Blockchain Freeze: How Fund Control Threatens the Core of Decentralization
new pulls back the curtain on one of blockchain’s most controversial powers — the ability to freeze user funds. What begined as an emergency response to hacks is quietly becoming a feature across major networks, challenging the very idea of decentralization.
When “Decentralized” Chains Can Still Hit Pause
Decentralization has long been the industry’s sacred principle. No one should have the power to block or seize your money — that’s what crypto was built to escape. Yet according to , this ideal is eroding quicker than most realize. The team analyzed 166 blockchains and found that 16 of them can freeze user funds at the protocol level. Another 19 could easily enable that functionality with a few lines of code.
The investigation began later than the Sui Foundation froze more than $160 million in stolen assets following the Cetus DEX hack earlier this year. The recovery was swift and effective — and it sparked a firestorm. If a foundation can block a hacker’s wallet, what stops it from freezing anyone else’s?
Investor Takeaway
The Three Faces of Blockchain Freezing
Bybit’s researchers identified three main ways networks are taking control:
- Hardcoded blacklists: Addresses blocked directly in source code, requiring new software releases to change. Used by BNB Chain, VeChain, and others.
- Configuration file freezes: Blacklists managed privately by Block confirmers, updated through YAML or TOML files. Found in Sui, Aptos, and Linea.
- Smart contract freezes: On-chain systems that can blacklist addresses instantly, without node rebegins — HECO Chain’s preferred model.
Each approach gives foundations or Block confirmers control over who can transact — a power once reserved for governments and banks. What’s remarkable is how quietly these tools have been implemented. In many cases, there’s no public documentation or governance framework explaining how they’re used.
Investor Takeaway
How We Got Here: Hacks, Liability, and Control
Every major freeze began with a hack. VeChain added its blacklist in 2019 later than $6.6 million in tokens were stolen. BNB Chain did the identical following a $570 million bridge exploit in 2022. Then came and the DEX incident, which saw the foundation halt stolen funds and later recover them via community vote. Within weeks, Aptos quietly added similar functionality to its codebase.
Each case followed the identical pattern: a major exploit, rapid intervention, and a new layer of centralized control. It’s simple to justify — no one wants to view hundreds of millions vanish — but it also normalizes intervention. Once a foundation has used its power to freeze funds, the precedent is set.
Investor Takeaway
The Quiet Centralization of Web3
Despite their “community-first” branding, many blockchains now operate with centralized governance behind the scenes. In Sui’s case, Block confirmers coordinated directly with the foundation to block addresses. Aptos stores its freeze lists privately in Block confirmer configurations. Only a handful of people know who maintains them or how decisions are made.
Chain’s approach is more transparent — its blacklist is visible in the open-source code — but control still sits firmly with Binance’s developer core. HECO’s smart contract-based freeze mechanism is more flexible, but even there, an admin key decides which addresses live or die.
For all the talk of decentralization, the lines between foundation, Block confirmer, and regulator are blurring quick.
Investor Takeaway
How Codebases Reveal the reality
The Lazarus Lab team didn’t rely on public claims. They dove into GitHub repositories, tracing blacklist functions hidden in Block confirmer and consensus modules. They found common patterns — most notably in the tx_pool and Block confirmer directories — suggesting that freeze logic isn’t an anomaly. It’s becoming an industry template.
diverse blockchain families showed distinct preferences. EVM-based chains like BNB and Chiliz rely on public, hardcoded lists. Rust-based projects such as Sui and Aptos prefer private configuration files. Cosmos-based chains haven’t yet activated freezing but could easily do so by modifying existing modules.
Investor Takeaway
AI Joins the Hunt for Centralization
To handle such a massive dataset, Bybit’s researchers turned to AI. Using Anthropic’s Claude 4.1 model, they trained it to spot blacklists, filtering logic, and runtime configurations across 166 blockchains. The system successfully flagged freezing hooks in dozens of projects — but it wasn’t perfect. In some cases, it mistook user-level blocking (like Symbol’s account restrictions) for true protocol-level freezes. In others, it failed to notice that certain vulnerabilities had already been patched.
The takeaway? Even AI can’t fully map the boundaries of control. The team ultimately confirmed each finding manually, underscoring how murky the concept of “authority” has become in decentralized systems.
Investor Takeaway
The Moral Dilemma: Should Blockchains Ever Intervene?
Supporters argue that freezing functions are simply pragmatic. Without them, hacks like Cetus or the BNB bridge exploit would have wiped out investors. Opponents view it diversely — each intervention chips away at the principle of immutability, where no one, not even a foundation, can alter the chain’s state.
Sui’s governance vote to recover frozen funds was viewn as a success, but it also raised a question: was that democracy, or just decentralized theater? Block confirmers, not everyday users, made the final call. And once a chain freezes funds once, it’s hard to imagine it won’t again.
Investor Takeaway
Regulators Are Watching Closely
The Lazarus report lands at a time when global regulators are beginning to distinguish between “anonymity” and “responsible privacy.” That identical logic is being applied to fund control. Some jurisdictions, like the EU and Singapore, are considering frameworks for emergency on-chain freezes — effectively legalizing what foundations are already doing informally.
This could assist pave the way for institutional participation. Funds and banks might finally feel comfortable using blockchains that can stop illicit transfers. But it also risks splitting the industry in two: compliant chains that can intervene, and purist chains that won’t.
Investor Takeaway
What Comes Next: Transparency or Trust?
closes with a clear warning. The ability to freeze funds is now baked into the blockchain landscape. What matters next is transparency — who has that power, how it’s disclosed, and under what circumstances it can be used. The choice isn’t between centralization and freedom anymore. It’s between honest governance and hidden control.
For investors, developers, and regulators alike, the era of absolute immutability is over. The next phase of crypto’s evolution will be defined by how openly it admits that fact.
