Cryptocurrency Exchange Reviews

Bybit Crypto Exchange Review - Security, Fees & 2025 Hack Impact

  • Home
  • Bybit Crypto Exchange Review - Security, Fees & 2025 Hack Impact
Bybit Crypto Exchange Review - Security, Fees & 2025 Hack Impact
8 September 2025 Rebecca Andrews

Bybit Fee Calculator

Estimated Monthly Fees

Maker Fees: $0.00
Taker Fees: $0.00
Total Estimated Fees: $0.00
Annualized Cost (%): 0.00%
Note: These are estimates based on Bybit's tiered fee structure. Actual fees may vary based on market conditions and specific trading activities.
Bybit Fee Structure Overview
Spot Trading
  • Maker Fee 0.01% - 0.02%
  • Taker Fee 0.1% - 0.15%
Futures Trading
  • Maker Fee -0.025% to 0.025%
  • Taker Fee 0.025% - 0.075%

Looking for a straight‑forward take on Bybit? You’ve probably heard the name in headlines-either for its rapid growth or the massive 2025 hack that sent shockwaves through the crypto world. This review breaks down what Bybit actually offers, how its security stack works (and where it slipped), the fee structure for traders, and whether you should keep your assets on the platform or move them to self‑custody.

What Is Bybit?

Bybit is a global cryptocurrency exchange that provides spot, derivatives, and margin trading for a wide range of digital assets. Launched in 2018, the platform quickly gained a reputation for low latency, a clean UI, and aggressive marketing aimed at professional traders. By late 2024 the exchange boasted over 5 million registered users and daily trading volume surpassing $30billion.

Core Features and User Experience

  • Web and mobile apps that support more than 120 trading pairs.
  • Advanced charting tools powered by TradingView.
  • Leverage up to 100× on futures contracts.
  • Instant deposits and withdrawals for major fiat gateways in select regions.
  • Customer support available 24/7 via live chat and ticketing.

The UI feels familiar if you’ve used other major exchanges-order books, depth charts, and a clear account overview sit front‑and‑center. Newcomers may need a few minutes to locate the “Earn” section where you can stake assets or provide liquidity, but the layout is intuitive enough to start trading within 10 minutes of signing up.

Security Architecture (Before the February 2025 Incident)

Bybit marketed itself as a security‑first exchange, employing a layered approach:

  • Cold storage: Over 95% of user funds sat offline in air‑gapped wallets.
  • Multi‑signature (multisig) technology that required multiple private keys to approve a withdrawal.
  • Trusted Execution Environment (TEE) and Threshold Signature Schemes (TSS) for transaction signing.
  • Two‑factor authentication (2FA), hardware key support (e.g., YubiKey), and encrypted data transmission.
  • Real‑time monitoring of user behavior, with anomaly detection triggering additional verification steps.

These measures aligned with industry best practices and helped Bybit avoid many of the smaller phishing attacks that plagued newer platforms.

Shadowy hacker extracting Ethereum from a hot wallet in a dark server room.

The February 21, 2025 Hack: How It Happened

On that fateful day, an advanced group linked to North Korea’s Lazarus Group exploited a series of supply‑chain vulnerabilities in Bybit’s internal tooling. Rather than breaking the cold‑wallet encryption, the attackers used social engineering to trick a privileged operator into approving a massive Ether transfer. Roughly $1.5billion worth of Ethereum (ETH) vanished from the exchange’s hot wallet, marking the largest crypto heist in history.

Key weaknesses identified by security firms included:

  • Insufficient code‑signing verification for software updates.
  • Lack of independent transaction approval-only one individual could authorize large withdrawals.
  • Smart‑contract permissions that allowed the attacker to call privileged functions without an extra nonce check.

Even with robust multisig and cold‑wallet holdings, the breach showed that human factors and supply‑chain hygiene can override technical safeguards.

