$300M in Suspicious Withdrawals Prevented by Bybit's AI Fraud Detection in Q4 2025
According to Bybit, the majority of the $300 million in "prevented losses" resulted from users voluntarily canceling transactions after receiving real-time alerts, demonstrating how cryptocurrency platforms are transitioning from post-incident recovery to proactive fraud prevention strategies.
According to Bybit, the exchange successfully prevented or interrupted over $300 million in potentially fraudulent withdrawal transactions during the final quarter of 2025, following the implementation of an artificial intelligence-powered risk surveillance platform engineered to detect suspicious transactions before capital exits the platform.
The company revealed through a blog announcement that its surveillance infrastructure identified approximately $500 million in withdrawal requests throughout the quarter, with more than 4,000 account holders being "safeguarded" through the platform's deployment of immediate risk notifications or complete transaction freezes.
David Zong, Bybit's head of group risk control, explained to Cointelegraph that a significant portion of the $300 million figure represents withdrawal requests that users chose to abandon after receiving warnings from the system, indicating that the capital stayed within their accounts instead of necessitating recovery procedures or compensation protocols.
"Because the withdrawals were stopped prior to completion, the funds did not require recovery or reimbursement. They remained in users' accounts at all times."
The exchange reported that its platform additionally detected 350 addresses linked to high-risk investment scams, which protected 8,000 account holders from potential withdrawal-related losses during the prior quarter. The system also successfully defended against more than three million credential stuffing attack attempts perpetrated by malicious actors throughout 2025.
Digital asset security breaches led to $3.4 billion in stolen funds during 2025, as cybercriminals shifted their attention toward major cryptocurrency platforms and organizations.
How the risk framework works
The internal fraud detection infrastructure deployed by Bybit is designed to stop fraudulent withdrawal transactions before malicious activity can be completed.
Transaction requests identified as high-risk receive either a warning notification or face complete blockage in real-time, with the response calibrated to match the threat level of each individual case.
This three-layered theft protection framework utilizes exchange intelligence to identify abnormal behavioral patterns including bulk withdrawal requests, enabling Bybit's operational security team to proactively add high-risk destination wallet addresses to their blacklist database.
Crypto industry needs pre-emptive security measures
Industry cybersecurity professionals have advocated for widespread adoption of immediate response, artificial intelligence-enhanced threat surveillance systems to combat digital financial crime.
Deploying AI-driven anomaly recognition technology could assist the sector in protecting against malicious actors who penetrate organizations to extract funds or confidential information, according to Deddy Lavid, co-founder and CEO of blockchain cybersecurity firm Cyvers, who shared these insights with Cointelegraph last year.
In May 2025, Coinbase experienced a security incident that revealed the wallet holdings and geographical locations of approximately 1% of the platform's monthly active users, resulting in reimbursement costs reaching up to $400 million for the exchange.