Real time alerts stopped funds before they left the platform

Crypto exchange Bybit says it prevented or disrupted more than $300 million worth of suspicious withdrawals in the fourth quarter of 2025, following the rollout of an AI assisted risk monitoring system designed to flag fraudulent transactions before funds exit the platform.

According to a recent company blog post, the system identified roughly $500 million in withdrawal requests as potentially risky during the quarter. Of that amount, over $300 million was ultimately stopped or cancelled. The exchange added that more than 4,000 users were protected after receiving real time warnings or having their withdrawals blocked outright.

David Zong, Bybit’s head of group risk control, said a large portion of the $300 million total reflects withdrawals that users themselves chose to cancel after seeing on screen alerts. In these cases, funds never left their accounts, avoiding the need for asset recovery or compensation.

Because the withdrawals were halted before completion, the company said no reimbursement process was required and users retained full control of their balances.

Inside Bybit’s risk detection framework

Bybit’s updated system focuses on preventing fraudulent activity at the withdrawal stage, often the final step before stolen funds become difficult to trace. Transactions flagged as high risk are either met with a warning prompt or blocked immediately, depending on the severity of the threat assessment.

The framework relies heavily on exchange level data to detect unusual behavior patterns. These include sudden large withdrawals, rapid transaction sequences, or transfers to newly flagged wallet addresses. Once identified, suspicious destination addresses can be blacklisted by the operations team to prevent further exposure.

During the previous quarter, the exchange said it identified 350 high risk investment fraud addresses. By flagging these wallets early, the system shielded about 8,000 users from potential losses linked to scam related withdrawals.

In addition to withdrawal monitoring, Bybit reported that it blocked more than three million credential stuffing attempts throughout 2025. Credential stuffing is a common tactic where hackers use stolen login data from other platforms to access user accounts.

A shift from recovery to prevention

The scale of crypto related losses in 2025 has added urgency to preventive security measures. Industry estimates show that hacks and exploits led to roughly $3.4 billion in losses during the year, with attackers increasingly targeting large centralized exchanges and service providers.

Exchanges have traditionally focused on post incident recovery efforts, including tracing funds across blockchains and compensating affected users. However, recent trends suggest a shift toward stopping fraudulent activity before assets move.

Bybit’s approach highlights this change in strategy. Rather than relying on clawbacks or insurance funds after a breach, the platform aims to intercept suspicious transactions at the moment of withdrawal, when there is still an opportunity to intervene.

Zong noted that preventing funds from leaving in the first place significantly reduces operational complexity and reputational damage compared with managing large scale reimbursements after the fact.

Industry pressure after major breaches

Calls for stronger safeguards have intensified following several high profile security incidents. In May 2025, a data breach at Coinbase exposed wallet balances and physical location details of roughly 1 percent of its monthly active users. The incident reportedly cost the exchange up to $400 million in reimbursement expenses.

Security experts have argued that exchanges need to adopt continuous monitoring systems that can detect anomalies in real time. Deddy Lavid, co founder and chief executive of blockchain security firm Cyvers, previously said that AI driven anomaly detection could help platforms identify infiltration attempts before attackers gain meaningful access.

The broader message from cybersecurity specialists is clear. As crypto markets mature and capital inflows grow, exchanges must treat fraud prevention as an ongoing operational priority rather than a reactive response to breaches.

Balancing protection and user autonomy

While tighter controls may reduce fraud, exchanges must also consider user experience. Frequent transaction blocks or false alarms can frustrate legitimate customers, especially active traders who move funds regularly.

Bybit’s system attempts to strike a balance by offering warning prompts in some cases rather than immediate blocks. This allows users to reconsider suspicious transactions while retaining the final decision in lower risk scenarios.

The reported figures suggest that many users respond to such prompts. If a significant share of the $300 million total reflects voluntary cancellations, it indicates that real time alerts alone can play a meaningful role in preventing losses.

As digital asset platforms continue to face sophisticated threats, systems that combine behavioral analytics, address monitoring and user level alerts may become standard across the industry. For now, Bybit’s fourth quarter results offer a glimpse into how exchanges are reshaping their security models to keep funds from slipping away before damage is done.