Security researchers have identified significant vulnerabilities in the Bitget Wallet’s swap mechanism that could expose cryptocurrency users to financial loss if they remain unaddressed. The Chief Information Security Officer of blockchain security firm SlowMist highlighted two core risks within the swap functionality of the Bitget Wallet, cautioning traders that default settings and certain optional safeguards may not sufficiently protect them during token exchange operations. This assessment has drawn attention across the crypto community as decentralised wallet adoption grows. At the heart of SlowMist’s concerns is the “swap deadline” parameter in the wallet’s swap interface, which limits how long a transaction can remain open before it is cancelled. Bitget Wallet sets this deadline at 10 minutes by default, a window that SlowMist warns is long enough for volatile digital asset prices to move dramatically, potentially leaving users executing trades at prices far less favourable than anticipated. According to the CISO’s post on the social platform X, this design choice could lead to unexpected losses for traders not closely monitoring market movements during the swap process.
A second issue flagged by SlowMist relates to optional slippage settings and protective measures that are not enforced by default. Slippage controls determine the acceptable range of price deviation during swap execution; if set too loosely, users may find that transactions complete at prices outside their tolerance thresholds. Security specialists emphasise that without stronger built-in constraints, novice or less vigilant traders could inadvertently accept unfavourable rates. The warning underscores the delicate balance wallet developers must achieve between user flexibility and risk mitigation.
Bitget Wallet, a multi-chain crypto wallet that facilitates asset management, decentralised application access, and token swaps, has been widely adopted for its cross-chain capabilities and integrated tools. Features such as GetGas, which allows transactions without native tokens, and deep liquidity aggregation through multiple decentralised exchanges aim to enhance user experience. However, observers note that these conveniences must be matched with robust safeguards to maintain user confidence in an ecosystem where cyber threats remain pervasive.
The conversation around wallet security has intensified following a series of incidents in the broader ecosystem, where compromised wallet software and extensions have led to substantial losses. For instance, a browser extension version of a popular wallet was compromised via a suspected supply chain attack, with malicious code capturing mnemonic phrases and leading to losses exceeding USD 6 million for affected users. Users were urged to disable the extension and update to a patched version to mitigate further damage.
Highlighting these issues, analysts say the market is seeing a shift in threat actors’ tactics. Criminals increasingly target not only smart contracts and protocols but also software distribution channels and trusted components of the crypto infrastructure, such as browser extension stores and wallet update systems. The outcome is a more complex risk landscape that demands heightened vigilance from both developers and users.
Industry experts underscore that wallet providers must prioritise comprehensive code reviews and continuous security audits to prevent exploitable flaws. SlowMist and similar firms advise implementing stricter default protections, enhancing transparency around risk parameters like slippage and deadlines, and providing clearer guidance to users on configuring protective settings. These experts argue that as decentralised finance use cases expand, so too must the layers of defence against both technical and human error.
A spokesperson within the crypto security community noted that while advanced traders may appreciate granular control over swap settings, everyday users often lack the technical insight to adjust parameters optimally before executing transactions. This disparity, they argue, elevates the importance of wallets adopting conservative defaults to shield the most vulnerable participants in the market. Equally, practitioners stress educational initiatives to help users understand how to adjust settings safely when needed.
Topics
Cryptocurrency