TLDR:
- Bybit blocked coordinated fake deposit attacks across multiple blockchains, preventing over $1 billion in DOT losses.
- Attackers used batch transactions and ownership manipulation tricks to simulate deposits without actual fund transfers.
- Bybit’s four-stage validation framework decomposes every transaction into atomic operations before crediting any deposit.
- No user funds were affected, as Bybit’s real-time anomaly detection and risk scoring neutralized all attempts instantly.
Fake deposit attacks targeting multiple blockchain networks were detected and blocked by Bybit. The world’s second-largest cryptocurrency exchange by trading volume confirmed the incident on April 8, 2026.
The coordinated attacks attempted to exploit vulnerabilities in deposit scanning systems. Bybit’s Group Risk Control team identified and neutralized each attempt in real time.
No user funds were incorrectly credited, and no accounts were affected. Potential losses exceeded 1 billion DOT.
How Attackers Attempted to Exploit Bybit’s Systems
The fake deposit attacks used two distinct and sophisticated techniques to bypass security. In one method, attackers exploited batch transaction mechanisms to combine multiple transfers into one.
A large transfer was structured to fail while smaller transfers within the batch succeeded. Systems relying solely on overall transaction status could misinterpret such activity as valid.
The second technique involved multi-step transactions combined with ownership changes. These were designed to simulate incoming funds despite no actual net balance increase.
Systems depending on transaction logs rather than real balance validation may incorrectly credit these as deposits. Together, both methods represent a clear evolution of older fake deposit exploits.
Bybit confirmed the attacks targeted multiple blockchains at the same time. The coordinated nature made them harder to detect through conventional monitoring methods.
Each blockchain carries different transaction structures and validation models. That complexity was a deliberate advantage the attackers sought to exploit.
Fake deposit attacks are not new to the crypto industry. The Mt. Gox transaction malleability exploit between 2011 and 2014 contributed to losses of approximately 850,000 BTC.
A similar bug was exploited on Silk Road in 2012, resulting in the theft of 51,680 Bitcoin. The attacks on Bybit represent a newer generation adapted to modern blockchain transaction models.
Bybit’s Multi-Layer Validation Framework in Action
Bybit’s deposit monitoring system operates across four distinct validation stages. The first stage provides full on-chain visibility by continuously scanning complete blockchain data.
This covers all transaction types, including complex, batched, and failed ones. The system monitors all supported networks without gaps in coverage.
The second stage applies precision filtering against user deposit addresses and related account structures. This ensures both direct and indirect interactions are captured accurately.
The third stage runs a multi-layer validation engine that breaks every transaction into atomic operations. Each operation is then verified independently before any deposit is credited.
“Our deposit monitoring system is designed to validate transactions at every level of execution,” said David Zong, Head of Group Risk Control and Security at Bybit. The fourth stage involves anomaly detection and risk scoring based on transaction structure and complexity.
Real-time alerts are triggered immediately for investigation when deviations are detected. Only verified asset movements are ultimately recognized as legitimate deposits.
Bybit continues to strengthen its risk control infrastructure through advanced transaction analysis. Balance-based validation and ownership-aware tracking remain central to the exchange’s defense strategy.
