain security sector, helping to freeze or recover significant amounts of stolen funds through its threat intelligence network.
