Bybit’s Lazarus Security Lab has revealed that several blockchain networks possess built-in functionalities capable of freezing funds. This discovery casts doubt on the core principles of decentralization, censorship resistance, and user control over assets within these networks.
The findings reiterate ongoing discussions about the true extent of decentralization, censorship resistance, and the level of control users actually have over their digital assets.
Following a review of 166 blockchain networks, researchers identified that 16 blockchains incorporate direct fund-freezing features. An additional 19 networks have the potential to implement similar functions through minor protocol modifications. These mechanisms vary, encompassing hard-coded logic, configuration-based permissions, and control at the smart contract level.
Different Types of Fund Freezing Mechanisms
The report, titled “Blockchain Freezing Exposed,” categorizes these systems into three primary types: hard-coded logic, configuration file controls, and on-chain contract execution.
Hardcoded logic signifies that the authority to block wallet addresses is intrinsically integrated into the blockchain software itself. This arrangement is already present on networks such as BNB Chain and VeChain.
A second approach, configuration file controls, empowers developers or validators to enable or disable freezing capabilities through configuration files. Newer chains like Sui and Aptos utilize this method.
The third category, the on-chain contract execution model, relies on smart contracts that grant administrators the ability to freeze or unfreeze wallets instantly via specific commands. HECO and Klaytn are among the networks employing this model.
Lessons Learned from Recent Security Incidents
The Lazarus team initiated its investigation subsequent to the Sui Foundation freezing over $160 million in stolen tokens following a significant hack on the Cetus decentralized exchange earlier this year. While this action was widely perceived as a successful measure to protect investors, it also prompted critical questions regarding the locus of power on networks purported to be “decentralized.”
The majority of other blockchains introduced freeze functionalities only after experiencing multimillion-dollar hacks. VeChain implemented its blacklist system in 2019 after a $6.6 million theft, and BNB Chain incorporated similar functionality after suffering a $570 million exploit in 2022.
While these tools are instrumental in recovering stolen funds, they also provide avenues for different entities to interfere, potentially leading to a gradual shift away from security towards centralization.
Balancing Security and Decentralization
The report highlights that freezing tools can offer protection to users and assist in combating fraud. However, they also carry the risk of undermining one of blockchain's fundamental tenets: freedom from centralized control.
More recently developed enterprise-focused blockchains are integrating such controls to meet regulatory or compliance requirements. In contrast, established networks like Bitcoin and Ethereum maintain complete decentralization and do not offer a freeze function.
Some developers argue that these systems are essential for Anti-Money Laundering (AML) compliance and fraud prevention, while others view them as emergency measures. The Lazarus team asserts that the development of such powers must be transparent and collectively governed, rather than being subject to the discretion of any single authority.
AI-Assisted Research Methodology
To conduct its research, the team utilized AI tools to scan open-source blockchain code repositories on GitHub for freeze-related functions, blacklists, and validator permissions. A total of 166 projects were analyzed, with the findings subsequently confirmed by human experts.
This process revealed that while some freezing functions were publicly accessible, others were deeply embedded within code repositories, suggesting that not all users are fully aware of the extent of control held by network operators.
The Evolving Landscape of Blockchain Governance
The report indicates a widening divergence between open, permissionless blockchains that operate purely on community consensus and permissioned networks that grant specific groups a degree of control for security or compliance purposes.
As blockchain technology becomes increasingly integrated into finance and enterprise applications, this gap is projected to widen further. Developers are now confronted with a complex challenge: how to engineer systems that remain secure without compromising decentralization?
The study suggests that while decentralization remains a foundational value for most projects, there is a gradual but discernible shift towards more controlled governance models. The primary challenge lies in ensuring that such control remains transparent, circumscribed, and utilized only in situations of genuine necessity.