In addition to the recovery, Bybit also blocked 3 million credential stuffing attempts related to account takeover schemes in 2025.
Bybit reports that it has recovered $300 million from thousands of users as cryptocurrency-related fraud remains prevalent across the industry.
The exchange credits these efforts to its AI-powered fraud detection system, which intervenes before people lose their funds.
Results of security initiatives
Bybit shared the results of its 2025 Security Initiative, saying on social media:
“We raised the bar in 2025, stopping $300 million in identity fraud and fraud through our new AI-driven risk framework.”
The announcement comes as cryptocurrency fraud continues to weigh on the industry, with data from Chaina Analysis showing that $17 billion in digital assets were lost in scams and scams in 2025.
The report reveals that in the fourth quarter alone, the exchange reported $500 million in withdrawals for review. Of this amount, $300 million was successfully intercepted and recovered, protecting the savings of over 4,000 users.
During the same period, Bybit’s proprietary AI model used on-chain data to identify 350 high-risk investment fraud addresses and protect 8,000 people from potential withdrawal losses. The company also reported blocking more than 3 million compromised credentials related to account takeovers in 2025.
In addition, the company’s systems automatically labeled 350 suspicious addresses and manually tagged another 600 through internal ticket operations, preventing an additional $1 million in losses due to impending fraud.
You may also like:
David Zong, Bybit’s head of group risk control, said in a statement that the company’s goal in 2025 is to transform risk controls into active and intelligent guardians by integrating AI and on-chain monitoring.
“By integrating AI-driven on-chain monitoring and real-time intelligence from industry partners such as TRM, Elliptic, and Chaineries, we not only protect Bybit users, but also help map the DNA of fraudulent networks,” he wrote.
Three-tier risk framework
Bybit’s protection model structures potential fraud scenarios into three stages while maintaining normal trading activity. At the lowest risk level, the platform uses big data analytics to detect anomalous activity, such as mass withdrawals to newly created addresses, and deploys automated investigations to help risk operations teams blacklist suspicious destinations.
Real-time alerts are triggered during the withdrawal process for medium-risk cases, such as accounts flagged through the credential stuffing database or linked to suspicious withdrawal addresses. This leads individuals to consider transactions that may be subject to social engineering tactics.
At the highest level, wallet addresses associated with confirmed fraud will be immediately blocked from withdrawals and a one-hour cooling-off period will be enforced.
The report concluded with an overview of standardized monitoring metrics that can be used across a wide range of industries, including an anti-credential stuffing engine, real-time on-chain AI pattern recognition for pig slaughter flows, a unified intelligence hub combining tools from TRM Labs, Elliptic, and Chaineries, and an end-to-end cross-chain tracking model for tracking illicit funds.
Binance Free $600 (CryptoPotato Exclusive): Receive an exclusive welcome offer of $600 on Binance when you register a new account using this link (more details).
Exclusive offer for Bybit’s CryptoPotato readers: Use this link to register and open a $500 free position on any coin!
