Bybit, the world's second-largest cryptocurrency exchange by trading volume, has successfully detected and neutralized a series of coordinated fake deposit attacks across multiple blockchain networks. The exchange's Group Risk Control team announced on April 8, 2026, that it prevented potential losses exceeding 1 billion DOT (Polkadot) tokens. All attack attempts were identified and blocked in real time, with no funds incorrectly credited and no users affected.
The attacks employed increasingly sophisticated techniques designed to exploit vulnerabilities in exchange deposit scanning systems. The core method involved deceiving systems into crediting funds that were never actually received, exploiting how transactions are processed and validated to appear legitimate while resulting in no actual net balance increase.
Bybit detailed two primary attack vectors: In one incident, attackers exploited batch transaction mechanisms, bundling multiple transfers into a single operation. A large transfer was structured to fail while smaller transfers within the same batch succeeded—a tactic that could fool systems relying solely on overall transaction status. In another method, attackers used multi-step transactions combined with ownership changes to simulate incoming funds without any real balance increase, targeting systems dependent on transaction logs rather than actual balance validation.
The exchange's defense relies on a multi-layered validation framework. David Zong, Head of Group Risk Control and Security at Bybit, stated: "Our deposit monitoring system is designed to validate transactions at every level of execution. Whether attackers use batch calls, relayed transactions, multi-instruction flows, or ownership manipulation, our system decomposes every transaction to its atomic operations and validates each one independently. This ensures that only genuine asset movements are recognized."
The system operates in four stages: full on-chain visibility across supported networks; precision filtering against user deposit addresses; a multi-layer validation engine that includes inner transaction verification, batch decomposition, transfer method recognition, ownership-aware tracking (crucial for account-based models like Solana), and balance-based validation; and finally, anomaly detection and risk scoring with real-time alerts.
Bybit contextualized these attacks as a new generation of an old threat, referencing historic exploits like the Mt. Gox transaction malleability issue (2011–2014) and the Silk Road deposit bug (2012). The modern attacks are adapted to the unique transaction models of contemporary blockchain networks. Founded in 2018 and serving over 80 million users, Bybit emphasized its ongoing commitment to strengthening its risk control infrastructure through advanced transaction analysis and validation to safeguard user assets against evolving threats.
