Key Highlights:
- SlowMist CISO flags two major risks in Bitget Wallet through a post on social media platform X.
- The findings highlight how certain default settings and optional safeguards make traders vulnerable.
- The CISO advises stronger built-in protections.
SlowMist’s CISO pointed out today, February 27, 2026, on social media platform X that there are two major problems in Bitget Wallet that could put everyday crypto users at risk. While the issues may sound technical, the impact is simple and the users may lose money without even realizing the danger.
🧐用慢雾AI过了下,两个问题:
1.Swap默认Deadline过长
默认 600秒 (10分钟) 执行窗口?
这期间币价可能剧烈波动
建议: 波动市场改用 60-120秒2.安全审计非强制
文档建议先运行 security 命令
但未强制执行
用户可能跳过直接交易
风险: 可能买到蜜罐代币 (honeypot)@Bitget_zh 可以修一下 https://t.co/H22PTLUB2M— 23pds (山哥) (@im23pds) February 27, 2026
According to the post, the first issue is something called a “swap deadline.” When the user swap one cryptocurrency for another, the wallet gives the transaction a time limit. In Bitget Wallet, this is set to 10 minutes by default.
To be honest, it does not seem like a big deal at the moment but as we know, price of the crypto tokens fluctuate rapidly and they can jump and crash abruptly. If the user is waiting for 10 minutes, the price of the token vary greatly and the user may end up buying at a price that they did not expect.
What’s worse is that this long window gives attackers an opportunity. The bots can quickly detect the trade of the user and can manipulate the price before the user’s transaction completes. This is known as front-running or sandwich attacks. It’s like someone cutting in line and changing the price right before the user’s turn.
Popular platforms like Uniswap and 1inch avoid this by keeping deadlines much shorter, usually around 1 to 2 minutes. This reduces the chances of price manipulation.
SlowMist: Security Should Not be Optional
However, the second issue is more serious than the first one. Here, the security checks are optional, which was pointed out by SlowMist. Bitget Wallet offers a tool to scan tokens before the user can buy them. This scan can detect risky or malicious tokens. But here’s the problem, it’s not mandatory. Users can skip it and trade anyway.
SlowMist suggested that this is something that opens the door to scams like “honeypots.” These are fake tokens that let the user buy them easily, but when they try to sell, the user cannot. In this way, the user’s money gets stuck. These scams are more common than people think. According to Chainalysis, users lost more than $500 million in 2025 alone due to such traps.
As these scans are not enforced, many of the users, specially beginners, may not even know about the risk of their action. This is why SlowMist is calling them out and emphasizing stronger safety measures. For example, the wallet could force users to run a scan before trading or at least show a clear warning. Even a simple checkbox could prevent a lot of losses.
Bitget Wallet is part of the larger Bitget ecosystem, which serves millions of users globally. The platform promotes itself as secure, but gaps like these show that there’s still room for improvement.
Also Read: MetaMask Users Face Fake “2FA Verification” Scams Risk