Disclosure: Some links in this article are affiliate links. We may earn a commission if you make a purchase through them โ at no extra cost to you. This doesn't influence our reviews. We only recommend tools we've thoroughly researched.
February 21, 2025. North Korea's Lazarus Group drains $1.5 billion from Bybit's Ethereum cold wallet. The largest single theft in crypto history. Within hours, $10 billion in panic withdrawals hit the platform.
Bybit didn't pause withdrawals. They processed every single one.
Seventy-two hours later, reserves were fully restored. Not a single user lost a dollar. Hacken's Proof of Reserves audit confirmed 100%+ collateralization. And Bybit went back to being the #2 exchange in the world like nothing happened.
That's either the most impressive crisis response in crypto history, or the best reason to never trust a centralized exchange with that much of your money. Probably both.
I've been trading on Bybit since 2021. I watched the hack unfold in real time on Crypto Twitter. I didn't pull my funds. Maybe that was stupid. But 13 months later, here's my honest take on whether Bybit actually deserves your trust, your trading fees, and your sleep in 2026.
Bybit
#2 crypto exchange globally โ 694+ coins, derivatives powerhouse, survived a $1.5B hack
- Derivatives fees are among the lowest anywhere โ 0.020% maker, 0.055% taker
- 694+ cryptocurrencies across spot, perpetuals, futures, and options
- Processed all withdrawals during the $1.5B hack without pausing โ unprecedented
- Monthly Proof of Reserves by Hacken (31 consecutive audits as of March 2026)
- Copy trading, grid bots, DCA bots, and Bybit Earn all under one roof
- Trustpilot rating is 3.2/5 โ account freezes and template support replies are a pattern
- Blocked in 16 jurisdictions including US, UK, Canada, and Singapore
- The $1.5B hack happened because of a third-party wallet tool they chose to trust
- EU users through Bybit EU can only do spot โ no leverage, no derivatives
- Bybit Card cashback has fine print: $25K minimum spend tiers, $600/month caps
The $1.5 Billion Elephant in the Room
Let's get this out of the way because every Bybit review dances around it.
On February 21, 2025, the Lazarus Group (North Korea's state-sponsored hackers, as the FBI later confirmed) compromised a developer at Safe{Wallet}, the third-party multisig tool Bybit used for cold storage. They injected malicious JavaScript into the signing interface during a routine cold-to-hot wallet transfer. Bybit's team approved what looked like a legitimate transaction. It wasn't.
Gone: 401,347 ETH, plus 90,375 stETH, 15,000 cmETH, and 8,000 mETH. Roughly $1.5 billion at the time. Bitcoin dropped 20% from its all-time high on the news.
What happened next is the part that matters.
Bybit CEO Ben Zhou went live on X within hours. No corporate PR statement, no "we're investigating." He said they'd cover everything. They secured emergency loans from Galaxy Digital, FalconX, and Wintermute. Seventy-two hours later, Hacken confirmed reserves were fully restored. Every user who wanted to withdraw during the panic got their money. The r/CryptoCurrency megathread on the hack had thousands of comments, and the overwhelming sentiment shifted from panic to grudging respect within days.
Only about 3.54% of the stolen funds ($42 million) have been frozen to date. Bybit offered a 10% bounty: 5% for freezing funds, 5% for tracers. The rest is likely gone through North Korean laundering networks.
My take: the hack wasn't a failure of Bybit's core infrastructure. It was a supply chain attack on a tool they trusted. That's a meaningful distinction, but it's not a free pass. They chose Safe{Wallet}. That choice cost $1.5 billion. And they've since implemented 50+ security upgrades and completely abandoned Safe{Wallet} infrastructure. The question is whether you believe the lesson stuck.
I do. But I also keep the bulk of my holdings in a hardware wallet. Because trusting any exchange with everything is a different kind of stupid.
Fee Math: Where Bybit Actually Wins
This is the part most traders care about, and it's where Bybit earns its reputation.
Spot trading (base tier, VIP 0):
- Maker: 0.10%
- Taker: 0.10%
- Fiat-crypto pairs: 0.15% maker / 0.20% taker
Perpetual contracts (VIP 0):
- Maker: 0.020%
- Taker: 0.055%
Options (VIP 0):
- Maker: 0.020%
- Taker: 0.030%
Let me put that derivatives fee into real numbers. On a $10,000 perpetual trade as a maker, you're paying $2. Two dollars. On Coinbase Advanced, a similar trade costs $6 in maker fees (0.06%). On Kraken, $2.50. Bybit's derivatives fees are genuinely cheap, and they get cheaper with volume. Supreme VIP tier hits 0.00% maker on some instruments.
The VIP system runs from VIP 0 to Supreme VIP, plus separate Pro tiers (Pro 1 through Pro 6) for market makers. You move up based on 30-day spot volume or asset holdings. It's not hard to reach VIP 1 if you're trading regularly.
