Overview
- Bybit’s Lazarus Security Lab examined 166 networks with AI-assisted screening and manual code review to identify fund-freezing capabilities.
- The report categorizes three approaches: hardcoded blacklists, validator or foundation configuration files, and on-chain system contracts.
- Named examples include BNB Chain, VeChain, Chiliz, Viction, and XDC (hardcoded), plus Sui, Aptos, Harmony, EOS, Oasis, WAX, and Waves (configuration), with HECO using on-chain contracts.
- Sui froze about $162 million after the May 2025 Cetus DEX hack, BNB limited movement after a $570 million bridge exploit in 2022, and VeChain blacklisted 469 addresses following a 2019 theft.
- Bybit warns these emergency controls can protect users yet undermine decentralization, calling for clearer governance and greater public transparency.