Bybit Unveils 2025 Security Milestone: Intercepts $300M in Impersonalization, Scams and Frauds via New AI-Driven Risk Framework

TheNewsCryptoPublished on 2026-02-27Last updated on 2026-02-27

Abstract

Bybit, the world's second-largest crypto exchange, has unveiled its 2025 security achievements, highlighting the interception of $300 million in fraudulent withdrawals through its new AI-driven risk framework. The system employs a three-tier defense strategy: early warnings for low-risk patterns, real-time alerts for medium-risk withdrawals, and immediate blocking with a cooling-off period for high-risk transactions. In Q4 2025, these measures protected over 4,000 users and recovered $300 million out of $500 million in flagged withdrawals. The platform also thwarted 3 million credential stuffing attacks and identified 950 high-risk addresses. Bybit emphasizes industry collaboration, integrating intelligence from partners like TRM and Chainalysis to enhance ecosystem-wide security.

Dubai, UAE, February 27th, 2026, Chainwire

Bybit, the world’s second-largest cryptocurrency exchange by trading volume, today revealed the comprehensive results of its 2025 Security Initiative. Bybit has implemented an industry-leading, multi-layered defense architecture that has successfully protected thousands of users and set a new benchmark for proactive security in the digital asset space. In 2025, $17 billion in cryptocurrency was lost to scams and frauds, according to a report by Chainalysis.

Redefining Industry Standards: The Triple-Tier withdrawal Fraudulent Defense Framework

To move beyond reacting to scams after the damage is done, Bybit has pioneered a Dynamic Risk-Based protection system that steps in before money is lost. The system divides potential scam situations into three levels of risk. Each level has a different response – designed to protect the withdrawal process of users while keeping the platform smooth for normal trading activity.

Tier 1: Early Warning (Low Risk): Utilizing big-data heuristics to identify unusual patterns—such as mass withdrawals to a singular new address—Bybit deploys automated surveys. These insights allow the Risk Operations team to preemptively blacklist dangerous destinations.

Tier 2: Real-time Alert (Medium Risk): For accounts flagged via credential stuffing databases(cross-referencing leaked data from the external web) or suspicious withdrawal addresses, Bybit triggers real-time alerts during withdrawal. The alert encourages users to pause and review the withdrawal, a step aimed at countering social engineering tactics that rely on urgency or emotional pressure.

Tier 3: Immediate Blocking and Cooling-off (High Risk): For wallet addresses linked to confirmed scams, including so-called “pig butchering” investment schemes, Bybit implements Real-time Withdrawal Blocking paired with a mandatory One-Hour Cooling-Off Period, providing a vital window for users to regain composure and verify the transaction.

2025 Impact & Key Metrics: By the Numbers

The effectiveness of these measures implemented in Q4 2025 has yielded unprecedented results for user safety:

  • Scam Recovery & Prevention in Q4: Out of $500 million in flagged withdrawals, Bybit successfully intercepted and recovered $300 million, protecting the life savings of over 4,000 users.
  • AI-Driven Detection in Q4: Bybit’s proprietary AI algorithms identified 350 high-risk investment fraud addresses via on-chain data, shielding 8,000 users from potential withdrawal losses.
  • Infrastructure Resilience in 2025: The platform successfully thwarted over 3 million credential stuffing (account takeover) attempts by hackers.
  • On-Chain Vigilance in Q4: The system auto-labeled 350 addresses and manually tagged 600 addresses through ticket operations, saving $1 million in imminent fraud losses.

A Collaborative Fortress: Industry & Government Synergy

Bybit believes that security is not a competitive advantage but a collective responsibility. Our 2025 strategy focused heavily on External Intelligence Integration:

“Our mission in 2025 was to transform risk control from a ‘silent shield’ into an active, intelligent guardian,” said David Zong, Head of Group Risk Control at Bybit. “By integrating AI-driven on-chain monitoring with real-time intelligence from industry partners like TRM , Elliptic and Chainalysis, we not only just protect Bybit users, but also help map the DNA of fraudulent networks. We are sharing these standardized monitoring clues across the ecosystem because a safer industry for one is a safer industry for all.”

