What to Know:
- A Bybit Lazarus Security Lab study found 16 major blockchains contain built-in fund-freezing code, with another 19 networks capable of similar interventions through minor protocol changes.
- The report highlighted three types of freezing mechanisms, hardcoded logic, validator-controlled settings, and on-chain system contracts.
- Bybit urged greater transparency and standardized governance disclosures, warning that hidden intervention powers challenge crypto’s ideals of immutability and permissionless control.
A new, wide-ranging study from Bybit’s Lazarus Security Lab has revealed that at least 16 major blockchain networks contain code capable of freezing or restricting user funds. This revelation has raised urgent questions about the boundary between emergency response and protocol control. The analysis, which scanned 166 networks using an AI-assisted detection framework and human verification, found that another 19 chains could enable similar interventions with modest protocol changes.
Bybit Lab: Fund-Freezing Code in 16 Blockchains
The report categorises freezing mechanisms into three clear types. Some chains embed hardcoded freezing logic directly into the protocol. Others rely on configuration controls held by validators or foundations. A third category uses on-chain system contracts that can be invoked to block or freeze transactions. Each approach creates a different governance and operational profile, and each carries distinct trade-offs for users and operators alike.
Concrete cases underscore why capability matters. Sui froze roughly $162 million following a Cetus exploit; Aptos introduced blacklisting features in the wake of that breach. BNB Chain reacted to a $570 million bridge exploit by pausing the chain and hardcoding the attacker’s address into a protocol-level blacklist. VeChain’s team froze funds tied to a 2019 breach, setting an early precedent that others have since followed. The report also points to Cosmos, whose modular account design could enable similar emergency measures in future implementations.
Bybit’s team emphasises that freezing tools can serve as blunt but effective emergency brakes in large-scale incidents. When massive theft or exploit activity unfolds, rapid intervention can curb damage, preserve liquidity, and protect users who would otherwise lose funds. The Lazarus lab argued that such pragmatic capabilities are increasingly part of the industry’s defensive toolkit.
Yet the presence of freezing logic also complicates narratives about immutability and decentralised control. Protocol-level blacklists and validator-controlled configurations vest a degree of centralized authority within networks that many users expect to be permissionless. The report urges projects to disclose clearly whether they possess intervention capabilities, and if so, how they are governed and audited.
Transparency is a running theme. To build trust in markets and institutions, Bybit says, projects should publish the mechanics and governance of any emergency tools. Public disclosure would allow wallets, custodians, exchanges and end users to make informed choices about risk. The lab’s recommendation is blunt, intervention capabilities should become a standard element of governance disclosure rather than an afterthought discovered only during crises.
Methodologically, the study combined automated scans for code patterns related to blacklisting, transaction filtering and dynamic configuration with manual review to weed out false positives. That hybrid approach allowed researchers to flag hidden modules in diverse codebases and to verify whether the flagged modules were operational, dormant, or conditional on specific validator actions.
The implications extend beyond technical design. Regulators and institutional participants have long expressed concern about market abuse and illicit finance in crypto. The Lazarus findings suggest networks may already possess the technical means to answer some regulatory demands. But without consistent governance and audit standards, those tools could be applied unevenly or opaquely.
Bybit framed the work as a push for better governance. David Zong, head of group risk control and security at Bybit, noted the tension plainly: networks founded on decentralising power are increasingly building pragmatic safety mechanisms. He urged open dialogue across the industry and called for clearer, standardised disclosures around intervention powers.
Also Read: Crypto Crime Report: T3 FCU Freezes Over $300M in Criminal Assets
