Bybit successfully detected and blocked a series of coordinated fake deposit attacks across multiple blockchain networks, preventing potential losses exceeding 1 billion DOT roughly $1.2–1.3 billion at recent prices.
This incident was announced by Bybit, the exchange’s Group Risk Control team identified the attempts in real time, neutralized them, and ensured no fake funds were credited to any accounts. No users were affected, and Bybit’s systems did not lose any actual assets.
Fake deposit attacks; sometimes called deposit spoofing or fake confirmation exploits involve sophisticated tricks to make an exchange’s deposit monitoring system believe that funds have arrived on-chain when they actually haven’t—or when the net transfer fails.
Common techniques include: Batch transaction manipulation: Structuring transfers so a large one fails while smaller components appear successful, potentially fooling scanners into crediting the full amount. Multi-step or complex flows: Using layered transactions across networks that mimic legitimate deposits but result in no real net asset movement to the exchange’s wallet.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Attackers aim to trick the exchange into crediting fake balances, which they could then withdraw or trade before the error is caught. These are a known risk in crypto exchanges because deposit processing relies on scanning blockchains for incoming transactions. Bybit described the attacks as targeting vulnerabilities in deposit scanning systems with increasingly advanced methods, but its multi-layered validation framework caught them before any damage occurred.
Preventing over 1 billion DOT in fake credits is a significant win for Bybit, especially as one of the world’s largest crypto exchanges by trading volume. It highlights the real financial and operational risks these attacks pose. Importantly, customer funds remained safe, and the incident didn’t involve any actual theft or compromise of user accounts.
This comes after Bybit’s much larger $1.4 billion cold wallet hack in early 2025; a separate phishing and social engineering incident involving a manipulated multisig transaction. This recent event shows Bybit’s risk controls performing well on the deposit side, even if past incidents exposed other weaknesses. The attacks were neutralized in real time before any fake funds were credited to accounts.
This prevented a potential balance-sheet hit exceeding 1 billion DOT roughly $1.2–1.3 billion depending on the exact DOT price at the time, with reports citing around $1.23 billion. Bybit’s multi-layered risk controls including full on-chain visibility, balance-based validation, inner transaction checks, and real-time anomaly detection proved effective. No downtime, no incorrect crediting, and systems continued operating normally.
This incident is being presented as a security win, demonstrating improved defenses on the deposit side—especially notable after Bybit’s much larger $1.4–1.5 billion cold wallet hack in February 2025; a separate incident involving multisig manipulation. It helps rebuild confidence in Bybit’s risk management capabilities. No user accounts received fake credits, no funds were lost or frozen, and no withdrawals or trading were disrupted. Bybit explicitly stated that no users were affected.
Customers do not need to take any action. Standard security best practices; strong 2FA, withdrawal whitelists, etc. remain recommended as always. If successful, the fake deposits could have allowed attackers to withdraw or trade non-existent funds, potentially triggering a large sell-off of DOT or other assets once the error was discovered. This might have caused temporary price volatility or liquidity issues for DOT.
By blocking it, Bybit avoided contributing to such a liquidity event. Fake deposit attacks remain a threat to exchanges relying on blockchain scanners. This case underscores the importance of advanced validation beyond simple transaction confirmations. It serves as a reminder that even top-tier exchanges face sophisticated, coordinated attempts. It may encourage other platforms to review and strengthen their deposit monitoring systems.
The impacts are overwhelmingly positive for Bybit and its users due to the successful prevention—no financial damage, no user harm, and a demonstrated security capability. The main impact is the avoided catastrophe rather than any realized negative effects. This is a positive example of proactive defense in the crypto space, where exchanges constantly face evolving threats. If you’re a Bybit user, no action is needed, but it’s always smart to use strong security practices like 2FA.