Deposits are free for crypto. Fiat deposits via card range from 0.2% to 3.99% depending on your payment method. SEPA transfers take 1-3 business days. Withdrawals are per-coin network fees (BTC withdrawal costs around 0.0005 BTC, pretty standard).
Bottom line: if you're a derivatives trader, Bybit's fee structure is one of the best in the market. Spot fees are competitive but not exceptional. Binance and OKX are in the same ballpark.
What You Can Actually Do on Bybit
The product list is almost absurdly long. Here's what matters:
Trading: Spot, perpetual contracts (USDT and USDC-margined), quarterly futures, inverse contracts, European-style options, and leveraged tokens. The Unified Trading Account lets you cross-collateralize across products, which is genuinely useful if you're running multiple positions.
Passive income: Bybit Earn offers flexible savings (1-5% APY), fixed-term deposits (up to 15% on some assets, sustainability questionable), and stablecoin lending at 3-6%. Nothing groundbreaking, but it's all in one place. If you want to compare staking options more broadly, we did a full crypto staking platforms breakdown. Bybit's Earn yields are competitive but the commission structure matters.
Bots and copy trading: Spot grid, DCA, futures grid, and Martingale bots built in. Copy trading comes in three modes: Classic, Pro, and a newer TradFi mode. I've seen traders on Reddit praise the copy trading system for low-barrier entry, but the success rate of copied strategies is... exactly what you'd expect. Most copy trading is a way to lose money slowly instead of quickly. If you're into bots, our crypto trading bots roundup covers dedicated platforms that go deeper.
The Bybit Card: Mastercard, available through Bybit EU GmbH for European users. Eurozone payments are 0% fee. You get 2-10% BTC cashback depending on VIP tier, plus 100% rebates on Netflix, Spotify, Amazon Prime, ChatGPT Plus, and TradingView subscriptions. Sounds incredible on paper.
The fine print tells a different story. Cashback tiers require $25,000 in minimum cumulative spend to reach the higher percentages, and monthly cashback caps at $600. Foreign currency transactions cost 0.9% plus a 1% FX markup. And multiple Trustpilot reviewers report their cards getting permanently blocked for unspecified "compliance reasons" with no path to reactivation. CoinTribune's review noted physical card delivery within 72 hours in the EU, which is fast, but getting the card is easier than keeping it, apparently.
Other stuff: P2P marketplace (80+ payment methods across 60+ currencies), OTC desk, demo trading, Launchpad for token sales, a Web3 wallet, and tokenized U.S. equities (xStocks). They shut down the NFT marketplace in April 2025, which was probably the right call.
The product breadth is real. Very few exchanges match it outside of Binance.
The Trustpilot Problem (4.7 Stars on App Store, 3.2 on Trustpilot)
This is the part of the review where I'd normally say "customer support could be better" and move on. But Bybit's Trustpilot situation is worse than that.
3.2 out of 5 from over 7,000 reviews. More than 40% are 1-star. The 10 most recent reviews I checked in March 2026 were all 1 or 2 stars.
The complaints form a pattern:
- Account freezes: Funds locked for weeks, sometimes months, after completing full KYC. Multiple users describe submitting every document asked for and getting nothing but template replies.
- Template support: "We are currently reviewing your case" on repeat. No human contact. No escalation path.
- P2P disputes: Merchant fraud allegations with poor resolution processes.
- Withdrawal holds: Deposits stuck "under review" for 20+ days. Approved withdrawals not reaching banks.
One reviewer claimed they were forced to waive $1,500 in profits to get their account unfrozen. I can't verify that, but the volume of similar complaints makes it hard to dismiss entirely. Reddit's r/Bybit subreddit mirrors these complaints, with multiple posts about frozen withdrawals and support tickets going unanswered for weeks.
Meanwhile, the iOS app has 4.7 stars from 41,000+ reviews. Google Play: 4.56 stars from 1.3 million+ reviews.
What's going on? The trading experience itself (the charts, the execution speed, the mobile UI) is genuinely excellent. People love using Bybit right up until something goes wrong. And when something goes wrong, the support infrastructure falls apart. It's the classic exchange paradox: great product, terrible customer service. And for an exchange holding your money, that second part matters a lot.
If you never need support, Bybit is fantastic. If you do, good luck.
Security After the Hack
Post-hack, Bybit implemented what they call 50+ security improvements. The key ones:
- Completely abandoned Safe{Wallet} infrastructure
- Cold storage for ~95% of client funds with air-gapped, multisig wallets
- Threshold Signature Schemes (TSS) and Trusted Execution Environment (TEE)
- Monthly Proof of Reserves audits by Hacken, with 31 consecutive reports as of March 2026, all showing 100%+ collateralization
- CertiK AA security rating
User-facing security features are solid: 2FA via Google Authenticator, FIDO passkeys, a separate fund password for withdrawals, device management, API key IP allowlisting, anti-phishing codes in emails, and a "Secure Transaction Approval" that requires confirmation from your primary device.
