A new security report by Bybit’s Lazarus Security Lab reveals that several major blockchain networks have built-in capabilities to freeze or restrict user funds, raising concerns about decentralization and transparency.
Key Takeaways
- Bybit analyzed 166 blockchain networks, finding that 16 have active fund-freezing functions and 19 more could add them with minor updates.
- Three types of freezing mechanisms were identified: hardcoded, configuration-based, and on-chain contract freezing.
- High-profile cases include BNB Chain, Sui, Aptos, and VeChain using freeze functions to contain exploits and thefts.
- Bybit urges greater transparency in how blockchain projects manage these emergency controls.
What Happened?
Bybit’s Lazarus Security Lab published a comprehensive study titled “Blockchain Freezing Exposed: Examine The Impact of Fund Freezing Ability in Blockchain”. The report analyzed over 160 blockchain networks using AI-assisted tools and manual reviews. The study found that 16 networks actively include code capable of freezing user funds, while 19 others could easily implement such mechanisms.
Bybit’s Lazarus Security Lab has released a report revealing that, after reviewing 166 blockchain networks, 16 blockchains were found to have built-in fund freezing capabilities, while another 19 could enable such features with minor protocol changes. The freezing mechanisms… pic.twitter.com/JzmuFcrbpT
— Wu Blockchain (@WuBlockchain) November 12, 2025
Types of Freezing Mechanisms
The report categorizes fund-freezing capabilities into three types:
- Hardcoded Freezing: Built directly into the blockchain protocol, allowing pre-programmed intervention (e.g., BNB Chain, VeChain).
- Configuration-Based Freezing: Enabled through settings managed by validators or network foundations (e.g., Sui, Aptos).
- On-Chain Contract Freezing: Conducted via system-level smart contracts that can restrict specific wallets or transactions (e.g., HECO).
These capabilities enable networks to respond quickly to hacks or exploitations but also highlight centralized control over what is marketed as decentralized infrastructure.
Real-World Freezing Cases
Several blockchains have already used these tools in notable security incidents:
- Sui froze $162 million in stolen assets following the Cetus hack.
- Aptos introduced blacklisting functions shortly after a related security event.
- BNB Chain used hardcoded blacklists to limit damage from a $570 million bridge exploit.
- VeChain took early action in 2019 by freezing funds from a $6.6 million breach.
The report also notes that Cosmos, due to its modular account design, could develop similar features in future updates.
How the Study Was Conducted?
To uncover these capabilities, Bybit’s Lazarus Lab built an AI-assisted detection system that scanned blockchain codebases for blacklisting tools, transaction filtering modules, and other control mechanisms. Each flagged instance was manually reviewed by researchers to ensure accuracy.
Why Transparency Matters?
Bybit emphasizes that greater transparency in emergency fund control tools is vital for industry trust and user confidence.
David Zong, Head of Group Risk Control and Security at Bybit, stated:
The report calls on blockchain projects to publicly disclose their ability to intervene in on-chain activity and encourages setting clear governance standards for using such powers.
CoinLaw’s Takeaway
In my experience covering the crypto space, this kind of research is long overdue. I found it eye-opening that so many blockchains already have fund control tools in place, even as they continue to promote decentralization as a core value. Transparency is the missing link here. Users deserve to know if their funds can be frozen and under what circumstances. This report is a wake-up call for the entire industry to define where the line is between security and control.
