Bybit, one of the world’s largest cryptocurrency exchanges by trading volume, has received In-Principle Approval (IPA) from the Securities & Commodities Authority (SCA) of the United Arab Emirates (UAE) to establish a Virtual Asset Platform Operator in the country. The approval, dated February 18, 2025, moves Bybit closer to securing a full operational license, allowing it to offer digital asset services in the region.

The approval comes as Bybit continues to expand its presence in regulated markets, following previous approvals in India, Georgia, Kazakhstan, and Turkey. 

The UAE has positioned itself as a major financial hub for digital assets, with increasing regulatory oversight aimed at integrating cryptocurrencies into the broader financial system.

The approval follows a security breach on February 21, 2025, in which approximately 400,000 Ether (ETH), valued at around $1.5 billion, was stolen from Bybit. 

The Federal Bureau of Investigation (FBI) has linked the attack to the Lazarus Group, a hacking organization affiliated with North Korea. The incident is among the largest cryptocurrency exchange breaches recorded.

Bybit launched LazarusBounty.com, offering a bounty of up to 10% of recovered assets to those providing information that could help intercept the stolen funds. The exchange later confirmed the recovery of $1.4 billion worth of Ether, though it has not disclosed further details on how the funds were retrieved.

The UAE’s regulatory framework requires virtual asset service providers (VASPs) to meet compliance standards, including Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) protocols. Bybit’s IPA does not grant full operational status but allows the exchange to proceed with licensing requirements.

Read more: Bybit $1.5B theft: Crypto's biggest hacks in history