Bybit Detects and Blocks Coordinated Fake Deposit Attacks, Preventing Over $1 Billion DOT in Potential Losses

DUBAI, UAE, April 8, 2026 /PRNewswire/ — Bybit, the world’s second-largest cryptocurrency exchange by trading volume, today announced that its Group Risk Control team detected and blocked a series of coordinated fake deposit attacks across multiple blockchain networks, preventing potential losses exceeding 1 billion DOT. All attempts were identified and neutralized in real time. No funds were incorrectly credited, and no users were affected.

Fake deposit attacks, which targeted multiple blockchain networks, employed increasingly sophisticated techniques designed to exploit vulnerabilities in deposit scanning systems. The attacks are designed to deceive exchange systems into crediting funds that were never actually received. These attacks exploit how transactions are processed and validated, allowing them to appear legitimate while failing or resulting in no actual balance change.

Incident Overview

Bybit validates transactions at every level of execution. Regardless of structure or technique, each transaction is broken down into its atomic components and verified independently, ensuring that only genuine deposits are credited.

In one of the incidents, attackers exploited batch transaction mechanisms to combine multiple transfers into a single operation. A large transfer was structured to fail while smaller transfers within the bath succeeded. Systems that rely solely on overall transaction status could misinterpret such activity as a valid deposit.

On the other hand, attackers used multi-step transactions combined with ownership changes to simulate the appearance of incoming funds despite no actual net balance increase. Systems that depend on transaction logs rather than actual balance validation may incorrectly identify these as legitimate deposits.

How Bybit Detects and Prevents Advanced Deposit Attacks

Bybit’s deposit monitoring system is built on a multi-layered validation framework designed to detect both known and emerging attack patterns. The system ensures that only verifiable asset movements are recognized as deposits.

Stage 1: Full On-Chain Visibility

Bybit continuously scans complete blockchain data across supported networks, enabling visibility into all transaction types—including complex, batched, and failed transactions.

Stage 2: Precision Filtering

Transactions are filtered against user deposit addresses and related account structures, ensuring that both direct and indirect interactions are captured accurately.

Stage 3: Multi-Layer Validation Engine

Each transaction is rigorously validated through:

• Inner transaction verification to confirm actual execution outcomes
• Batch decomposition to validate each operation independently
• Transfer method recognition across standard and non-standard formats
• Ownership-aware tracking, particularly for account-based models like Solana
• Balance-based validation to confirm real net asset movement

Stage 4: Anomaly Detection and Risk Scoring

Transactions that deviate from expected patterns are analyzed based on structure, complexity, and potential financial impact. The system assigns a severity level and triggers real-time alerts for immediate investigation.

“Our deposit monitoring system is designed to validate transactions at every level of execution,” said David Zong, Head of Group Risk Control and Security at Bybit . “Whether attackers use batch calls, relayed transactions, multi-instruction flows, or ownership manipulation, our system decomposes every transaction to its atomic operations and validates each one independently. This ensures that only genuine asset movements are recognized”

Fake deposit attacks are not new to the cryptocurrency industry. Notable incidents include the Mt. Gox transaction malleability exploit (2011–2014), which contributed to the loss of approximately 850,000 BTC, and the Silk Road deposit bug exploited in 2012, resulting in the theft of 51,680 Bitcoin. The attacks detected by Bybit represent a new generation of these exploits, adapted to the unique transaction models of modern blockchain networks.

Bybit continues to strengthen its risk control infrastructure through advanced transaction analysis, balance-based validation, and ownership-aware tracking – ensuring resilience against increasingly sophisticated attack vectors and safeguarding user assets at scale.

#Bybit / #CryptoArk / #IMakeIt 

About Bybit

Bybit is the world’s second-largest cryptocurrency exchange by trading volume, serving a global community of over 80 million users. Founded in 2018, Bybit is redefining openness in the decentralized world by creating a simpler, open and equal ecosystem for everyone. With a strong focus on Web3, Bybit partners strategically with leading blockchain protocols to provide robust infrastructure and drive on-chain innovation. Renowned for its secure custody, diverse marketplaces, intuitive user experience, and advanced blockchain tools, Bybit bridges the gap between TradFi and DeFi, empowering builders, creators, and enthusiasts to unlock the full potential of Web3. Discover the future of decentralized finance at Bybit.com.

For more details about Bybit, please visit Bybit Press
For media inquiries, please contact: media@bybit.com
For updates, please follow: Bybit’s Communities and Social Media

Discord | Facebook | Instagram | LinkedIn | Reddit | Telegram | TikTok | X | Youtube

Logo – https://mma.prnewswire.com/media/2932256/Bybit_TNFP_Logo.jpg

View original content:https://www.prnewswire.co.uk/news-releases/bybit-detects-and-blocks-coordinated-fake-deposit-attacks-preventing-over-1-billion-dot-in-potential-losses-302735764.html