Overview
- Bybit’s Lazarus Security Lab audited about 166 networks using AI-assisted analysis and manual review, identifying 16 with active fund-freezing code and 19 that could add it with minor changes.
- The report outlines three approaches to freezing: hardcoded protocol rules, configuration managed by validators or foundations that often requires node restarts, and on-chain system-contract controls.
- Hardcoded freezing is used on BNB Chain, VeChain, Chiliz, Viction (VIC), and XDC, while configuration-based controls are available on Sui and Aptos among others, and Huobi ECO Chain employs smart-contract blacklists.
- Freezing powers have been exercised after exploits, including BNB’s response to a $570 million bridge hack in 2022, VeChain’s 2019 blocklist of 469 hacker addresses, and Sui’s $162 million lock following the Cetus DEX attack in 2025.
- Bybit says these mechanisms can mitigate losses but conflict with blockchain’s censorship-resistance goals, calling for clearer disclosure and governance across affected ecosystems such as Arbitrum, Cosmos, Axelar, Babylon, Celestia, and Kava.