Major Blockchains Can Freeze Your Funds, Bybit Report Reveals 

Bybit, a leading centralized cryptocurrency exchange (CEX), has released a new report that reveals that most major blockchains aren’t as decentralized or trustless as they appear or are believed to be.

For this report, titled “Blockchain Freezing Exposed: Examine The Impact of Fund Freezing Ability in Blockchain,” Bybit’s Lazarus Security Lab conducted an extensive investigation into the “fund freezing“ capabilities across blockchain networks.

This research was motivated by the Sui Foundation’s intervention to freeze assets stolen from the Cetus protocol. The event that occurred earlier this year sparked a community debate over decentralization and control.

So, Bybit went on to analyze just which blockchains have fund-freezing mechanisms in place or could easily implement such a measure. 

For this assessment, they combined AI-assisted code scanning with manual review. While AI agents were trained to identify relevant code patterns and governance features, manual verification ensured the accuracy of the results.

What the exchange found was that more than 20% of the blockchains that they looked into have active freezing capabilities or could easily do so if needed in the future. 

These findings challenge the decentralization narrative of the cryptocurrency space, especially for major chains that are widely used and host tens of billions of dollars. While the ability to freeze assets can help these chains recover funds in case of a theft or hack, it also gives them the power to unilaterally restrict access to users’ money.

Ironically, this very power is exactly what blockchains were originally designed to eliminate.

By retaining central control mechanisms, these permissionless blockchains are essentially acting like traditional finance (TradFi) systems, where banks, financial institutions, and even governments have a history of freezing user accounts at will.

This revelation by Bybit not only has implications for users of these chains, as they become aware that they may not really be fully in control of their assets on certain networks, but also for regulators, who may view “decentralized“ networks differently in regard to legal enforcement.

How Blockchain Fund Freezing Reintroduces Centralized Control

Blockchain is a public distributed ledger where all the transactions are available for anyone to check and verify.

A key feature of public blockchains like Bitcoin (BTC +0.44%) and Ethereum is decentralization. Unlike the TradFi system, where a centralized entity is in control, these permissionless blockchains are maintained by a group of nodes, which validate new transactions, store their record, and ensure the security and integrity of the network.

Having no governing authority means that anyone from anywhere in the world can directly access the blockchain from the web and utilize its services.

Besides being decentralized, another great feature of blockchain technology is its immutability, which means that if something is recorded, it can’t be changed. This immutability makes sure the technology remains a permanent, unalterable network. Together, these features enhance the security of a network.

But as Bybit reveals, popular blockchains might not be that different from mainstream centralized networks as we believe them to be.

Fund freezing is being actively enforced in the blockchain world. The act involves a foundation locking the assets of a user without their consent, a capability that is against the core ideas of decentralization.

“Blockchain was built on the principle of decentralization — yet our research shows that many networks are developing pragmatic safety mechanisms to respond quickly to threats.“

– David Zong, Head of Group Risk Control and Security at Bybit

According to the Bybit analysis, among the 166 blockchains reviewed, there are 16 networks that have native freezing mechanisms in place. They contain code that allows developers or governance bodies to freeze user funds.

These blockchains include BNB Chain (BNB +0.4%), VeChain (VET -0.88%), Chiliz, Viction (VIC), XDC Network, Harmony ONE, HVH, Aptos , Supra, EOS (EOS +0.4%), Oasis Network (ROSE) (ROSE -0.94%), WAXP (WAXP -9.69%), Sui, Linea, Waves (WAVES -1.14%), and HECO.

Separately, Ethereum is the leading network for building decentralized finance (DeFi) applications. Out of the almost $135 billion worth of total value locked (TVL) in DeFi, Ethereum accounts for 57% of it at nearly $78 billion, followed by Solana (SOL +0.43%), which is hosting $10 billion, then BSC at $7.54 billion, Tron (TRX -0.62%) at $4.87 billion, Arbitrum at $3 billion, and Avalanche (AVAX -0.48%) at $1.45 billion.

While the 16 identified chains only represent less than 10% of all networks analyzed, the report also notes that another 19 blockchains – including Arbitrum, Cosmos-SDK chains such as dYdX, and Sei, and several others – could potentially support freezing in the future, highlighting how common protocol-level control mechanisms may become over time.

Ethereum is also the preferred network for the real-world asset (RWA) tokenization efforts that have captured the interest of mainstream institutions. Of $17.20 billion of total RWA that’s on-chain, Ethereum is responsible for $11.7 billion of it, followed by ZKsync Era ($2.34 bln), Polygon (MATIC +3.51%) ($1.65 bln), Avalanche ($1.23 bln), Aptos ($1.22 bln), BNB Chain ($900 million), Solana ($800 million), Arbitrum ($775 million), and Stellar (XLM +0.18%) ($654.5 mln).

