Bybit has revealed that its new AI powered risk framework helped intercept and recover $300 million in fraudulent crypto withdrawals during the fourth quarter of 2025.
Key Takeaways
- Bybit intercepted $300 million out of $500 million in flagged withdrawals in Q4 2025.
- The exchange introduced a three tier Dynamic Risk Based protection system to stop scams before funds leave the platform.
- More than 3 million credential stuffing attacks were blocked in 2025.
- Crypto scams caused $17 billion in losses in 2025, according to Chainalysis.
What Happened?
Dubai based crypto exchange Bybit, the world’s second largest cryptocurrency exchange by trading volume, released the results of its 2025 Security Initiative. The company said it successfully intercepted $300 million linked to scams and fraudulent activity in the fourth quarter alone.
The announcement comes at a time when crypto related fraud continues to surge globally. According to a report by Chainalysis, $17 billion in cryptocurrency was lost to scams and fraud in 2025.
🚨 BYBIT BLOCKS $300M IN CRYPTO SCAMS
— Brics Signal Hub (@Bricssignalhub) February 27, 2026
Bybit says it prevented $300 million in impersonation attacks and fraudulent withdrawals in Q4 2025 alone.
Meanwhile, Chainalysis estimates $17 BILLION was lost to crypto fraud globally in 2025 — highlighting the scale of the battle between… pic.twitter.com/1sLl7U7tfB
A Three Tier Defense Built to Stop Fraud Before It Happens
At the center of Bybit’s new strategy is a Dynamic Risk Based protection system designed to act before users lose funds. Instead of reacting after damage is done, the exchange now categorizes withdrawal risks into three levels and applies tailored responses for each.
Tier 1 Early Warning
Under the low risk category, Bybit uses big data heuristics to detect unusual patterns such as large volumes of withdrawals sent to a single new address. When triggered, the system deploys automated surveys and allows the risk operations team to preemptively blacklist suspicious destinations.
This step aims to catch early warning signals without interrupting normal trading activity.
Tier 2 Real Time Alerts
For medium risk situations, including accounts flagged through credential stuffing databases or suspicious withdrawal addresses, the platform activates real time alerts during the withdrawal process.
Users are prompted to pause and review their transactions. The goal is to counter social engineering tactics that rely on urgency and emotional pressure to push victims into sending funds quickly.
Tier 3 Immediate Blocking and Cooling Off
In high risk cases, such as wallet addresses linked to confirmed scams including so called pig butchering investment schemes, Bybit enforces real time withdrawal blocking.
The platform also applies a mandatory one hour cooling off period, giving users time to reassess and verify the transaction before any funds can move.
The Numbers Behind the Initiative
The company shared detailed metrics highlighting the impact of the framework, particularly in the fourth quarter of 2025.
- Out of $500 million in flagged withdrawals, $300 million was intercepted and recovered.
- More than 4,000 users were protected, many of whom risked losing significant personal savings.
- Bybit’s proprietary AI systems identified 350 high risk investment fraud addresses through on chain monitoring, shielding 8,000 users from potential losses.
- The exchange blocked over 3 million credential stuffing attempts during 2025.
- In Q4 alone, the system auto labeled 350 suspicious addresses and manually tagged 600 more through internal investigations, preventing an additional $1 million in imminent fraud losses.
Industry Collaboration and Intelligence Sharing
Bybit emphasized that security should not be treated as a competitive advantage but as a shared responsibility across the industry.
David Zong, Head of Group Risk Control at Bybit said:
The exchange said its 2025 strategy focused heavily on external intelligence integration and cooperation with blockchain analytics firms.
CoinLaw’s Takeaway
In my experience covering crypto security, most platforms talk about protection after users lose money. What stands out here is the proactive structure. I found the three tier model practical because it balances security with usability instead of freezing accounts at the first sign of risk.
With $17 billion lost to scams in 2025, exchanges cannot afford to treat fraud as a secondary issue. If these numbers hold up under scrutiny, Bybit is setting a new bar for how centralized exchanges should defend users in a high risk environment.
The bigger question now is whether competitors will adopt similar AI driven risk frameworks or continue playing catch up.
