Bybit blocked a well planned coordinated exploit with fake deposit attempts. the quick intervention from Bybit’s risk control team stopped what could have been a loss of one billion DOT token, roughly equal to $1.23 billion at current price.
Bybit’s Group risk control team moved quickly, spotting the attacks in real-time. They immediately halted the malicious activity, keeping user funds safe. No accounts were breached, and no fake assets were ever introduced.
Attackers used fake deposits via batch transactions
Attackers exploited vulnerabilities in how exchanges verify incoming deposits. They used sophisticated methods, including batch transactions, which allowed them to group several transactions together.
The idea was to have a substantial transfer fail, while smaller ones went through, thereby giving the appearance of a legitimate deposit to systems that only looked at the final outcome.
The second method involved a series of transactions and changes in ownership. These complex actions were designed to create the appearance of increased funds, even though the exchange’s actual financial position remained unchanged. It is a more complex evolution of the exploits that famously brought down Mt. Gox and the Silk Road years ago.
Four-stage validation framework
The defense that saved over 1 billion DOT relied on a rigorous four-stage validation framework. Bybit’s engine goes a step further than just relying on transaction logs or event triggers, it breaks down each transaction into its most fundamental components. This means the system breaks down every complex, relayed, or batched call to verify individual movements independently.
David Zong, who heads up Group Risk Control and Security at Bybit, explained that the exchange verifies transactions at every stage of processing. This comprehensive methodology ensures that only authentic asset transfers receive validation.
This proactive measure, therefore, sidestepped a possible liquidity crunch. A crisis of that magnitude could have easily sent the Polkadot network spiraling into significant market downturns and widespread instability.
This incident highlights a shift in the cybercrime landscape. The deposit layer, once considered a secure area, is now viewed as a potential weak point for financial institutions. Because modern blockchains like Solana and Polkadot allow for complex transaction structures, simpler exchanges often have vulnerabilities that can be exploited for immediate credit.