Bybit’s Response and Compensation Plan

Within hours, Bybit halted all ETH withdrawals, launched an emergency communication channel, and pledged to reimburse affected users from its own reserve fund. By the end of the week, the exchange had processed roughly 90% of withdrawal requests and announced a $43million bounty pool for researchers who could help trace the stolen funds.

Financially, Bybit’s ability to fund reimbursements signaled strong liquidity reserves, but the incident raised questions about long‑term trust and the role of custodial exchanges versus self‑custody solutions.

Post‑Hack Security Upgrades

Since the breach, Bybit has rolled out a set of hardening measures:

Bybit Security Enhancements - Before vs. After February2025 Hack
FeatureBeforeAfter
Transaction Approval WorkflowSingle‑operator with multisigDual‑operator with enforced independent verification
Software Supply‑Chain VerificationBasic checksum validationCryptographic code signing & Subresource Integrity (SRI) enforcement
Smart‑Contract PermissionsBroad admin rightsRole‑based access with time‑locked functions
Anomaly DetectionHeuristic alertsMachine‑learning models integrated with real‑time blockchain analytics (partnered with Chainalysis)
Cold‑Wallet AuditsQuarterly internalMonthly third‑party audits + public attestation reports

These updates align with recommendations from firms like Quant Network, which advocates enterprise‑grade key management and transaction signing solutions for on‑chain finance.

Castle-like Bybit security with dual guards, code scroll, and user holding hardware wallet.

Fee Structure - What You’ll Actually Pay

Bybit’s fee model is competitive for high‑volume traders but can be confusing for casual users:

  • Spot trading: Maker fees start at 0.01%, taker fees at 0.1% (both decrease with higher 30‑day volume).
  • Futures contracts: Maker fees as low as -0.025% (rebate) for top tier, taker fees at 0.025% for the highest tier.
  • Deposit fees: Free for most major coins; a small network fee may apply for ETH due to gas costs.
  • Withdrawal fees: Fixed per coin (e.g., 0.005ETH per withdrawal) plus dynamic network surcharge.
  • Staking/Earn: Annual yields range from 2% to 12% depending on the asset, but early‑withdrawal penalties apply.

If you trade under $10,000 per month, expect to pay roughly $15‑$30 per week in fees on a typical mixed‑spot/futures strategy.

Self‑Custody vs. Bybit Custody: Pros and Cons

After the hack, many users reconsidered whether to keep assets on an exchange. Here’s a quick rundown:

Self‑Custody vs. Bybit Custody
AspectSelf‑CustodyBybit Custody
ControlFull ownership of private keysKeys managed by Bybit’s security infrastructure
Security ResponsibilityUser must secure hardware wallets, backups, and firmware updatesBybit handles cold‑wallet storage, multisig, and monitoring
LiquidityInstant on‑chain transfers, but may incur higher gas feesInstant internal transfers, fast order execution
Regulatory ProtectionLimited (depends on jurisdiction)Potential recourse through Bybit’s insurance and compensation fund
ComplexityRequires technical know‑howUser‑friendly UI, no key management needed

In short, Bybit offers convenience and a safety net (if you trust their compensation promise), while self‑custody eliminates the exchange‑level attack surface at the cost of personal responsibility.

Is Bybit Worth Using in 2025?

Answering that question boils down to three factors: security confidence, trading needs, and cost sensitivity.

  • Security confidence: Bybit’s post‑hack upgrades and willingness to compensate losses boost its credibility, but the breach exposed a human‑error vector that any custodial service could face.
  • Trading needs: If you need high‑leverage derivatives, deep liquidity, and API access for bots, Bybit still ranks among the top three exchanges globally.
  • Cost sensitivity: Fees are transparent and competitive for high‑volume traders; casual users might find the tiered model a bit opaque.

Overall, for active traders who value speed and want to stay on a regulated platform, Bybit remains a solid choice-provided you enable every security option (2FA, hardware key, withdrawal whitelist) and consider moving large, long‑term holdings to a hardware wallet.

Frequently Asked Questions

Did Bybit lose all of its users’ ETH in the 2025 hack?

