SlowMist Discovers Serious Weakness on HitBTC Exchange

The renowned blockchain security company SlowMist has issued a warning about a potentially critical vulnerability on the cryptocurrency exchange HitBTC. According to a post on the X platform, SlowMist identified the issue and attempted to contact HitBTC via private messages for responsible disclosure, but received no response. This forced the experts to make the information public to draw attention and avoid potential risks to users.

HitBTC, one of the oldest crypto exchanges founded in 2013, is known for its wide range of trading pairs and low fees, but has recently faced criticism regarding transparency and customer support. The details of the vulnerability are not being disclosed to avoid aiding potential attackers, but SlowMist emphasized its severity, which could threaten the security of users' funds and data. In their January 4 post, the SlowMist team urged HitBTC to contact them immediately for coordination of next steps.

Who are SlowMist?

SlowMist is a cybersecurity company specializing in protecting the blockchain ecosystem. Founded in January 2018 by a team with over a decade of experience in network security, it provides security audit services, consultations, penetration testing (red teaming), and threat protection. SlowMist works with leading cryptocurrency exchanges, wallets, smart contracts, and other blockchain projects, helping to identify vulnerabilities and prevent hacker attacks. The company also offers threat monitoring tools such as AML (anti-money laundering), vulnerability scanners, and services for tracking hacking incidents. SlowMist is known for its responsible disclosure practices, where vulnerabilities are reported privately before public announcement to allow time for fixes. They are headquartered in China but operate globally, including in Hong Kong, and collaborate with Web3 projects.

This incident highlights the growing risks in the crypto industry, where hacker attacks are becoming increasingly frequent. According to industry reports, losses from hacks in DeFi and exchanges exceeded $2 billion in 2025. HitBTC users are advised to temporarily refrain from large transactions, enable two-factor authentication, and monitor their accounts. At the time of writing, HitBTC has not provided an official comment, raising concerns in the community.

SlowMist, as a leading player in the field, continues to monitor the situation. Similar warnings from companies like SlowMist often lead to quick fixes, but the lack of response from HitBTC could impact the exchange's reputation. Investors and traders are watching developments closely, as security is a key factor in the volatile world of cryptocurrencies.