Key Takeaways
- The UAE’s approval positions Bybit in the final stages of obtaining its full license, which will enable it to offer digital asset services to both retail and institutional investors
- Beyond the UAE and India, the exchange has secured regulatory approvals in Georgia, Kazakhstan, and Turkey
Crypto exchange Bybit has taken a significant step toward securing a full operational license in the United Arab Emirates (UAE) after receiving in-principle approval (IPA) from the country’s Securities and Commodities Authority (SCA) on February 18, 2025.
This approval allows Bybit to move closer to operating as a Virtual Asset Platform Operator. Earlier this week, the exchange suffered a $1.4 billion security breach, marking one of the largest hacks in crypto history.
Bybit has described the UAE as a key financial hub with a regulatory framework that supports digital assets.
The UAE’s approval positions Bybit in the final stages of obtaining its full license, which will enable it to offer digital asset services to both retail and institutional investors. Ben Zhou, co-founder and CEO of Bybit, said the approval reflects the company’s efforts to build a secure and transparent crypto ecosystem. “We are honored to have received the IPA from the SCA. This approval marks a crucial step in our journey to providing secure and transparent crypto trading solutions,” Zhou said.
The regulatory milestone, however, was overshadowed by a massive security breach on February 21. The attack reportedly occurred during a transfer between Bybit’s cold and hot wallets, resulting in the loss of liquid-staked Ether and MegaETH worth $1.4 billion.
The breach led to an outflow of approximately $6.1 billion, with Bybit’s total assets plunging from $16.9 billion to $10.8 billion, as per data from DeFiLlama. Despite this, Bybit assured its users that customer funds remain secure and confirmed that the stolen Ether had been replaced.
In response to the attack, the exchange launched a $140 million bounty program to track down the perpetrators. Reports suggest that the Lazarus Group, a North Korean-affiliated cybercrime organization, could be behind the attack, though no official confirmation has been made.
Bybit has been aggressively expanding its presence in global markets. The exchange recently re-entered India after paying a $1 million fine to the Financial Intelligence Unit (FIU) for previously operating without registration. With its compliance issues resolved, Bybit has resumed services in the country.
Beyond the UAE and India, the exchange has secured regulatory approvals in Georgia, Kazakhstan, and Turkey. However, in late 2024, Bybit temporarily halted operations in the European Economic Area (EEA) to comply with the Markets in Crypto-Assets (MiCA) regulations.
The exchange is currently seeking a MiCA license in Austria to resume its European operations. Bybit has also faced regulatory pushback in Malaysia, where the Securities Commission ordered it to shut down operations in December 2024 for failing to register as a digital asset exchange.
“Bybit remains dedicated to working hand-in-hand with regulators to foster a compliant and innovative digital asset ecosystem,” Zhou said.
