Bybit Says It Blocked $300M in Scam Withdrawals in 2025 — Here’s How

Crypto scams aren’t slowing down. According to Chainalysis, roughly $17 billion in crypto was lost to scams and fraud in 2025 alone. Against that backdrop, Bybit says it shifted its entire security strategy from reactive damage control to proactive interception — and the numbers are substantial.

—

In Q4 2025, Bybit flagged $500 million in suspicious withdrawals and successfully intercepted or recovered $300 million, protecting more than 4,000 users from potential losses.

Loading tweet...

View Tweet

From “After-the-Fact” to Preemptive Defense

Bybit introduced what it calls a Dynamic Risk-Based Protection System, structured as a three-tier withdrawal defense framework designed to intervene before funds leave the platform.

Rather than freezing everything indiscriminately, the system calibrates response based on risk intensity.

Tier 1: Early Warning

Low-risk anomalies — like clusters of withdrawals to newly created addresses — trigger automated surveys and behavioral checks. Big-data heuristics help identify emerging scam patterns, and high-risk destinations can be preemptively blacklisted.

Tier 2: Real-Time Alert

If an account is flagged via credential stuffing databases or linked to suspicious withdrawal addresses, users receive a real-time warning at the point of withdrawal. The goal is simple: break the psychological urgency that social engineering scams rely on.

Tier 3: Immediate Block + Cooling-Off

For confirmed scam-linked addresses — including “pig butchering” schemes — withdrawals are blocked in real time. A mandatory one-hour cooling-off period gives users a window to reassess before funds move irreversibly.

That cooling-off protocol has become one of the exchange’s defining safeguards in 2025.

The 2025 Numbers

The Q4 data gives a clearer picture of scale:

• $300M intercepted or recovered from flagged withdrawals

• 350 high-risk fraud addresses identified via AI-driven on-chain monitoring

• 8,000 users shielded from potential scam losses

• 3 million+ credential stuffing attacks blocked

• 950+ suspicious addresses labeled (automated + manual)

• $4.32M in frozen assets secured for 335 fraud victims

The system also integrates cross-chain tracing across bridges and mixers — an increasingly necessary capability as illicit flows fragment across multiple networks.

AI + Shared Intelligence

Bybit’s risk engine isn’t operating in isolation. The platform integrates real-time intelligence feeds from TRM Labs, Elliptic, and Chainalysis, creating a standardized risk-identification layer for deposits and withdrawals.

David Zong, Head of Group Risk Control at Bybit, framed the 2025 shift as a strategic pivot:

“Our mission is to transform risk control from a silent shield into an active, intelligent guardian.”

The emphasis isn’t just platform security — it’s ecosystem visibility. Fraud mapping, address tagging, and intelligence sharing are becoming collaborative efforts rather than competitive secrets.

Why This Matters

As scams become more psychologically sophisticated — particularly long-form investment frauds — exchanges face pressure to intervene without undermining user autonomy. The challenge is balancing protection with usability.

Bybit’s framework reflects a broader industry trend: security is moving upstream. Instead of tracing funds after loss, platforms are increasingly focusing on behavioral signals, on-chain analytics, and interruption design.