Bybit freeze exposé highlights decentralization transparency issues
A report from Bybit’s “Lazarus Security Lab” today claims 16 blockchains have built-in fund freezing measures, while an additional 19 are capable of the same freezing with some minor tweaks, raising concerns about decentralization and transparency.
Researchers used artificial intelligence (AI), alongside manual review, to look into 166 different blockchains to determine their freezing capabilities.
The full report found 16 chains utilizing three methods of freezing mechanisms, such as hardcoded public blacklists, config file-based freezing methods utilizing private blacklists, and a blacklist enforced through an on-chain smart contract.
Hardcoded freezing mechanisms are built directly into the chain and are utilized by Binance’s BNB Chain, as well as Chiliz, Viction, XDC Network, and VeChain.
Read more: FBI confirms North Korean ‘TraderTraitor’ to blame for $1.5 billion Bybit hack
The config file-based freezing is utilized by Harmony ONE, HAVAH, Apts, Supra, EOS Network, Oasis Network, WAX, Sui, Linea, and Waves. This method relies on a blacklist stored in local configuration files and managed by validators, the foundation, and core developers.
Only the HEC chain, otherwise known as the Huobi Eco Chain, utilizes on-chain smart contracts.
Indeed, BNB Chain and VeChain were able to use their hardcoded freezing methods in response to a $570 million bridge exploit and a $6.6 million breach, respectively, while Sui froze $162 million in stolen assets following the Cetus hack.
The report also found that 19 blockchains could implement these methods with some “relatively minor protocol changes.”
These blockchains include Arbitrum, Cosmos, MANTRA, Terra, Axelar, Babylon, Celestia, dYdX, Dymension, Dymension DYM Evm, Evmos, Initia, Kava, Nillion, OKExChain, THORChain, Sei, Secret Network, and XION.
Bybit’s Lazarus Security Lab calls for greater freeze transparency
Bybit’s report suggests that blockchain foundations and firms are not being fully transparent about their freezing capabilities, and in turn, the extent to which they are truly decentralized.
It concluded, “The presence of these mechanisms fundamentally challenges the foundational principles of a decentralized ecosystem and necessitates further discourse within the blockchain community, but it has prevented hackers from stealing funds.”
An openness about these on-chain freezing capabilities and emergency intervention mechanisms, it says, is key to blockchain governance and should be publicly disclosed more often.
A31 Labs’ Armin Reiter notes that any blockchain can implement freezing. He argues that the real differentiator is “how decentralized a system is and if the validators/miners accept the change or not.”
Read more: Garantex says ‘USDT in Russian wallets under threat’ as Tether freezes $27M
He claims that such freezes will not be implemented on Bitcoin because there is strong community consensus against it and that the most important takeaway is which chains have already accepted these tradeoffs.
In some cases, these freezing mechanisms have failed. Crypto security firm GoPlus Security highlighted that the hacker of DeFi exchange Balancer bypassed a freeze on the Sonic chain, and moved roughly $3 million worth of crypto from a frozen address to a new one.
The firm claimed the hacker was able to do this because the freeze only affected its native token and not other ERC20 tokens.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.