Bybit’s Lazarus Security Lab has uncovered a concerning trend in blockchain design, revealing that several networks retain the ability to freeze or restrict user funds—an attribute that challenges the very foundation of decentralisation. In its new report, the research arm of the major crypto exchange examined 166 blockchains and identified 16 that are already equipped with mechanisms capable of immobilising digital assets.
The analysis, which combined artificial intelligence with manual code review, revealed that Binance-backed BNB Chain and VeChain are among the networks with hardcoded freezing functions in their source code. Other chains, such as Aptos, EOS, and Sui, use configuration-based methods where validators or core developers can restrict accounts by modifying local configuration files like YAML or ENV. Meanwhile, Huobi’s HECO chain relies on an on-chain smart contract to maintain a blacklist, making it the only network among the group to adopt such an approach.
Bybit’s report categorised three main mechanisms for freezing user funds. The first involves hardcoded or public blacklists embedded directly in a blockchain’s source code. The second is configuration file-based, where only privileged actors can access and modify the parameters that enable freezing. The third is an on-chain contract-based approach, which operates through smart contracts written into the network itself.
Beyond the 16 blockchains identified with active freezing capabilities, the researchers found that 19 other networks—including several within the Cosmos ecosystem—could introduce similar features with only minor protocol adjustments. The report paid particular attention to Cosmos’ module accounts, which are controlled by logic rather than private keys. This design could, in theory, allow for future modifications that restrict specific addresses through hard forks or code alterations.
While some developers argue that such mechanisms are essential for responding to hacks or thefts, Bybit’s security team warned that they could undermine the trustless nature of blockchain technology. The researchers noted that even the possibility of fund restriction opens the door to censorship and centralised governance, eroding the core principles of decentralisation that define crypto networks.
The findings come just months after Bybit itself was hit by a massive $1.5 billion cold wallet hack. The exchange, with support from partners like Circle, Tether, Bitget, and THORChain, successfully froze $42.9 million in stolen assets and helped recover another $43 million through mETH Protocol. However, the incident also underscored the growing reliance on centralised interventions in a supposedly decentralised ecosystem—an irony not lost on the crypto community.
Bybit’s report ultimately raises a critical question for the industry: can a blockchain truly be decentralised if its core developers retain the power to freeze or reverse transactions?
