Bybit said on Wednesday that its Group Risk Control team detected and blocked a coordinated wave of fake deposit attacks across multiple blockchain networks, stopping what it described as more than 1 billion DOT in potential losses before any funds were incorrectly credited. The exchange said the attacks were neutralized in real time, with no users affected and no assets mistakenly added to accounts.
The announcement adds another security flashpoint to an industry that has spent years trying to stay ahead of increasingly creative attack methods. According to Bybit, the incidents were built around techniques meant to fool exchange deposit scanners into treating nonexistent or unconfirmed transfers as real deposits. In practice, that means attackers tried to make transactions look legitimate at the system level even when no actual net balance increase had occurred.
Bybit said some of the attempts relied on batch transaction structures, where multiple transfers are bundled into one operation. In one case described by the company, a large transfer was set up to fail while smaller transfers inside the same batch succeeded. That kind of structure could create confusion for systems that look only at the overall transaction status rather than checking each piece separately. Bybit also said other attackers used multi-step transaction flows combined with ownership changes to simulate incoming funds without producing a real balance increase.
Bybit Boosts Security
The exchange said its deposit monitoring framework is designed to catch exactly these kinds of edge cases. It described a layered validation process that scans full on-chain data, filters transactions against deposit addresses and related account structures, and then validates each transaction down to its atomic components. Bybit said that the approach includes inner transaction verification, batch decomposition, transfer method recognition, ownership-aware tracking for account-based chains such as Solana, and balance-based validation to confirm that real asset movement has actually taken place.
The company also said suspicious activity is scored for severity based on structure, complexity, and possible financial impact, with real-time alerts triggering internal review. David Zong, Bybit’s head of Group Risk Control and Security, said their deposit monitoring system is built to validate transactions at every level of execution.
He added, “Whether attackers use batch calls, relayed transactions, multi-instruction flows, or ownership manipulation, our system decomposes every transaction to its atomic operations and validates each one independently. This ensures that only genuine asset movements are recognized.”
Fake deposit attacks are not a new problem for crypto exchanges, but Bybit framed these incidents as a newer version of an older threat. In its release, the company pointed to the Mt. Gox transaction malleability exploit and a Silk Road deposit bug as historic examples of how attackers can manipulate transaction handling to gain an advantage. What makes the latest attacks notable, Bybit said, is that they are adapted to modern blockchain architectures and the more complex transaction models used by today’s networks.
The timing is also meaningful for Bybit itself. The exchange is the world’s second-largest crypto exchange by trading volume and serves more than 80 million users globally. Founded in 2018, Bybit has positioned itself as a major player in both centralized trading and broader Web3 infrastructure, making security performance especially important for its reputation and user trust.
For Bybit, the bigger message is not just that it stopped one attack campaign, but that exchange security now has to account for increasingly subtle on-chain manipulation. As transaction logic grows more complex across different blockchains, simple checks are no longer enough. Bybit’s claim is that its system is built to go deeper than surface-level transaction status and verify whether real funds actually moved. If that holds up under pressure, it could matter well beyond this single incident.
The company said it will continue strengthening its risk control stack through transaction analysis, balance validation, and ownership-aware tracking as attackers keep refining their tactics. For now, Bybit says the attempted fake deposits were stopped before they turned into losses, a result that could prove important at a time when exchange security remains one of the crypto industry’s most closely watched issues.