Cryptocurrency exchange Bybit says it stopped or disrupted more than $300 million in suspected scam related withdrawals during the fourth quarter of 2025, following the rollout of a new AI assisted risk monitoring system. The company claims the move marks a shift toward preventing fraud before funds leave the platform rather than attempting to recover stolen assets after the fact.

In a recent company blog post, Bybit said its internal system flagged around $500 million worth of withdrawal requests between October and December 2025. Of that amount, more than $300 million was ultimately halted or withdrawn by users after they received real time warnings.

Users Backed Out After Real Time Alerts

According to David Zong, Bybit’s head of group risk control, a significant portion of the $300 million total came from users who chose to cancel their withdrawal requests after being alerted to potential risks.

He explained that the funds never left user accounts and did not require recovery or reimbursement. Instead, the system issued warnings or blocked transactions before they were completed, allowing users to reconsider suspicious transfers.

Bybit said more than 4,000 users were protected during the quarter as a result of the monitoring system. In many cases, users were shown on screen alerts flagging potential fraud risks associated with specific wallet addresses or transaction patterns.

How the Detection Framework Operates

The exchange described its fraud prevention setup as a multi layered framework designed to detect unusual behavior before a transaction is finalized. The system analyzes internal exchange data to identify red flags such as mass withdrawals, irregular account activity, and transfers to known high risk addresses.

When a withdrawal is classified as high risk, the system either displays a warning prompt or blocks the transaction immediately, depending on the severity of the threat. Bybit’s operations team can also blacklist suspicious destination addresses in advance, reducing the chances of funds being sent to fraudulent actors.

The company said it identified 350 high risk investment fraud addresses during the previous quarter, shielding roughly 8,000 users from potential losses. Over the course of 2025, it also thwarted more than three million credential stuffing attempts, a common method used by hackers to gain unauthorized access to user accounts.

Rising Crypto Losses Push Exchanges to Act

The announcement comes amid a sharp rise in crypto related cybercrime. Industry estimates show that cryptocurrency hacks resulted in $3.4 billion in losses in 2025, with attackers increasingly targeting major exchanges and service providers.

High profile breaches have underscored the financial and reputational damage that security failures can cause. In May 2025, Coinbase disclosed a data breach that exposed wallet balances and physical location details of around 1 percent of its monthly users. The incident reportedly cost the company up to $400 million in reimbursement expenses.

Security professionals have argued that the sector must move beyond reactive measures and focus on real time detection tools capable of identifying threats before damage occurs. Deddy Lavid, co founder and CEO of blockchain cybersecurity firm Cyvers, previously said AI driven anomaly detection can help exchanges detect suspicious patterns and prevent hackers from infiltrating systems to steal funds or sensitive data.

From Recovery to Prevention

Bybit’s latest figures highlight a broader change in how crypto platforms approach risk management. Rather than prioritizing fund recovery and compensation after an incident, exchanges are increasingly investing in tools that interrupt fraudulent activity at the transaction stage.

Bybit maintains that stopping withdrawals before completion not only protects users but also reduces operational strain associated with clawbacks, legal disputes, and reimbursement processes.

While it remains to be seen how effective such systems will be over time, the exchange’s Q4 data suggests that early intervention may be becoming a central pillar of crypto security strategy.