Bybit Report Exposes Fund Freezing Tools in 16 Prominent Blockchains
Bybit's Lazarus Security Lab has released a comprehensive study that spotlights a surprising feature in 16 major cryptocurrency blockchains: the ability to freeze user funds at the protocol level. Titled "Blockchain Freezing Exposed: Examine The Impact of Fund Freezing Ability in Blockchain," the 37-page document marks the first broad examination of these mechanisms, which allow foundations or validators to blacklist addresses and halt transactions during security breaches. This discovery stems from the Sui Foundation's swift action in the $223 million Cetus hack on May 22, 2025, where frozen assets prevented further losses but ignited fresh discussions on blockchain autonomy.
The report's analysis covers 166 blockchains supported by Bybit, revealing how these freezing tools echo traditional banking controls within supposedly decentralized networks. Researchers employed AI-assisted code scans alongside manual reviews to identify patterns across chain families like EVM and Cosmos. While such features have helped recover millions in past exploits, they prompt users to weigh enhanced security against the core promise of unassailable ownership.
Stay In The Loop and Never Miss Important Crypto News
Sign up and be the first to know when we publishFreezing Mechanisms and Their Reach Across Chains
At the heart of the study lie 16 blockchains equipped with active freezing capabilities, divided into three distinct approaches that intervene at various transaction stages. Hardcoded public blacklists, embedded directly in source code, appear in chains such as Chiliz, BNB, and VeChain, where updates require forking the codebase for visibility and accountability. Config file-based private blacklists dominate in networks like Aptos, Sui, and EOS, relying on validator-accessible files that take effect after node restarts, offering quicker but less transparent responses. Onchain smart contract freezing rounds out the trio in Heco, where a dedicated contract enables real-time updates without network disruptions.
These tools primarily target native tokens on layer 1 chains or both native and project tokens on layer 2s, filtering actions like transfers during signature checks or pool processing. The report documents their use in high-profile incidents, including the 2022 BNB bridge exploit where blacklisting contained over $460 million in potential losses, and the 2019 VeChain hack that locked 469 addresses to safeguard $6.6 million. Sui's response to the Cetus breach, approved by a 90.9% validator vote, recovered $162 million, demonstrating the practical value even as it underscores reliance on centralized decision-making.
| Freezing Method | Blockchains (Count) | Description | Example GitHub Links |
|---|---|---|---|
| Hardcoded (Public Blacklist) | CHILIZ, VIC, XDC, BNB, VECHAIN (5) | Blacklist embedded in source code (e.g., Go files); visible on GitHub; requires code updates/forks for changes. Used post-hacks for quick containment. | - CHILIZ: core/types/blacklist.go - BNB: core/types/blacklist.go - VECHAIN: thor/blocklist.go |
| Config File-Based (Private Blacklist) | ONE, HVH, APTOS, SUPRA, EOS, ROSE, WAXP, SUI, LINEA, WAVES (10) | Blacklist in local files (e.g., YAML/TOML); accessible only to validators/foundations; effective after node restart. Common in Rust/Go-based chains. | - APTOS: aptos-transaction-filters/src/block_transaction_filter.rs - SUI: sui-config/src/transaction_deny_config.rs - LINEA: validators/AllowedAddressValidator.java |
| On-Chain Smart Contract | HECO (1) | Blacklist managed via smart contract (AddressListContract at 0x000000000000000000000000000000000000F004); validators query ABI; no restart needed. Unique to HECO for instant updates. | N/A (Details in report Section 1.2.4; contract methods: getBlacksFrom, getBlacksTo) |
Beyond the active cases, 19 additional blockchains harbor the groundwork for similar features through simple code tweaks, particularly in Cosmos and EVM ecosystems like Atom, Celestia, and Sei. Patterns emerge by chain family: EVM networks often place logic in transaction pools influenced by BNB's model, while object-based systems like Sui and Aptos favor Rust-configured denials. This clustering highlights how architectural similarities propagate both innovations and vulnerabilities across the space.
The methodology behind the findings blends cutting-edge tools with rigorous checks to ensure accuracy. Teams started with targeted tests on Sui, then scaled prompts for Claude-4.1 Opus to sift through repositories for blacklist indicators, runtime loading, and authority controls. Manual audits addressed artificial intelligence pitfalls, such as mistaking user-level restrictions for admin powers, and accounted for split repositories that could hide mechanisms. Limitations persist, like overlooking dynamic config flags or commit histories, yet the hybrid approach delivers a scalable blueprint for future audits.
Freezing's role in blockchain evolution often follows crises, with features added reactively; Aptos implemented its system just a month after the Cetus event. No instances of abuse surface in the data, but the potential for regulatory overreach can take shape, especially in permissioned environments. Users and developers gain clear guidance: scanning GitHub for blacklist code becomes essential before committing to a chain, favoring models like Bitcoin's UTXO that resist such interventions entirely.
Transparency stands as the report's quiet cornerstone, with GitHub links inviting verification and community input to refine these assessments. As crypto hacks persist, balancing rapid containment with unyielding decentralization remains a pivotal challenge for the industry. This work equips users, traders, and builders, with the insights needed to wade through an ecosystem where security and sovereignty are paramount.