Bybit Detects and Blocks Coordinated Fake Deposit Attacks, Preventing Over $1 Billion DOT in Potential Losses

Fake deposit attacks, which targeted multiple blockchain networks, employed increasingly sophisticated techniques designed to exploit vulnerabilities in deposit scanning systems. The attacks are designed to deceive exchange systems into crediting funds that were never actually received. These attacks exploit how transactions are processed and validated, allowing them to appear legitimate while failing or resulting in no actual balance change.

Incident Overview

Bybit validates transactions at every level of execution. Regardless of structure or technique, each transaction is broken down into its atomic components and verified independently, ensuring that only genuine deposits are credited.

In one of the incidents, attackers exploited batch transaction mechanisms to combine multiple transfers into a single operation. A large transfer was structured to fail while smaller transfers within the bath succeeded. Systems that rely solely on overall transaction status could misinterpret such activity as a valid deposit.

On the other hand, attackers used multi-step transactions combined with ownership changes to simulate the appearance of incoming funds despite no actual net balance increase. Systems that depend on transaction logs rather than actual balance validation may incorrectly identify these as legitimate deposits.

Read More on Fintech : Global Fintech Interview with Baran Ozkan, co-founder & CEO of Flagright

How Bybit Detects and Prevents Advanced Deposit Attacks

Bybit’s deposit monitoring system is built on a multi-layered validation framework designed to detect both known and emerging attack patterns. The system ensures that only verifiable asset movements are recognized as deposits.

Stage 1: Full On-Chain Visibility

Bybit continuously scans complete blockchain data across supported networks, enabling visibility into all transaction types—including complex, batched, and failed transactions.

Stage 2: Precision Filtering

Transactions are filtered against user deposit addresses and related account structures, ensuring that both direct and indirect interactions are captured accurately.

Stage 3: Multi-Layer Validation Engine

Each transaction is rigorously validated through:

• Inner transaction verification to confirm actual execution outcomes
• Batch decomposition to validate each operation independently
• Transfer method recognition across standard and non-standard formats
• Ownership-aware tracking, particularly for account-based models like Solana
• Balance-based validation to confirm real net asset movement

Stage 4: Anomaly Detection and Risk Scoring

Transactions that deviate from expected patterns are analyzed based on structure, complexity, and potential financial impact. The system assigns a severity level and triggers real-time alerts for immediate investigation.

“Our deposit monitoring system is designed to validate transactions at every level of execution,” said David Zong, Head of Group Risk Control and Security at Bybit . “Whether attackers use batch calls, relayed transactions, multi-instruction flows, or ownership manipulation, our system decomposes every transaction to its atomic operations and validates each one independently. This ensures that only genuine asset movements are recognized”

Fake deposit attacks are not new to the cryptocurrency industry. Notable incidents include the Mt. Gox transaction malleability exploit (2011–2014), which contributed to the loss of approximately 850,000 BTC, and the Silk Road deposit bug exploited in 2012, resulting in the theft of 51,680 Bitcoin. The attacks detected by Bybit represent a new generation of these exploits, adapted to the unique transaction models of modern blockchain networks.

Bybit continues to strengthen its risk control infrastructure through advanced transaction analysis, balance-based validation, and ownership-aware tracking – ensuring resilience against increasingly sophisticated attack vectors and safeguarding user assets at scale.