Bybit says it has blocked a series of coordinated fake deposit attacks that, if successful, could have exposed the exchange to more than 1 billion DOT in potential losses. According to the company, the attacks were detected and neutralized in real time, with no incorrect credits issued and no customer funds affected.

The announcement matters because deposit fraud is one of those risks that sounds technical until it isn’t. If an exchange mistakenly credits funds that never actually arrived on-chain, the attacker can trade or withdraw against fake balances before the issue is caught. At scale, that can turn into a direct balance-sheet hit.

Bybit is framing this incident as evidence that its deposit monitoring stack is built to handle newer versions of an old problem. And that is the real angle here. Fake deposit attacks are not new, but the way they are being adapted to modern blockchain transaction structures is getting more complex.

What happened?

According to Bybit, the attackers targeted multiple blockchain networks and used techniques meant to fool deposit scanners into treating invalid or economically meaningless transfers as legitimate deposits. In plain English, the goal was to make the system think funds had landed when they had not.

One of the attack patterns involved batch transactions. A large transfer inside the batch was designed to fail, while smaller ones succeeded. Systems that only check the top-level status of a transaction could wrongly read the whole operation as a valid incoming deposit. Another pattern involved multi-step transactions and ownership changes that created the appearance of funds moving into an account even though there was no actual net balance increase.

That distinction is important. Blockchain transactions can look busy and still produce no real asset movement for the exchange. If an exchange relies too heavily on logs, surface-level transfer events or simplified parsing, it can end up crediting balances based on appearances rather than settled value.

Investor Takeaway

Security failures at the deposit layer are balance-sheet risks, not just technical bugs. Exchanges that validate actual balance changes rather than just transaction events are better positioned against increasingly engineered fraud attempts.

Why this matters beyond Bybit

The broader issue is that exchanges are dealing with far more complicated transaction environments than they were a few years ago. Modern chains support batching, relayers, inner instructions, non-standard transfer methods and account ownership changes. Those features are useful, but they also create room for attackers to exploit weak assumptions in infrastructure.

That is why this story has industry relevance. If Bybit’s description is accurate, the attacks were designed around the exact kinds of blind spots that simpler deposit systems can miss. The old model of “see transfer, credit account” is not enough anymore. Exchanges need to understand what actually happened at the atomic level of a transaction.

There is also a reputational layer. Users tend to judge exchange security by visible events such as hacks or withdrawal pauses, but internal controls around deposits are just as important. A platform that credits fake deposits can end up absorbing losses quietly, tightening risk rules later, or passing the cost along through more restrictive operations.

How Bybit says it caught the attacks

Bybit says its system uses a multi-layered validation process rather than relying on a single transaction outcome. The company describes four stages: full blockchain visibility, precision filtering against deposit addresses, a validation engine that checks inner execution details and batch components, and a final anomaly detection layer that scores suspicious behavior in real time.

The most useful detail in that framework is the emphasis on balance-based validation. That means the system checks whether there was an actual net asset movement, not just a transfer event that looked plausible. Bybit also says it uses ownership-aware tracking for account-based models such as Solana, which matters because account changes can otherwise create misleading signals.

That approach lines up with how this class of attack usually needs to be handled: decompose the transaction, inspect each operation, and confirm value actually moved.

Investor Takeaway

As exchanges expand across more chains and asset types, security quality increasingly depends on transaction analysis depth. The winners will be the platforms that treat infrastructure as a core product, not a backend afterthought.

What it says about exchange risk in 2026

Bybit’s disclosure is also a reminder that crypto exchange risk is evolving, not disappearing. The headline hacks that defined earlier cycles are only part of the picture now. Fraud at the infrastructure layer, especially around deposits and settlement logic, is becoming a bigger issue as blockchain design grows უფრო diverse and attackers become more specialized.

For traders, the immediate takeaway is simple: no user impact is better than a post-incident explanation. For exchanges, the lesson is harsher. If deposit systems are not built for edge cases, attackers will find them first. Bybit is using this incident to argue that its controls held up under pressure. Whether rivals can say the same is a different question.