Bybit Uncovers Hidden Fund-Freezing Codes in 16 Major Blockchains

Bybit’s Lazarus Security Lab has identified fund-freezing mechanisms embedded in 16 major blockchain networks. The findings challenge long-held assumptions about immutability and decentralization in distributed ledger systems.

Bybit’s Lazarus Security Lab has released a report revealing that, after reviewing 166 blockchain networks, 16 blockchains were found to have built-in fund freezing capabilities, while another 19 could enable such features with minor protocol changes. The freezing mechanisms… pic.twitter.com/JzmuFcrbpT

— Wu Blockchain (@WuBlockchain) November 12, 2025

The report titled “Blockchain Freezing Exposed: Examine the Impact of Fund Freezing Ability in Blockchain” represents the first comprehensive analysis of emergency intervention capabilities across blockchain networks.

Researchers examined 166 blockchain systems using AI-driven detection combined with manual verification.

Beyond the 16 chains with active freezing functions, another 19 could implement similar mechanisms through relatively minor protocol adjustments. The discovery raises questions about the balance between security and decentralization in blockchain governance.

Bybit Identifies Three Distinct Freezing Mechanisms

The research categorizes fund-freezing capabilities into three distinct types. Hardcoded freezing is built directly into blockchain code, as seen in BNB Chain and VeChain implementations.

Configuration-based freezing operates through validator or foundation settings. Sui and Aptos utilize this approach, allowing authorized entities to restrict specific addresses through governance mechanisms.

On-chain contract freezing functions through system-level smart contracts. HECO employs this method, executing restrictions via predetermined contract protocols.

Sui froze $162 million in stolen assets following the Cetus hack. Aptos subsequently added blacklisting functions in response to the incident.

BNB Chain deployed hardcoded blacklists to contain a $570 million bridge exploit. VeChain established an early precedent in 2019 by freezing funds from a $6.6 million breach.

Cosmos’s modular account design may enable similar interventions in future scenarios. The architecture provides flexibility for implementing emergency response mechanisms.

“Blockchain was built on the principle of decentralization — yet our research shows that many networks are developing pragmatic safety mechanisms to respond quickly to threats,”

said David Zong, Head of Group Risk Control and Security at Bybit.

Lazarus Group Eludes Tracking Efforts

Meanwhile, Bybit CEO Ben Zhou revealed on April 21 that 27.6% of the Lazarus Group’s stolen cryptocurrency has disappeared from traceable channels. The group allegedly controls approximately 500,000 ETH in stolen assets.

3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…

— Ben Zhou (@benbybit) March 4, 2025

Zhou reported that 68.6% of stolen funds remain traceable through blockchain analytics. Only 3.8% have been successfully frozen by exchanges and law enforcement agencies.

“Funds are being funneled through mixers, then bridged across networks before landing on peer-to-peer and OTC platforms. This makes them incredibly hard to trace or recover,”

Zhao stated

The Lazarus Group employed Wasabi mixer to obscure Bitcoin transactions initially. Funds subsequently moved through CryptoMixer, Tornado Cash, and Railgun privacy protocols.

Approximately 432,748 ETH, representing 84.45% of stolen Ether, was converted to Bitcoin using Thorchain protocol. Nearly 67.25% was distributed across more than 35,000 separate wallets.

On Ethereum, around 5,991 ETH valued at $16.77 million remains scattered across over 12,000 wallets. Investigators traced 944 BTC, roughly $90.6 million, laundered through Wasabi alone.

Bybit’s Lazarus Security Lab constructed an AI-assisted detection framework to identify blacklisting, transaction filtering, and dynamic configuration capabilities. Human researchers validated each finding to ensure accuracy.

The study concludes that transparency around emergency intervention mechanisms should become a core pillar of blockchain governance. Projects should publicly disclose whether and how they can intervene in on-chain activity.