Why did Bybit freeze my deposit?

Bybit's compliance engine evaluates every inbound deposit against sanctions lists, known mixer clusters, hack-linked addresses and darknet exposures. If your sending address or any input within a configurable hop distance touches a flagged entity, the deposit is held for source-of-funds review until you provide documentation.

How long do Bybit AML holds typically last?

Bybit AML holds typically last 3 to 14 business days depending on the severity of the flag and the speed of source-of-funds documentation. Direct OFAC matches may result in indefinite freezes pending legal review.

Can I screen my address before depositing to Bybit?

Yes. Pre-deposit screening uses the same categorical logic Bybit's vendor uses — sanctions match, mixer proximity, hack-cluster links. AegisAML runs this check locally on Windows for free, before you initiate the deposit.

Does Bybit screen withdrawals too?

Yes. Bybit screens outbound withdrawal addresses against sanctions and high-risk cluster databases. Sending to a flagged destination may trigger a withdrawal hold even if your account is otherwise in good standing.

CEX · Bybit Updated Jun 2026

Bybit Deposit AML Screening — Avoid Freezes Before You Send

Bybit is one of the largest centralised exchanges by spot volume in 2026, and its compliance engine screens every inbound deposit against the same sanctions, mixer and hack-cluster databases major regulated exchanges use. If your sending address has exposure within the configurable hop distance the exchange's KYT vendor uses, the deposit will land — and then silently freeze. This guide explains how Bybit deposit screening works, why holds occur, and how to run a pre-deposit AML check on Windows before you initiate the transfer.

How Bybit deposit AML actually works

Bybit, like every regulated exchange operating in 2026, runs a third-party blockchain analytics layer over every inbound deposit. The exchange does not disclose its KYT vendor by name in user-facing documentation, but the categorical outputs are consistent across Chainalysis, Elliptic and TRM Labs — the three vendors that dominate the institutional segment. Read our four-way comparison for context.

The deposit screen evaluates the inbound address and traces the input graph backward. For Bitcoin this means the UTXO ancestors; for Ethereum and EVM chains it means the sending account history; for USDT on Tron or Ethereum it means the token-transfer chain. The engine looks for direct matches against sanctions lists, proximity to mixer clusters, links to documented hacks, and exposure to high-risk exchange paths.

A deposit can land in your Bybit balance and then enter a hold status. The exchange does not always notify users of the hold immediately. You may discover the freeze only when you try to trade or withdraw and find the balance locked.

Why your deposit froze — the categorical reasons

1. Direct OFAC SDN match

If the sending address is on the US Treasury OFAC SDN list, the deposit will freeze immediately and may require legal review before release. Direct OFAC matches are rare but absolute blockers. Bybit indexes OFAC alongside EU CFSP, UN, OFSI, SECO and DFAT sanctions designations.

2. Mixer exposure within hop distance

If your sending address received funds that passed through Tornado Cash, ChipMixer, Sinbad, Wasabi CoinJoin coordinators, or other privacy-mixing services within the exchange's hop threshold (typically 3 hops on Ethereum, 5 hops on Bitcoin), the deposit will be held for review. Mixer exposure is the most common reason for Bybit deposit holds in 2026.

3. Hack-linked cluster

Funds that originated from a documented exchange breach, bridge exploit or smart-contract hack will be flagged. The major clusters Bybit screens against include the Ronin bridge exploit, Wormhole bridge bug, Euler Finance attack, Nomad bridge bug, Poly Network exploit, and the Bybit hot-wallet drain that the exchange itself disclosed.

4. Darknet market adjacency

Transactional history adjacent to known darknet deposit addresses (Hydra successors, ASAP Market, current English-language markets) will flag the deposit. Adjacency may extend two or three hops depending on the exchange's risk model.

5. High-risk exchange path

Funds routed through no-KYC exchanges, instant swap services with weak KYC, or peel-chain patterns typical of layering will register on the screen. The exchange's vendor maintains a list of high-risk counterparty exchanges that itself flags exposure.