Besides the 16 chains that have freezing capabilities at the protocol level, 19 other blockchains have been identified by the Bybit team that can easily implement similar controls. It would require only small tweaks in their protocols, and then they can also freeze user funds easily.

The report does acknowledge the practical security reasons for freezing functions, noting how Sui was able to freeze $162 million of stolen funds after the Cetus hack. In similar moves, BNB Chain utilized these measures to blacklist addresses involved in a $570 million bridge exploit back in 2022, and a few years before that, VeChain halted $6.6 million worth of compromised tokens.

Having freezing mechanisms embedded into the very infrastructure of these chains means these networks could leverage them as emergency tools to mitigate damage and protect their users.

This makes sense in the light of rising crypto-related crimes. According to Chainalysis, a total of $40.9 billion in funds were received by illicit addresses in 2024, which, however, could actually be closer to $51 billion.

“Although illicit activity on-chain previously revolved heavily around cybercrime, cryptocurrency is now also being used to fund and facilitate all kinds of threats, ranging from national security to consumer protection. As cryptocurrency has gained greater acceptance, illicit on-chain activity, too, has become more varied,“ stated the blockchain analytics company in its 2025 Crypto Crime Trends report.

A report on crypto crime by TRM Labs, meanwhile, reported that illicit volume dropped 24% from the year prior, and it only amounted to 0.4% of overall crypto volume, which grew to $10.6 trillion last year.

As for the chains, Tron blockchain accounted for the largest percentage of illicit crypto activity at 58% followed by Ethereum at 24% of illicit volume. BSC and Polygon accounted for 3% illicit volume each, which shows “continued preference for blockchains that have low transaction fees, smart contracts, and popular stablecoins.“

Notably, Bybit itself suffered a $1.5 billion hack earlier this year, the largest exploit on record. The North Korean state-backed Lazarus Group was responsible for exploiting one of the exchange’s Ethereum cold wallets.

While cross-chain DEX Chainflip, through which the hacker moved some of the funds, stated they can’t fully block, freeze, or redirect funds, due to being a “fully decentralised protocol,“ Bybit was able to recover some of the funds with the help of Tether (USDT -0.02%), Circle, THORchain, FixedFloat, ChangeNOW, Avalanche, CoinEx, and Bitget. mETH Protocol also recovered $43 million worth of stolen tokens.

So, having freezing mechanisms means blockchain can be used to limit or recover the stolen assets and even help prevent money laundering or terrorist financing. Despite this, the negative aspects of such control features simply can’t be ignored.

Blockchains having the authority to intervene in user transactions undermines the principles of decentralization and censorship resistance that these chains are built on. Such authority creates central points of control that can be leveraged by their developers, foundations, or governance councils to block transactions arbitrarily, thereby diminishing the neutrality of the network.

Moreover, with almost 70% of freezing events occurring at the validator or consensus layer, this process isn’t really transparent to end users. And it is through transparency that trust is built, emphasizes Bybit.

“Transparency around emergency intervention mechanisms should become a core pillar of blockchain governance,“ stated the report, and urged blockchain projects to declare it publicly if they have any mechanisms in place that allow them to intervene in on-chain activity.

Different Ways Major Networks Can Halt User Funds

Bybit launched a comprehensive investigation into blockchain networks with the goal of examining the impact of fund freezing ability in the fast-evolving digital asset landscape and bringing greater transparency into how the different mechanisms operate.

Their in-depth code reviews of blockchain repositories revealed 16 chains with protocol-level freezing capabilities. This means a blockchain’s foundation or governance group can completely block specific addresses of their choosing, as per Bybit. And once the address has been blacklisted, all the tokens within it become inaccessible to the owner, and no one else can access the address until it gets removed from the blacklist.

Among these chains, the Bybit team found three main methods for freezing funds at the protocol level.

Swipe to scroll →

Hardcoded Blockchain Freezing (Public Blacklists)

The first one is the hardcoded freezing mechanism, or public blacklist, which is directly embedded into the blockchain.

As the report details, this method was first utilized by VeChain after a hacker stole $6.6 million worth of VET tokens from the project’s buyback wallet. The VeChain Foundation blacklisted 469 addresses that were associated with attackers and introduced a function that blocked them from signing on-chain transactions, effectively preventing them from interacting with the blockchain and liquidating the stolen funds.

The BNB (BNB +0.4%) Chain is yet another blockchain, besides two others, to have this capability. The blockchain, launched by leading CEX Binance, used the hardcoded freezing mechanism after a security breach on its cross-chain bridge allowed the attacker to forge withdrawal proofs and mint $570 million worth of BNB tokens. Hardcoded blacklisting allowed the chain to contain the attack, with only about $110 million of it successfully moved off-chain.

This freezing ability provides the benefit of “swift remediation of financial damage to an ecosystem,“ by preventing the movement or liquidation of stolen assets.

