Bybit Sounds Alarm on BNB Chain, Aptos, and Sui’s Power to Freeze Funds

A new report from Bybit’s Lazarus Security Lab reveals that 16 major blockchains can freeze or restrict user funds. The report, titled “Blockchain Freezing Exposed,” examines how networks control transactions during hacks or security breaches.

Researchers examined 166 blockchains with AI and manual inspections. Fund-freezing capabilities are already present in sixteen networks currently. Another 19 could include similar tools with relatively small protocol alterations. 

The report identifies three degrees of freezing. Hardcoded freezing is a feature of the blockchain code used by BNB Chain and VeChain. Setting-based freezing is established on validators or base settings, as observed on Sui and Aptos. On-chain freezing of contracts is realized through system contracts, such as HECO’s approach.

Sui Aptos and BNB Chain Freezing Response

Real-world events demonstrate the way in which these controls are applied. In May 2025, Cetus, a decentralized exchange operating on Sui, was the victim of a $223 million hack. The attacker used a vulnerability in its math library to drain liquidity pools. The Sui validators and the foundation took concerted action to freeze $162 million and prevent further losses.

In late the Sui community had a vote about governance. Approximately 90.9% of validators voted to recover the frozen funds. The funds were transferred to a Cetus multisignature wallet. 

Both Sui and Aptos are programmed in the Move programming language, designed for secure smart contracts. But Sui has had cooling characteristics since April 2023.

Aptos tacked them on only after the Cetus hack began drawing wider attention. On July 4, 2025, Aptos released the Banging tool, TransactionFilter, to filter blacklisted transactions.

This upgrade permitted validators to deny transactions coming from potentially harmful addresses. The blacklist is modifiable in configuration files, but each addition or removal requires a node restart. 

BNB Chain previously had a similar case. On October 6, 2022, a vulnerability was exploited by hackers on the IAVL tree proof system. They made fake proof of withdrawal and issued 2 million BNB. The loss amounted to around $570 million. The network halted operations in an effort to stem the breach.

Bybit Urges Transparency in Blockchain Freezing Powers

Developers later updated the protocol. They blacklisted the attacker’s wallet at the blockchain level. In response, some of the stolen coins were frozen, and stability was partially restored. It was one of the first protocol-level fund freezes in the industry.

VeChain provided an early example in 2019 when it froze assets following a $6.6 million theft. According to the report, Cosmos could become compatible with those tools as well by way of its modular design.

Many networks now employ pragmatic security measures to protect users, said David Zong, top crypto exchange Bybit. It’s also essential that these tools are transparent, he said, both for trust and governance.

The report comes as the DeFi sector confronts growing security threats. The Balancer hack sucked $129 million of value from across Ethereum, Base, and Berachain, deepening concerns in the industry. 

The exploit allowed attackers to swap liquid staking tokens for ETH immediately. PackShieldAlert found that the stolen funds consist of WETH, wstETH, sfrxETH, osETH, and rsETH. The mishap points to strengthening security vulnerabilities in DeFi and validates Bybit’s push for increased transparency.