Beyond recoveries, Bybit blocked 3 million credential-stuffing attempts tied to account takeover schemes in 2025.
Bybit has reported recovering $300 million for thousands of users at a time when crypto-related fraud remains high across the industry.
The exchange attributed these efforts to an AI-powered fraud detection system that intervenes before people lose their funds.
Security Initiative Results
Bybit shared the results of its 2025 Security Initiative, stating on social media,
“We raised the standard in 2025, intercepting $300M in impersonation scams and fraud through our new AI-driven risk framework.”
The announcement comes as crypto fraud continues to weigh on the sector, with Chainalysis data showing that $17 billion in digital assets was drained in scam and fraud cases in 2025.
The report reveals that in the fourth quarter alone, the exchange flagged $500 million in withdrawals for review. Of that amount, $300 million was successfully intercepted and recovered, protecting the savings of more than 4,000 users.
During the same period, Bybit’s proprietary AI models identified 350 high-risk investment fraud addresses using on-chain data, shielding 8,000 people from potential withdrawal losses. The company also reported blocking over 3 million credential-stuffing attempts linked to account-takeover efforts in 2025.
Additionally, its system automatically labeled 350 suspicious addresses, and it manually tagged 600 more via internal ticket operations, preventing a further $1 million in imminent fraud losses.
You may also like:
David Zong, Head of Group Risk Control at Bybit, said in a statement that the firm’s goal in 2025 was to transform risk control into an active and intelligent guardian by integrating AI and on-chain monitoring.
“By integrating AI-driven on-chain monitoring with real-time intelligence from industry partners like TRM, Elliptic and Chainalysis, we not only just protect Bybit users but also help map the DNA of fraudulent networks,” he wrote.
Three-Tier Risk Framework
Bybit’s protection model structures potential scam scenarios into three escalating tiers while preserving normal trading activity. At the lowest risk level, the platform uses big data analysis to detect unusual activity, such as mass withdrawals to newly created addresses, and deploys automated surveys to support its Risk Operations team in blacklisting suspicious destinations.
Real-time alerts trigger during the withdrawal process for medium-risk cases, such as accounts flagged through credential stuffing databases or linked to questionable withdrawal addresses. This, in turn, prompts individuals to review transactions that may be influenced by social engineering tactics.
At the highest level, wallet addresses associated with confirmed scams face immediate withdrawal blocking and a mandatory one-hour cooling-off period.
The report concluded by outlining standardized monitoring indicators for wider industry use, including an anti-credential stuffing engine, real-time on-chain AI pattern recognition for pig butchering flows, an integrated intelligence hub combining tools from TRM Labs, Elliptic, and Chainalysis, and an end-to-end cross-chain tracing model for illicit fund tracking.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Source link