Configuration-based Freezing

The second method is configuration-based freezing, which is controlled through validator settings or foundation tools.

In this case, the blacklist of addresses is managed and updated in local configuration files like TOML, ENV, or YAML, that only core developers, validators, or the project foundation can access. This is unlike BNB Chain’s public list of blacklisted addresses, which can be viewed by anyone.

The configuration-based fund-freezing capability was employed by Sui Foundation and validators when a DEX built on it, Cetus, got hacked for $223 million. What they did was add the addresses related to the attackers to their configuration files and restarted the nodes, thus blocking them from signing transactions on-chain.

Besides Sui, nine other chains have this specific capability.

After freezing the address, the SUI team recovered the funds from the hacker’s address, for which the community passed a governance vote with a 90.9% approval. 

Bybit also noted Aptos (APT +1.59%) updating its code to include a blacklisting function shortly after the Sui attack. Both Aptos and Sui use the Move programming language for smart contracts. The update allows transactions to be denied based on blacklisted addresses.

This pattern has been observed by Bybit across chain groups, such as EVM, Cosmos, and UTXO, with those belonging to the same group showing similar characteristics.

“The cornerstone of blockchain is its ability to process transactions in (a) decentralized way. The function used in SUI, and those recently updated in Aptos, demonstrates its resilience to hacking and prompt risk management methods to recover their lost funds. However, it also shows centralization power to the blockchain community.“

– Bybit

On-Chain Smart Contract Freezing Method

The third main mechanism is on-chain contract freezing, implemented via system-level smart contracts.

According to Bybit’s analysis, managing a blacklist through an on-chain smart contract is a unique approach that’s used exclusively by the HECO chain. This setup lets validators block targeted wallets immediately, without rebooting nodes or pushing a new software release, because the blacklist is enforced directly by a system-level smart contract. HECO basically allows an admin address to directly add any address to the blacklist, with the update taking effect immediately.

To check the list, validators query the application binary interface (ABI) of the smart contract.

How Bybit Used AI to Detect Blockchain Fund Freezing Code

While Bybit has found several major blockchains with the functionality to freeze funds, most of the networks haven’t made any disclosures about them in their public documentation. As a result, the exchange’s research team had to take a deep dive into their code, which wasn’t an easy task, given the massive amounts of it.

To overcome this challenge, they turned to artificial intelligence (AI), which excels at handling vast amounts of data with a level of speed and efficiency that’s simply not possible for humans. Bybit didn’t rely on AI alone but rather used it in combination with human expertise to ensure accuracy.

So, the Lazarus Security Lab developed an AI-assisted detection framework to examine the codebases of 166 blockchain networks for modules that enable transaction halts, address filtering, blacklisting, or dynamic configuration updates.

Before deploying the optimized system across all networks, they tested their AI with Sui, which Bybit knew through business operations that it employs address-freezing mechanisms. Then, using the chain’s codebase, ran tests with multiple prompt variations to find the version with the highest accuracy.

Using the technology that’s seeing widespread adoption across sectors and, according to Cambridge researchers, has a clear advantage in data analysis and predictive modelling, Bybit was able to “greatly“ improve its efficiency. But AI usage wasn’t without its challenges.

The report points to the misidentification of role-based freezing authority, which was due to the way the prompt was designed, adding that this underscores the need for manual review as a critical part of verification.

Another key limitation of AI that they encountered was “surface-level code scanning without deep runtime analysis.“ The solution to this issue, the report noted, is to refine the prompts to explicitly express your problem.

Again, the best way to go about it is also using a dual approach, which combines AI detection with manual review. This provides “the most reliable way to capture both surface-level usage and the deeper architectural choices that determine real vulnerability exposure,“ noted the team.

Yet another detail that researchers may overlook when conducting large-scale blockchain codebase analysis is the distribution of core functionality across multiple repositories. Such an architecture split, Bybit noted, is pretty common in the latest L2 solutions.

Instead of treating each of these repositories as standalone systems, as the Bybit research team did, they should be seen for what they are: “interconnected parts of a larger blockchain infrastructure” that must be accounted for.

What Crypto Investors Should Learn From Bybit’s Fund Freezing Report

So, with a combination of customized AI agents and deep-level manual code analysis, Bybit has found that multiple major blockchains either possess built-in freezing abilities or have the potential for such functionalities. 

These mechanisms fundamentally challenge the foundational principles of a decentralized ecosystem, but at the same time, they have helped protocols prevent bad actors from stealing funds. And with this report, Bybit has exposed this crucial tension between security and decentralization in modern blockchain design.

In addition to bringing the security versus censorship trade-off into the limelight, Bybit has created an AI framework that can set a precedent for large-scale code analysis in blockchain security research.

But more importantly, there needs to be better governance and greater transparency across the industry. “As crypto matures, clear and transparent safety mechanisms will help build lasting trust among users and institutions,“ the study concludes.