#Bybit / #TheCryptoArk

About Bybit

Bybit is the world’s second-largest cryptocurrency exchange by trading volume, serving a global community of over 80 million users. Founded in 2018, Bybit is redefining openness in the decentralized world by creating a simpler, open and equal ecosystem for everyone. With a strong focus on Web3, Bybit partners strategically with leading blockchain protocols to provide robust infrastructure and drive on-chain innovation. Renowned for its secure custody, diverse marketplaces, intuitive user experience, and advanced blockchain tools, Bybit bridges the gap between TradFi and DeFi, empowering builders, creators, and enthusiasts to unlock the full potential of Web3. Discover the future of decentralized finance at Bybit.com.

For more details about Bybit, please visit Bybit Press

For media inquiries, please contact: [email protected]

For updates, please follow: Bybit’s Communities and Social Media

Contact

Head of PR
Tony Au
Bybit
[email protected]

Related Questions

QWhat is the total amount of cryptocurrency that was intercepted and recovered by Bybit in Q4 2025 through its security measures?

A$300 million

QHow many users did Bybit's proprietary AI algorithms shield from potential withdrawal losses by identifying high-risk investment fraud addresses in Q4 2025?

A8,000 users

QWhat are the three risk levels in Bybit's Dynamic Risk-Based protection system, and what is the primary action taken at the highest risk level (Tier 3)?

AThe three levels are Tier 1: Early Warning (Low Risk), Tier 2: Real-time Alert (Medium Risk), and Tier 3: Immediate Blocking and Cooling-off (High Risk). At Tier 3, the primary action is Real-time Withdrawal Blocking paired with a mandatory One-Hour Cooling-Off Period.

QAccording to the article, how many credential stuffing (account takeover) attempts did Bybit successfully thwart in 2025?

AOver 3 million attempts

QWhich industry partners did Bybit integrate with for real-time intelligence as part of its External Intelligence Integration strategy in 2025?

ATRM, Elliptic, and Chainalysis

Related Reads

US Military Is Running A Bitcoin Node, Four-Star Admiral Reveals

US military is operating a Bitcoin node for cybersecurity experiments and network monitoring, not for financial purposes, according to Admiral Samuel Paparo, commander of US Indo-Pacific Command. During a House Armed Services Committee hearing, Paparo emphasized Bitcoin's value as a computer science tool for power projection and securing networks. He highlighted the protocol's combination of proof-of-work, blockchain, and cryptography as having direct national security implications. The military's interest lies in Bitcoin's technological applications rather than its economic aspects, viewing it as a strategic protocol for cybersecurity and digital property protection.

bitcoinist55m ago

US Military Is Running A Bitcoin Node, Four-Star Admiral Reveals

bitcoinist55m ago

Silicon Valley Godfather Naval Takes the Helm, AngelList Packs Pre-IPO Growth Companies into USVC Fund

This article discusses the USVC Venture Capital Access Fund (USVC), a new investment vehicle co-founded by prominent Silicon Valley investor Naval Ravikant through AngelList. The fund's core mission is to provide retail investors access to high-growth, pre-IPO companies—a segment of the market traditionally reserved for venture capitalists and accredited investors. USVC invests in a portfolio of late-stage private companies, including notable names like xAI, Anthropic, and OpenAI. Its key selling point is allowing ordinary investors to gain exposure to the significant value creation that occurs before a company goes public, as the average age of companies at IPO has increased from 6 years in 1980 to 13 years today. However, the article highlights several important constraints: investors buy fund shares, not direct stock; the fund carries a net annual fee of 2.5%; it offers limited liquidity through quarterly share repurchases; and investments are long-term with no fixed end date. The fund has also garnered attention in the Web3 community due to Naval’s and AngelList’s history of supporting crypto and blockchain projects, positioning USVC at the intersection of traditional venture capital and emerging digital asset investment trends.