Honestly, the security stack is better now than it was before the hack. That's what $1.5 billion worth of lessons buys you. Whether you trust that the improvements are permanent and not just a PR response, that's a personal call.
KYC and Geographic Restrictions
Bybit technically allows no-KYC trading with a 20,000 USDT daily withdrawal limit. No fiat, no Earn, no Card. But if you're specifically looking for no-KYC exchanges, our dedicated roundup covers better options. Bybit used to be a no-KYC go-to, but the limits have tightened significantly.
Standard KYC (government ID + selfie) takes 5-10 minutes and unlocks 1,000,000 USDT daily withdrawals plus full feature access. Advanced KYC adds proof of address and bumps you to 2,000,000 USDT daily.
Where Bybit is blocked: United States, United Kingdom, Canada, mainland China, Hong Kong, Singapore, North Korea, Cuba, Iran, Syria, Sudan, Uzbekistan, and Russian-controlled regions of Ukraine. That's 16 jurisdictions total.
EU users interact with Bybit EU GmbH (Vienna), which holds an FMA authorization under MiCA. But here's the catch: the EU entity only offers spot trading. No derivatives, no leverage. If derivatives are why you're considering Bybit, the EU entity won't give you that. Bybit also re-entered the UK market through a partnership with FCA-regulated Archax, but with limited services.
The geographic fragmentation is getting confusing. Different entities, different product access, different regulatory frameworks depending on where you live. That's not unique to Bybit (Binance has the same problem), but it's worth understanding before you sign up.
Bybit vs the Competition
| Feature | Bybit | Binance | Kraken |
|---|---|---|---|
| Spot Maker Fee | 0.10% | 0.10% | 0.25% |
| Derivatives Maker Fee | 0.020% | 0.020% | 0.020% |
| Supported Coins | 694+ | 400+ | 500+ |
| Max Leverage | Up to 200x | Up to 125x | Up to 50x |
| Proof of Reserves | โ Monthly (Hacken) | โ Periodic | โ Bi-annual |
| No-KYC Access | โ (20K USDT/day limit) | โ | โ |
| Fiat Support | โ Card, SEPA, P2P | โ Card, SEPA, P2P | โ Bank, SEPA, wire |
| U.S. Available | โ | Via Binance.US (limited) | โ |
| Mobile App Rating | 4.7 / 4.56 | 4.6 / 4.4 | 4.7 / 4.3 |
| Trustpilot Score | 3.2/5 | 1.6/5 | 1.5/5 |
| Action | Visit Bybit โ | Visit Binance โ | Visit Kraken โ |
Who Should (and Shouldn't) Use Bybit
Use Bybit if you trade derivatives seriously and want the lowest possible fees. The perpetual contract liquidity on major pairs rivals Binance, and the 0.020% maker fee is hard to beat. The product range is massive. If you want spot, futures, options, bots, earn, and a debit card all on one platform, Bybit delivers. The post-hack security improvements and 31 consecutive PoR audits are legitimate trust signals.
Don't use Bybit if you're in the US, UK, or Canada (it's blocked). Don't use it if customer support quality is a dealbreaker, because the Trustpilot pattern is real and concerning. Don't use it if you're in the EU and want derivatives access, because Bybit EU only offers spot. And don't keep your life savings on any centralized exchange, Bybit included. I keep trading capital on Bybit. Long-term holdings go to cold storage. That's the move.
For privacy-conscious traders who want to minimize their digital footprint while using centralized exchanges, pairing Bybit with a solid VPN is worth considering. We covered the best VPNs for 2026, and it's relevant if you're trading from regions with surveillance concerns. And if you want to track your Bybit portfolio alongside other exchange holdings without logging in constantly, check our crypto portfolio trackers roundup.
The Bottom Line
Bybit is a very good exchange with a very bad customer support problem and a hack that will follow it forever. The trading experience is excellent. The fees are legitimately competitive. The product range is second only to Binance. And the crisis response to the $1.5B hack (processing all withdrawals, restoring reserves in 72 hours, absorbing the entire loss) set a standard that no other exchange has been tested against.
But a 3.2 Trustpilot with 40%+ one-star reviews isn't noise. When multiple users report frozen accounts and weeks of template replies, that's a systemic support failure. The exchange works great until it doesn't, and "until it doesn't" with your money on the line is a bad position to be in.
I still use Bybit for derivatives trading. The fees are too good to walk away from. But I wouldn't park large amounts there long-term, and I wouldn't recommend it to someone who's never used a crypto exchange before. If you know what you're doing and you're not in a restricted jurisdiction, Bybit is one of the strongest options available. Just don't mistake "strong" for "safe."