What pre-deposit screening looks like

The screening logic is straightforward once you understand it. Take the address you are about to send from, run the same categorical evaluation Bybit runs, and decide before the wire whether the address is acceptable.

Identify the sending address — the wallet you will transfer from, not your Bybit deposit address.
Run a local crypto AML scan — use a tool that indexes the same sanctions and cluster databases. Free AML screening on Windows via AegisAML covers the categorical surface.
Review the report — risk score, hop path, named-entity matches if any.
Decide — if clean, deposit. If review-required, consolidate funds through a clean intermediate first, or document source-of-funds proactively.
Save the report — timestamp and PDF for future reference if Bybit ever asks you to substantiate source of funds.

What to do if your Bybit deposit is already frozen

If the deposit is already held, the only path to release is compliance correspondence. Bybit will request source-of-funds documentation: how you acquired the funds, transaction receipts, exchange purchase confirmations, payroll evidence, sale invoices, or whatever paper trail explains the origin of the coins.

If you cannot produce that documentation, the deposit may be returned to sender or held indefinitely. There is no fast-track. Compliance teams have no commercial incentive to release a flagged deposit quickly — their incentive is to avoid regulatory enforcement, not to delight customers.

The reason pre-deposit screening matters: the same screen costs you zero time before the wire and 3 to 14 business days afterward.

Bybit-specific considerations in 2026

Bybit operates under multiple regulatory regimes simultaneously and has tightened its compliance posture significantly since 2023. Notable considerations:

Tron USDT scrutiny — large USDT inflows on TRC-20, the most common B2B and OTC settlement rail, face additional scrutiny on Bybit. See our USDT TRC-20 and ERC-20 AML guide.
Self-custody history matters — depositing from a long-held cold wallet often passes cleanly. Depositing from a freshly-received OTC payment is the most common failure mode.
Mixer exposure thresholds tightened — Bybit's KYT vendor reduced the mixer-proximity threshold in late 2024. What passed in 2023 may now flag.
Cross-chain bridge inflows — funds bridged through privacy-adjacent bridges (some L2 to L1 paths) receive elevated scrutiny.

Practical checklist before depositing to Bybit

Run an AML scan on the sending address.
Verify no direct sanctions match.
Verify no mixer exposure within 3 hops for ETH, 5 hops for BTC.
Verify no hack-cluster links in the recent input history.
Save the scan report as a timestamped PDF.
For large deposits (over USD 50,000 equivalent), assemble source-of-funds documentation proactively, before the deposit lands.
Consider depositing a small test transaction first if the address has any recent history you cannot fully explain.

Screen before you deposit to Bybit — free, on Windows

AegisAML runs the same categorical AML check Bybit's compliance vendor runs — OFAC sanctions, mixer exposure, hack clusters, darknet adjacency. Locally on your machine. No account.

Install AegisAML for Windows

Related Bybit and CEX screening considerations

The same logic applies across regulated exchanges. Binance deposit AML screening uses the same categorical engine. Kraken deposit AML is similar. OKX deposit address screening operates on the same logic. The vendor under the hood may differ, but the categorical outputs converge.

Frequently asked questions

How long do Bybit AML holds last?

Typically 3 to 14 business days. Severity drives duration: mixer-proximity holds usually clear in 3 to 7 days if source-of-funds documentation is provided promptly. Direct OFAC matches may result in indefinite holds pending legal review or US Treasury licensing.

Will Bybit notify me if my deposit is held?

Bybit does not always proactively notify users of compliance holds. The deposit may appear in your balance but be unavailable for trading or withdrawal. Check the deposit-status page and customer support ticket history if you suspect a hold.

Does Bybit return the deposit to sender if rejected?

Sometimes. For severe or unverifiable flags, Bybit may return the funds to the sending address. For ambiguous cases, the funds may be held until source-of-funds documentation is provided. Returned funds incur on-chain transaction fees deducted from the deposit amount.

Can I screen an address without connecting a wallet?

Yes. Paste any public Bitcoin, Ethereum, USDT or Solana address into AegisAML. No wallet connection required. This is the standard pre-OTC and pre-deposit workflow.