marsbit1h ago

Silicon Valley Godfather Naval Takes the Helm, AngelList Packs Pre-IPO Growth Companies into USVC Fund

marsbit1h ago

Aave Is Surrendering the Throne of DeFi Lending Due to Its Own Stupidity

An article titled "Aave Is Giving Up Its Throne in DeFi Lending Due to Its Own Foolishness" discusses how Aave mishandled a crisis following a $292 million hack of rsETH from Kelp DAO, leading to significant outflows and reputational damage. After the hack, Aave failed to promptly reassure users or commit to covering potential bad debt—estimated between $123.7 million and $230.1 million—despite having sufficient reserves. This hesitation triggered panic, resulting in $17.2 billion in outflows and liquidity crises across multiple pools. The author argues that Aave’s poor crisis management and reluctance to act quickly exacerbated the situation, damaging its reputation as the "safest DeFi" platform. Meanwhile, competitor Spark, a fork of Aave V3, capitalized on the situation by attracting fleeing funds, growing its TVL by nearly $2 billion. Spark had previously delisted rsETH, avoiding any exposure to the hack. Its proactive communication and strategic positioning contrast sharply with Aave’s delayed response. Although Aave’s founder later announced a relief plan (DeFi United) with multiple partners and a personal donation, the damage to user trust and liquidity may be lasting. The article concludes that Aave’s missteps have allowed competitors like Spark, Morpho, and Jupiter Lend to challenge its dominant position in DeFi lending.

marsbit1h ago

Aave Is Surrendering the Throne of DeFi Lending Due to Its Own Stupidity

marsbit1h ago

Aave Is Surrendering the Throne of DeFi Lending Due to Its Own Stupidity

Aave, a leading DeFi lending protocol, is facing a severe crisis and losing its dominant market position due to its poor handling of a recent security incident. The crisis began when Kelp DAO suffered a hack resulting in a loss of $292 million in rsETH. In the aftermath, approximately $17.2 billion in funds flowed out of Aave as user panic escalated. The article criticizes Aave's crisis management as "extremely foolish." Instead of promptly offering reassurance or committing to cover the potential bad debt—estimated between $123.7 million and $230.1 million, which Aave could have afforded—the protocol initially deflected blame, emphasizing that its code was not at fault. This delay and lack of a clear guarantee led to widespread user anxiety, triggering a bank run-like scenario where users withdrew funds or borrowed aggressively from other pools, causing liquidity shortages. Meanwhile, Aave’s competitor Spark—a fork of Aave’s own code—has benefited significantly. Having removed support for rsETH months earlier, Spark avoided any losses from the incident and has since seen its TVL grow by nearly $2 billion, attracting major deposits such as over $1.24 billion from Justin Sun. Spark has actively capitalized on the situation, publicly criticizing Aave’s security reputation. Although Aave’s founder Stani eventually announced a relief plan named "DeFi United" with several partners and a personal donation, the damage to user trust and capital outflows may be irreversible. The article concludes that Aave is losing its throne in DeFi lending to aggressive competitors like Spark, Morpho, and Jupiter Lend.

Odaily星球日报1h ago

Aave Is Surrendering the Throne of DeFi Lending Due to Its Own Stupidity

Odaily星球日报1h ago

Bitcoin Created An Imperfection And The Price Will Crash Lower To Fill It

Bitcoin's recent rally to over $79,000 created a price imbalance, or "imperfection," that analysts argue is likely to be filled. According to crypto analyst Minga, a head-and-shoulders pattern is forming on the 4-hour chart, with a rejection zone between $76,800 and $77,400. If completed, this bearish pattern could lead to a breakdown, targeting support near $70,450. Key levels to watch are the monthly high of $76,053; a break below it would confirm the downtrend, while a push above $78,332 could invalidate the bearish outlook and target the fair value gap above $79,000. Bitcoin is currently trading near the upper rejection zone at around $77,640.

bitcoinist1h ago

Bitcoin Created An Imperfection And The Price Will Crash Lower To Fill It

bitcoinist1h ago

Trading

Spot
Futures

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of AI (AI) are presented below.

活动图片

Top Questions