Bybit’s Lazarus Security Lab has identified 16 blockchain networks with built-in or easily enabled mechanisms to freeze or restrict user funds — a discovery that reignites long-standing debates around censorship resistance in crypto.
Exchanges uncover fund-freezing mechanisms across major chains
A new report published on Tuesday by Bybit’s Lazarus Security Lab analyzed 166 blockchain networks using AI-driven tooling and manual code review. The team found 16 chains with active fund-freezing capabilities and another 19 that could introduce the feature with minor modifications.
The researchers highlighted that chains such as Binance-backed BNB Chain are hardcoded with explicit freezing logic at the protocol level. Meanwhile, ecosystems like Cosmos could adopt similar restrictions through small changes to existing modules.
The findings raise a critical question: how decentralized are these networks in practice?
Three categories of freezing mechanisms emerge
According to the report, the 16 blockchains fell into three primary categories:
- Hardcoded freezing or public blacklist (baked directly into source code)
- Config-file-based freezing or private blacklist (controlled by validators/core devs)
- Onchain smart-contract-controlled freezing (managed via contract-level logic)
Bybit’s research shows that 10 of the 16 chains rely on configuration-file freezing. These systems allow validators — or in some cases the chain’s foundation — to block specific wallet addresses by adjusting local YAML, ENV, or TOML files.
Layer-1s cited in this category include Aptos, Sui and Eos.
Five chains, including BNB Chain, VeChain, Chiliz, XinFin’s XDC Network, and Viction, were flagged for having hardcoded freezing functions in their repositories.
Heco (Huobi Eco Chain) is unique in that its blacklist is managed through an onchain smart contract, giving protocol administrators the power to freeze funds on-demand without codebase changes.
VeChain disputes the findings, citing community governance
VeChain quickly responded to the report, rejecting the claim that its chain includes hardcoded freezing logic. The team referenced the well-known $6.5 million VET hack from 2019, explaining that the blocked funds were frozen via a one-time governance-approved blacklist, not a permanent protocol feature.
VeChain emphasized that the action was executed through consensus-level checks activated by community vote — not by a built-in authority function controlled by the foundation.
The project stressed that VeChainThor does not have any unilateral freezing function embedded in its source code.
Cointelegraph reached out to Bybit for comment, but as of publication, the Lazarus Security Lab has not responded to VeChain’s rebuttal.
19 more chains could enable freezing through minimal upgrades
Beyond the 16 that already support freezing, Bybit identified 19 additional blockchains with latent freezing capabilities. Many of these belong to the Cosmos ecosystem, where module accounts — accounts controlled by protocol logic rather than private keys — could theoretically be modified to restrict transactions.
The report states that enabling freezing would require a hard fork and “minor adjustments,” likely within the chain’s anteHandler or other pre-execution logic.
Bybit stressed that while none of these networks currently use the system to freeze assets, the existence of the mechanism creates risk:
“Even when designed for theft mitigation, these controls raise deep concerns about censorship, emergency powers, and the erosion of decentralization.”
Emergency controls spark broader debate on decentralization
Bybit’s discovery arrives at a time when many blockchains are introducing admin-level controls, compliance modules, and emergency recovery features — often in the name of security.
But these tools also give core teams and validator groups sweeping authority, blurring the line between decentralized networks and centrally governed infrastructure.
The report follows one of the largest exchange hacks in crypto history — Bybit’s $1.5 billion cold-wallet breach. Through cooperation with Tether, Circle, THORchain, Bitget, and others, more than $85 million of stolen assets were quickly frozen or recovered, demonstrating both the benefit and complexity of these intervention tools.