In a recent post on social media platform X, the Chief Information Security Officer (CISO) of SlowMist raised alarms about two significant vulnerabilities within the Bitget Wallet that could potentially expose average cryptocurrency users to financial losses.
The first highlighted issue pertains to the “swap deadline” default setting. When users exchange one cryptocurrency for another, the transaction is typically given a time limit, or deadline, by the wallet. In Bitget Wallet, this deadline is set to 10 minutes, a duration that may seem generous but can lead to dire consequences due to the volatile nature of cryptocurrency prices. As digital currencies can fluctuate dramatically in such a time frame, users might find themselves executing trades at unforeseen prices. Moreover, this extended deadline can invite malicious actors to manipulate prices through tactics like front-running or sandwich attacks, where bots detect a user’s trade and adjust prices before the transaction completes. Well-known platforms like Uniswap and 1inch mitigate this risk by implementing much shorter deadlines, typically between 1 to 2 minutes.
The second concern raised by SlowMist is even more alarming. The wallet includes an optional safety feature that allows users to scan tokens for potential risks before purchasing. While this scan can identify harmful or fraudulent tokens, it is not mandatory, meaning users can bypass it entirely. This lack of enforcement places users—especially inexperienced traders—at risk of falling victim to scams, such as purchasing “honeypots.” These fraudulent tokens are deceptively easy to buy but prevent users from selling them, resulting in locked funds. The prevalence of such scams is underscored by a report from Chainalysis, which revealed that users lost over $500 million in 2025 alone due to this type of deception.
As these safety measures are not enforced, many users remain unaware of the risks involved, which can lead to significant financial losses. SlowMist’s CISO has urged Bitget to adopt stricter protections, recommending practices such as mandatory scans before trading or at least implementing a clear warning system. Even minor adjustments, such as introducing a simple checkbox confirming the scan completion, could substantially reduce the number of vulnerable users.
Bitget Wallet operates within the broader Bitget ecosystem, which caters to millions of users around the globe. Despite the platform’s claims of security, these highlighted vulnerabilities indicate that improvements are necessary to ensure user safety and trust.
