SlowMist Raises Public Alert After No Reply From HitBTC

SlowMist issued a public security alert after HitBTC failed to respond, raising concerns over exchange communication and user fund protection.

Blockchain security firm SlowMist has raised a public alert after failing to receive a response from HitBTC. Meanwhile, the company issued a warning of possible critical vulnerability of user funds. Consequently, the disclosure raised the issue of exchange security practices. Thus, the event soon gained a nationwide interest in the industry.

SlowMist Flags Vulnerability After Failed Private Outreach

SlowMist said it found a possible critical vulnerability in the platform at HitBTC. The firm however did not reveal the technical information to avoid exploitation. Rather, it was in line with responsible disclosure. Therefore, prior to any public announcement, SlowMist has privately approached HitBTC.

The company also posted the warning on X on Sunday, and gave a clear explanation of its action. SlowMist reported that the direct messages were delivered days ago. But there was no response on the part of the exchange. Consequently, the company took the issue to the media so as to be transparent.

Hacks and Security Incidents in 2025: A Year That Exposed Crypto’s Weakest Links | Live Bitcoin News

The responsible disclosure guidelines suggest the response within 2 working days. However, SlowMist indicated that HitBTC never heeded the warning. Consequently, the issue of urgency and standards of communication appeared. In the meantime, SlowMist encouraged HitBTC to organize further actions as soon as possible.

The company made it clear that initial involvement may minimise the possible user risk. In addition, SlowMist emphasized that disclosure to the public was the last option. The alert was, therefore, meant to safeguard the users and not to blame them. This practice is in line with normal cybersecurity.

SlowMist analysts observed that exchanges take long to respond to security reports. In their opinion, custodians of user funds are supposed to be quicker. But the recent cases are to the contrary. Thus, the incident at HitBTC is indicative of a larger problem in the industry.

Repeated Exchange Silence Raises Broader Industry Concerns

The case of HitBTC is at least the third such disclosure to be made by SlowMist in recent weeks. In December 2025, the company sounded warnings against Azbit and ICRYPEX Global. Both exchanges have been said to have failed to heed private warnings. This led to the IPO of SlowMist in such instances.

Azbit is a company registered in Seychelles with large volumes of trading per day. In the meantime, ICRYPEX Global is a global company that has an active user base in Turkey. Even though they are of this size, neither of the two exchanges recognized the outreach of SlowMist. As a result, there were concerns about internal security response procedures.

SlowMist claimed that it does not disclose vulnerability information because it does not want it to be abused. Rather, it is concerned with communication and mitigation. This approach not only safeguards the users but also gives the exchanges time to reply. Nevertheless, quietness makes it difficult to have concerted risk reduction efforts.

The last update is that HitBTC has not issued a statement. The exchange has failed to verify the investigation and mitigation measures. Hence, it is not clearly known whether the vulnerability is high or not. Participants of the market keep a close eye on the situation.

Observers in the industry claim that there is a need to have better disclosure structures. In addition, better response times would enhance trust. The threat is increasingly becoming sophisticated, and this makes teamwork important. Thus, the SlowMist alert can speed up the demand for higher accountability in exchange.

Altogether, the event demonstrates that there are still gaps in the coordination of exchange-security. Moreover, it emphasizes the role of fast communication. Due to the fact that the user funds are still at risk, the expectations of the custodians are still increasing. As a result, the scenario can affect the security standards of crypto markets in the future.