Bybit Japan has paused new account registrations for Japanese residents from October 31 as the exchange reassesses compliance and security after the February 2025 breach and shifting domestic rules.
What triggered Bybit’s halt on new Japanese sign-ups and what changes are expected for onboarding?
February 2025 breach and attribution
Industry reports put the February 2025 loss at roughly $1.5 billion, with several outlets and investigators attributing the operation to the Lazarus Group. Reporting stresses that attribution is based on forensic indicators and remains described as suspected rather than judicially established.
October 31 pause and scope
Bybit announced the onboarding pause effective October 31, 2025, saying the measure applies to new registrations by Japanese residents and nationals. Existing customers in Japan were not immediately affected, the company said, while it reviews local obligations.
Regulatory backdrop
Japan’s Financial Services Agency (FSA) is steering crypto oversight toward the Financial Instruments and Exchange Act (FIEA), which raises custody and disclosure standards. The FSA also proposed a dedicated Crypto Assets and Innovation Division to centralize supervision and expertise.
In brief, Bybit’s pause is a defensive compliance move to align onboarding and reporting with stricter requirements and to allow time for audited verification and operational changes.
How will Bybit japan compliance requirements change under Japan FSA crypto regulations?
The FIEA classification would impose higher standards for custody, segregation of client assets, and ongoing disclosures. Firms operating in or serving Japan can expect tougher KYC/AML expectations and more rigorous proof-of-reserve and audit obligations.
For the FSA’s institutional reform timeline and the August proposal for a Crypto Assets and Innovation Division, see the regulator’s statement: FSA press release (21 August 2023).
What role does a Bybit proof of reserve audit play in restoring trust?
After the breach, Bybit engaged third‑party auditors and security firms to verify solvency and trace funds. Public-facing proof-of-reserve reports and independent attestations are now central to rebuilding user confidence.
Ben Zhou, Bybit’s CEO, told journalists that “third-party auditors were able to verify that our assets remained fully solvent,” a point cited in contemporary press coverage and company statements.
How do audits work and what limits should users watch for?
Proof-of-reserve audits typically combine on‑chain wallet attestations with reconciliations to a platform’s recorded liabilities. Such exercises vary in scope; regular cadence and third‑party verification increase credibility but do not by themselves eliminate all operational risk.
Expert commentary: From advising institutional clients and custodians, clearer regulatory guidance reduces onboarding friction and helps compliance teams set verifiable proof-of-reserve standards.
What should applicants expect from the Bybit Japan registration guide and bybit account onboarding rules?
Applicants should expect tighter identity verification, more detailed source-of-funds checks, and documentation aligned with FIEA-style requirements. Platforms preparing to resume onboarding typically publish updated registration guides and checklists describing these steps.
Note: Users in Japan should monitor Bybit’s official channels for specific requirements and timelines; do not rely on third‑party summaries for identity verification instructions.
What should users and markets watch next?
Watch for three signals: the publication of audited, timestamped proof-of-reserve reports; any formal filing or registration with the FSA; and public remediation steps addressing custody and AML gaps. Regulators will look for demonstrable fixes before approving resumed onboarding.
Expert commentary: Institutional allocations often follow clear regulatory milestones. As one market observer noted in press coverage, regulatory approvals and transparent audits can unlock rapid capital flows — see recent reporting for context: Bybit strengthens security after the $1.4 billion hack.
- Effective date: October 31, 2025 (onboarding pause)
- Incident: Estimated $1.5 billion breach in February 2025
- Attribution: Suspected Lazarus Group, per industry reporting
- Executive: Ben Zhou, Bybit CEO
In brief: Bybit’s temporary halt to new Japanese sign-ups is driven by heightened regulatory expectations and the need to demonstrate robust audits after a major security incident. The timing for resuming onboarding will depend on audited proof-of-reserve results, clearer FSA guidance, and demonstrable operational changes.