Bybit’s in-house research team, Lazarus Security Lab, has published a report “Blockchain Freezing Exposed” claiming that 16 major blockchains already include code or controls that can freeze or restrict user funds, with a further 19 networks able to add similar tools with relatively minor upgrades. The study examined 166 chains using an AI-assisted scan plus manual review.
What the report says:
Freezing mechanisms fall into three buckets:
(1) hardcoded blacklists embedded in client code,
(2) configuration-based switches managed by validators/foundations, and
(3) on-chain contract lists checked during transaction validation.
Bybit’s examples name networks such as BNB Chain, VeChain, Aptos, Sui, EOS, Linea, Waves, and HECO among those with implemented or configurable controls.
Key implications
Supporters argue these “circuit breakers” can limit exploit damage, for instance, after the Cetus exploit on Sui, roughly $162 million of assets were frozen and later returned following governance votes. Critics counter that such levers amount to centralised kill-switches that undermine censorship-resistance and create governance attack surfaces.
Pushback from projects
At least one named network, VeChain, publicly disputed Bybit’s characterisation, saying its 2019 blacklist action was a community-approved, case-specific response, not a hidden or permanent freeze function. VeChain called parts of the study factually incorrect.
Bybit’s stance: the exchange says the goal is transparency and informed discussion, not to single out chains, arguing that many projects are adding “pragmatic safety mechanisms” as DeFi scales and hack losses rise. The lab urges clearer documentation and stronger governance around any freeze capability.
Bottom line
The report crystallises a live fault line in Web3 design: rapid incident response vs. minimising centralised control. Expect further clarifications from named projects (and more pressure for explicit, audited policies wherever freeze functions exist).
Disclosure: This article is for information only and does not constitute investment, legal, accounting, cybersecurity, or tax advice. Independent verification is recommended; some named projects have disputed elements of the report.