No. The stolen ETH came from a hot‑wallet used for withdrawals. Over 95% of user funds remained safely stored in cold wallets, and Bybit reimbursed affected users from its reserve fund.

What security features does Bybit currently offer?

Bybit now uses dual‑operator transaction approval, cryptographic code signing, role‑based smart‑contract permissions, machine‑learning anomaly detection (partnered with Chainalysis), and monthly third‑party cold‑wallet audits.

How do Bybit’s fees compare to other major exchanges?

Bybit’s maker fees start at 0.01% for spot and can go negative for high‑volume futures traders, which is slightly better than Binance’s 0.02% maker fee and comparable to Coinbase Pro’s 0.00%‑0.50% range. Withdrawal fees are typically lower than many competitors for major coins.

Should I keep my large crypto holdings on Bybit?

For active trading, keeping only the amount you need for positions is sensible. Transfer the rest to a hardware wallet where you control the private keys. This balances convenience with security.

Is there any regulatory oversight on Bybit?

Bybit operates under a Malta‑based license and has sought registration in several jurisdictions, including the U.S. (as a futures‑only broker). However, full banking‑type regulation is still evolving, so users should stay aware of local compliance rules.

Tags:
Rebecca Andrews
Rebecca Andrews

I'm a blockchain analyst and cryptocurrency content strategist. I publish practical guides on coin fundamentals, exchange mechanics, and curated airdrop opportunities. I also advise startups on tokenomics and risk controls. My goal is to translate complex protocols into clear, actionable insights.

14 Comments

  • Marc Addington
    Marc Addington
    September 8, 2025 AT 14:34

    Bybit’s hack proves that even “top‑tier” US‑centric exchanges are just glorified vaults for thieves.

  • Amal Al.
    Amal Al.
    September 8, 2025 AT 14:50

    I understand your frustration, however, the post clearly outlines the steps Bybit has taken since the incident, and these measures, such as dual‑operator approvals and code‑signing, should restore confidence.

  • Alex Gatti
    Alex Gatti
    September 8, 2025 AT 15:07

    Bybit still offers low fees for traders. The new security updates look solid. It might be worth a try for casual users.

  • stephanie lauman
    stephanie lauman
    September 8, 2025 AT 15:24

    While your optimism is noted, the reality remains that a single social‑engineering breach compromised billions, and any platform tolerating such a lapse deserves scrutiny. :)

  • Twinkle Shop
    Twinkle Shop
    September 8, 2025 AT 15:40

    Bybit’s fee architecture, when dissected, reveals a tiered model that scales inversely with thirty‑day trading volume, thereby incentivizing high‑frequency market makers. The maker fee for spot transactions initiates at 0.01 % and can descend to 0.005 % for elite tiers, while taker fees commence at 0.10 % and similarly diminish. Futures contracts introduce a rebate mechanism wherein top‑tier makers receive negative fees, effectively earning a modest return on liquidity provision. This structure, juxtaposed against the platform’s average daily volume exceeding $30 billion, underscores a competitive positioning relative to industry incumbents such as Binance and Coinbase Pro. Security-wise, the post details a multi‑layered apparatus encompassing cold‑storage dominance, multisignature safeguards, and a Trusted Execution Environment for transaction signing. Post‑hack remediation introduced dual‑operator approvals, cryptographic code signing, and role‑based smart‑contract permissions, thereby addressing the singular point‑of‑failure that enabled the 2025 breach. Furthermore, Bybit now integrates machine‑learning anomaly detection in partnership with Chainalysis, furnishing real‑time blockchain analytics to flag illicit activity. Monthly third‑party audits of cold‑wallet holdings supplement internal controls, offering an external attest‑ation of asset custody. The compensation fund, bolstered by a $43 million bounty pool, reflects substantial liquidity reserves capable of addressing user reimbursements. Nonetheless, the incident illuminated an enduring human‑factor vulnerability: privileged access exploitation via social engineering. From a user‑experience standpoint, the UI retains its hallmark low‑latency order book and TradingView charting suite, facilitating swift execution for both novice and professional traders. Deposit pathways remain largely fee‑free for major assets, though network surcharges persist for high‑traffic chains such as Ethereum. Withdrawal fees are modestly tiered, with a fixed 0.005 ETH charge plus dynamic gas costs, aligning with market norms. Staking and Earn products deliver annual yields ranging from 2 % to 12 %, albeit subject to early‑withdrawal penalties that users must acknowledge. In synthesis, Bybit presents a compelling proposition for active traders seeking depth, leverage, and a revitalized security posture, provided they adhere to best practices such as enabling 2FA and hardware key authentication. Finally, prudent capital allocation suggests maintaining only operational balances on the exchange while consigning long‑term holdings to hardware wallets for maximal sovereignty.

