Crypto scams aren’t slowing down. According to Chainalysis, roughly $17 billion in crypto was lost to scams and fraud in 2025 alone. Against that backdrop, Bybit says it shifted its entire security strategy from reactive damage control to proactive interception — and the numbers are substantial.
—
In Q4 2025, Bybit flagged $500 million in suspicious withdrawals and successfully intercepted or recovered $300 million, protecting more than 4,000 users from potential losses.
Loading tweet...
View Tweet
From “After-the-Fact” to Preemptive Defense
Bybit introduced what it calls a Dynamic Risk-Based Protection System, structured as a three-tier withdrawal defense framework designed to intervene before funds leave the platform.
Rather than freezing everything indiscriminately, the system calibrates response based on risk intensity.
Tier 1: Early Warning
Low-risk anomalies — like clusters of withdrawals to newly created addresses — trigger automated surveys and behavioral checks. Big-data heuristics help identify emerging scam patterns, and high-risk destinations can be preemptively blacklisted.
Tier 2: Real-Time Alert
If an account is flagged via credential stuffing databases or linked to suspicious withdrawal addresses, users receive a real-time warning at the point of withdrawal. The goal is simple: break the psychological urgency that social engineering scams rely on.
Tier 3: Immediate Block + Cooling-Off
For confirmed scam-linked addresses — including “pig butchering” schemes — withdrawals are blocked in real time. A mandatory one-hour cooling-off period gives users a window to reassess before funds move irreversibly.
That cooling-off protocol has become one of the exchange’s defining safeguards in 2025.
The 2025 Numbers
The Q4 data gives a clearer picture of scale:
$300M intercepted or recovered from flagged withdrawals
350 high-risk fraud addresses identified via AI-driven on-chain monitoring
8,000 users shielded from potential scam losses
3 million+ credential stuffing attacks blocked
950+ suspicious addresses labeled (automated + manual)
$4.32M in frozen assets secured for 335 fraud victims
The system also integrates cross-chain tracing across bridges and mixers — an increasingly necessary capability as illicit flows fragment across multiple networks.
AI + Shared Intelligence
Bybit’s risk engine isn’t operating in isolation. The platform integrates real-time intelligence feeds from TRM Labs, Elliptic, and Chainalysis, creating a standardized risk-identification layer for deposits and withdrawals.
David Zong, Head of Group Risk Control at Bybit, framed the 2025 shift as a strategic pivot:
“Our mission is to transform risk control from a silent shield into an active, intelligent guardian.”
The emphasis isn’t just platform security — it’s ecosystem visibility. Fraud mapping, address tagging, and intelligence sharing are becoming collaborative efforts rather than competitive secrets.
Why This Matters
As scams become more psychologically sophisticated — particularly long-form investment frauds — exchanges face pressure to intervene without undermining user autonomy. The challenge is balancing protection with usability.
Bybit’s framework reflects a broader industry trend: security is moving upstream. Instead of tracing funds after loss, platforms are increasingly focusing on behavioral signals, on-chain analytics, and interruption design.
