Bybit detects and blocks coordinated fake deposit attacks, preventing over $1B DOT in potential losses

Bybit’s Group Risk Control team has detected and blocked coordinated fake deposit attacks across multiple blockchain networks, preventing losses of over $1B in DOT. All attempts were identified and neutralized in real time; hence, no funds were incorrectly credited, and no users were affected.

According to the GRC team, the fake deposit attacks targeting multiple blockchain networks employed sophisticated techniques to exploit vulnerabilities in deposit scanning systems. The attacks are designed to deceive exchange systems into crediting funds that were never actually received. 

These attacks also exploited how transactions are processed and validated. They allowed the transactions to appear legitimate while failing or resulting in no actual balance change. 

However, David Zong, the head of Group Risk Control and Security at Bybit, confirmed that Bybit validates transactions at every level of execution regardless of structure or technique. Each transaction is broken down into its atomic components and verified independently, ensuring that only genuine deposits are credited.

Zong explains Bybit’s deposit monitoring system 

According to Zong, Bybit’s deposit monitoring system validates transactions, whether attackers use batch calls, relayed transactions, multi-instruction flows, or ownership manipulation. The system ensures that only genuine asset movements are recognized.

In one incident, attackers exploited batch transaction mechanisms to combine multiple transfers into a single operation. A large transfer was structured to fail while smaller transfers within the bath succeeded. Systems that rely solely on overall transaction status could misinterpret such activity as a valid deposit.

On the other hand, attackers used multi-step transactions combined with ownership changes to simulate the appearance of incoming funds, even though there was no actual net balance increase. Systems that depend on transaction logs rather than actual balance validation may incorrectly identify these as legitimate deposits.

Bybit’s deposit monitoring system is built on a multi-layered validation framework designed to detect both known and emerging attack patterns. The system ensures that only verifiable asset movements are recognized as deposits.

Bybit continues to strengthen its risk control infrastructure

The GRC team emphasizes that Bybit has continued to strengthen its risk control infrastructure through advanced transaction analysis, balanced validation, and ownership-aware tracking. The exchange ensures resilience against sophisticated attack vectors and safeguards user assets at scale.

Bybit continuously scans complete blockchain data across supported networks, enabling visibility into all transaction types—including complex, batched, and failed transactions. The transactions are filtered against user deposit addresses and related account structures, ensuring that both direct and indirect interactions are captured accurately.

Meanwhile, transactions that deviate from expected patterns are analyzed based on structure, complexity, and potential financial impact. The system assigns a severity level and triggers real-time alerts for immediate investigation.

On the other hand, the GRC team further notes that fake deposit attacks are not new to the crypto industry. Notable incidents include the Mt. Gox transaction malleability exploit (2011–2014), which contributed to the loss of approximately 850,000 BTC. The Silk Road deposit bug exploited in 2012 also resulted in the theft of 51,680 Bitcoin. The attacks detected by Bybit represent a new generation of these exploits, adapted to the unique transaction models of modern blockchain networks.