A security research team at the prominent cryptocurrency exchange Bybit has uncovered that 16 blockchain networks possess the technical capability to freeze or restrict user funds. This revelation raises ongoing concerns about the balance between security measures and decentralization in the crypto ecosystem, especially as regulators and developers alike debate the implications of control features embedded within blockchain protocols.
- Bybit’s Lazarus Security Lab analyzed 166 blockchain networks, identifying 16 with fund-freezing functionalities.
- Mechanisms include hardcoded, config-based, and on-chain smart contract controls.
- Networks like Binance’s BNB Chain and Cosmos could introduce or already possess fund-freezing features with minimal protocol adjustments.
- The presence of such controls fuels discussions around centralization and censorship resilience in blockchain ecosystems.
- This report follows recent security incidents at Bybit, highlighting risks and responses within the crypto industry.
A recent analysis by Bybit’s Lazarus Security Lab reveals that several blockchain platforms incorporate mechanisms capable of freezing user funds, highlighting potential vulnerabilities and control points within the crypto space. This comes amid increasing scrutiny of blockchain decentralization, especially as some networks introduce or maintain features that could allow centralized intervention in user accounts.
On Tuesday, the security team released a detailed report examining a total of 166 networks, pinpointing 16 that can technically restrict or freeze assets. Their analysis combined AI-driven review with manual inspection, uncovering that networks like Binance-backed BNB Chain are hardcoded with such fund-freezing functions. Additionally, Cosmos is among the 19 networks that could implement freezing with only minor protocol modifications.
Three main freezing mechanisms
Among the identified networks, Bybit’s team outlined three primary methods for freezing funds at the protocol level:
- A hardcoded freezing function or public blacklist integrated directly into the source code, seen in networks like BNB Chain, VeChain, Chiliz, XinFin’s XDC Network, and Viction.
- Config-file-based freezing, managed through local configuration files such as YAML, ENV, or TOML. These are usually accessible only to validators, developers, or foundation teams. Examples include Aptos, Eos, and Sui.
- An on-chain smart contract-based freezing system, used exclusively by the Huobi Eco Chain (Heco).
Particularly noteworthy is the Heco chain, which manages a blacklist through an on-chain smart contract, offering a different control approach. The report emphasizes that in the Cosmos ecosystem, module accounts—controlled by protocol logic rather than private keys—could potentially be altered to restrict transactions. While such modifications would require a hard fork and minor code adjustments, none have been used maliciously so far.
“Implementing such a change would require a hard fork along with minor adjustments — likely in the anteHandler file — or additional code modifications,” the report states.
The presence of these mechanisms, even when used for security purposes, increasingly blurs the line between decentralization and central control. Critics argue that such features inherently introduce points of censorship and reliance on centralized actors, challenging the core ethos of blockchain technology.
This report follows months after Bybit experienced a significant security breach involving a $1.5 billion cold wallet hack. Despite the incident, coordinated efforts by industry partners successfully froze over $42 million in exploited funds, demonstrating the importance and potential risks associated with existing control mechanisms within blockchain networks.
