Bybit Recovers $300 Million for Users Using AI-Enhanced Fraud Prevention: Report

Bybit has announced the recovery of $300 million on behalf of thousands of users amidst a persistent wave of crypto-related fraud in the industry. The exchange credits these achievements to an AI-powered fraud detection system that acts preemptively to safeguard users' funds. As part of its 2025 Security Initiative, Bybit disclosed on social media, "We elevated our standards in 2025, intercepting $300M in impersonation scams and fraud through our new AI-driven risk framework." This development comes as the crypto sector grapples with significant fraud, with Chainalysis reporting that $17 billion in digital assets were lost to scams and fraud in 2025. The data reveals that in the last quarter of the year alone, Bybit scrutinized $500 million in withdrawals, successfully intercepting $300 million and thereby securing the assets of over 4,000 users. During this period, Bybit’s proprietary AI technologies flagged 350 high-risk investment fraud addresses, protecting 8,000 individuals from potential losses. Furthermore, the company reported blocking more than 3 million credential-stuffing attempts aimed at account takeovers. The system also automatically identified 350 suspicious addresses and manually labeled an additional 600, averting further imminent fraud losses of $1 million. David Zong, Bybit’s Head of Group Risk Control, indicated that the firm’s objective for 2025 is to evolve risk management into a proactive and intelligent safeguard through the integration of AI and on-chain monitoring. "By merging AI-driven on-chain oversight with real-time insights from industry partners such as TRM, Elliptic, and Chainalysis, we not only protect Bybit users but also contribute to mapping the structure of fraudulent networks," he stated. Bybit’s defense framework categorizes potential scams into three increasing risk tiers while allowing normal trading activities. At the lowest risk, the platform employs big data analytics to spot anomalies, such as mass withdrawals to new addresses, followed by automated assessments to aid the Risk Operations team in blacklisting dubious destinations. In medium-risk scenarios, real-time alerts are activated during withdrawals for accounts flagged by credential stuffing or linked to questionable addresses, prompting users to verify transactions potentially influenced by social engineering. At the highest level, wallet addresses tied to confirmed scams face immediate withdrawal prevention and a mandatory one-hour waiting period before transactions can resume. The report concluded with a call for standard monitoring benchmarks beneficial for the wider industry, including an anti-credential stuffing engine, real-time AI pattern recognition for pig butchering flows, an integrated intelligence hub combining tools from TRM Labs, Elliptic, and Chainalysis, and a comprehensive cross-chain tracing model for tracking illicit funds.