  • Shaian Rawlins
    Shaian Rawlins
    September 8, 2025 AT 15:57

    I appreciate the thorough breakdown; it really helps newcomers understand both the cost advantages and the layered security upgrades without feeling overwhelmed. The emphasis on moving long‑term assets to a hardware wallet resonated with me, and I plan to adjust my own holdings accordingly.

  • Taylor Gibbs
    Taylor Gibbs
    September 8, 2025 AT 16:14

    Yo, Bybit's UI is super slick an' the fees ain't bad, but dont forget to lock down ur account with 2FA and maybe a YubiKey if u can.

  • Rob Watts
    Rob Watts
    September 8, 2025 AT 16:30

    yeah sounds good i will try that

  • Bhagwat Sen
    Bhagwat Sen
    September 8, 2025 AT 16:47

    Listen up everybody Bybit is a beast when it comes to leverage and volume, but you really need to keep an eye on the hot wallet activity because that's where the real danger lives, especially after that massive 2025 hack, so stay vigilant and diversify your exposure across multiple platforms to avoid getting caught in another epic fail.

  • mukesh chy
    mukesh chy
    September 8, 2025 AT 17:04

    Oh sure, because moving to multiple exchanges magically makes you immune to social‑engineering-nice theory, but reality loves to prove otherwise.

  • Amy Harrison
    Amy Harrison
    September 8, 2025 AT 17:20

    Hey fam! Bybit’s fees are pretty chill 😎 and the new security updates look 🔥, so if you’re looking to trade without breaking the bank, give it a spin! 🚀💰

  • Kortney Williams
    Kortney Williams
    September 8, 2025 AT 17:37

    While the allure of low fees and swift trades is undeniable, one might contemplate whether true financial freedom lies in relinquishing custodial control altogether, embracing the silent stewardship of a hardware wallet as a meditative act of self‑sufficiency.

  • Cathy Ruff
    Cathy Ruff
    September 8, 2025 AT 17:54

    Bybit still ain’t safe enough for real traders stop trusting them

  • Miranda Co
    Miranda Co
    September 8, 2025 AT 18:10

    You’re right they’re risky keep your money offline

Write a comment

Error Warning

More Articles

EvmoSwap Review: Fees, Security, and How It Stacks Up in 2025
Rebecca Andrews

EvmoSwap Review: Fees, Security, and How It Stacks Up in 2025

A detailed EvmoSwap crypto exchange review covering fees, security, supported assets, user experience, and how it compares to Binance, MEXC and other top platforms in 2025.

Energy Efficiency of Different Consensus Mechanisms: A Practical Comparison
Rebecca Andrews

Energy Efficiency of Different Consensus Mechanisms: A Practical Comparison

Explore how Proof of Work, Proof of Stake, and newer consensus models differ in energy use, security, and scalability, with a detailed comparison table and practical selection guide.

How Blockchains Communicate with Each Other - A Practical Guide
Rebecca Andrews

How Blockchains Communicate with Each Other - A Practical Guide

Learn how blockchains talk to each other using IBC and CCIP. Get a clear breakdown of protocols, security tips, real use cases, and a step‑by‑step implementation checklist.