Bybit Blocks 1B+ DOT Fake Deposit Play, Attackers Learn That 'Pending' Isn't the Same as 'Yay'

Bybit’s risk control squad just pulled off the crypto equivalent of catching a burglar mid-heist—only this burglar thought “pending” meant “profit,” not “please wait.” The exchange nuked a coordinated wave of fake deposit attacks across multiple chains, stopping over 1 billion DOT from vanishing into the void. No users got punked, no fake balances were issued, and zero assets were incorrectly credited. Turns out, when your “deposit” is built on digital smoke and mirrors, it doesn’t hold up under scrutiny.

Attackers tried to game the system by making nonexistent or unconfirmed transfers look legit to deposit scanners—kind of like showing up to a bank with a Monopoly check and expecting a loan. Their hope? That Bybit’s backend would see a transaction hash and go, “Looks good to me!” instead of asking, “Did anything actually move?” Spoiler: Bybit asked the hard questions.

Some of the attempts used batch transactions—fancy blockchain burritos where multiple transfers are wrapped into one. In one case, a massive DOT transfer was coded to fail, while smaller ones inside the same batch succeeded. It’s like ordering a pizza with extra everything but paying only for the crust: technically a transaction, but spiritually a scam. The goal? Trick systems that only check if any part of the batch worked, not whether the big payout did.

Others went full Rube Goldberg, chaining multi-step flows with rapid ownership flips to simulate incoming funds—despite the actual balance staying flatter than a degen’s portfolio after a meme coin rug. It’s the blockchain version of moving water between cups while pretending you’ve created more. Cute. But not convincing.

Bybit’s deposit monitoring system, however, doesn’t just nod at a green transaction checkmark. It’s built like a forensic accountant on espresso: scanning full on-chain data, cross-referencing deposit addresses, dissecting transactions into atomic parts. We’re talking inner transaction verification, batch decomposition, method recognition, ownership-aware tracking for account-heavy chains like Solana, and balance checks to confirm actual movement. It’s less “trust the code,” more “audit the hell out of the code.”

Suspicious transactions get a “scam score” based on complexity, structure, and potential damage. The weirder the flow, the louder the alarm. Real-time alerts go off, internal teams scramble, and the digital bouncers show the attackers the exit—before they even get to the VIP lounge.

David Zong, Bybit’s head of Group Risk Control and Security, put it bluntly: “Whether you’re using batch calls, relayed transactions, or trying to out-clever us with multi-instruction flows, our system tears every transaction into atoms and checks each one. No shortcuts. No free rides.” Translation: if your transaction relies on smoke, mirrors, or wishful thinking, it’s getting rejected at the door.

Fake deposit attacks aren’t exactly breaking news—this isn’t crypto’s first rodeo. Bybit points to classics like the Mt. Gox malleability exploit (where attackers edited transaction IDs like they were Word documents) and the Silk Road deposit bug (where a misconfigured scanner gave free credit). But today’s attacks? They’re the remix: upgraded for modern blockchains, packed with nested logic, and designed to slip past naive validators. It’s not your dad’s exploit—it’s your over-caffeinated, Web3-native cousin with a grudge.

Bybit, the world’s second-largest crypto exchange by volume, serves over 80 million users and has been busy building more than just trading pairs. Since 2018, it’s positioned itself as a central pillar in the CeFi and Web3 stack—meaning it can’t afford to be the weak link. When you’re holding the keys to the kingdom, you don’t just add a lock. You install motion sensors, a moat, and a very angry goose.

The bigger takeaway? As blockchain transaction logic gets more complex—thanks to Solana, Ethereum, and friends—surface-level checks are about as useful as a screen door on a submarine. Bybit’s stance: if you’re not validating actual asset movement, you’re just playing pretend. Real funds move. Fake ones just look like they do.

The exchange says it’ll keep beefing up its risk stack—deeper transaction analysis, stronger balance validation, smarter ownership tracking—as