Quick Breakdown
- Bybit’s Lazarus Security Lab found undocumented fund-freezing functions on 16 major blockchain protocols.
- The functions enable external parties, such as law enforcement or developers, to restrict asset transfers, raising significant concerns about decentralization and regulatory overreach.
- The discovery applies to widely used networks, potentially affecting the sovereignty of user funds on these platforms.
An investigative report from Bybit’s Lazarus Security Lab has revealed the existence of hidden, or at least undocumented, functions that permit the freezing of funds across a range of 16 major blockchain networks. This disclosure raises alarm bells across the Web3 ecosystem, as it confirms that external entities, beyond the user’s control, possess the capability to restrict asset mobility, directly contradicting the core permissionless and censorship-resistant ethos of decentralized finance (DeFi).
The functions are embedded in the code of these popular protocols, potentially allowing law enforcement, government agencies, or even network developers to intervene and halt transactions. While such a mechanism can be rationalized for necessary actions, like complying with court orders for asset seizure or preventing the flow of illicit funds, its presence and concealed nature represent a critical governance and security vulnerability. This power, if misused or exploited, could lead to unwarranted censorship or the freezing of legitimate user assets.
The tension between decentralization and compliance
The debate surrounding the centralization of control and the need for regulatory compliance has long been a sticking point for the blockchain industry. As the crypto space matures, global financial regulators, including organizations like the Financial Action Task Force (FATF), have pressured platforms to adhere to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) standards. This regulatory drive has resulted in the implementation of “kill switches” or freezing functions, particularly in centralized components of the ecosystem like stablecoins (e.g., $USDC, $USDT), where issuers regularly comply with legal demands to freeze or blacklist addresses.
Calls for audits and transparency
Following the report, there is a renewed industry focus on rigorous security audits and enhanced code transparency. Projects must clearly disclose control mechanisms, such as those uncovered, in both public documentation and smart contracts. A lack of transparency erodes user trust and exposes networks to governance attacks or regulatory risks that could affect all users.
Notably, Bybit is collaborating with Taxbit, a tax compliance platform, to automate global crypto tax compliance for its users. This partnership aims to ensure Bybit complies with the international regulatory frameworks of the Crypto-Asset Reporting Framework (CARF) and the European Union’s DAC8 directive.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
