加密貨幣不安的真相：16個主要區塊鏈可凍結用戶資產——去中心化是否面臨風險？

Bybit 的拉撒路安全實驗室新發表的報告指出，許多大型區塊鏈的實際去信任特性並未如表面般完善。作為一個建立於去中心化基礎的產業，這值得警惕。

Bybit 的研究人員透過 AI 驅動分析及人工審查，分析了 166 條區塊鏈的代碼。他們發現，已有 16 條網絡內建資金凍結功能，另有 19 條只需微調協議即可啟用。

這些設計本意是為了防止駭客入侵或非法轉帳，但這一發現再度引發長期疑問：加密貨幣產業基礎的這些系統，究竟有多去中心化？

這項調查起因於一宗備受關注的事件：今年早前，Sui 基金會在 Cetus DEX 被盜後，迅速凍結了逾 1.6 億美元的被竊資產，這種快速的干預引起了劇烈爭論。

若基金會可以封鎖駭客錢包來保護用戶，那它又能否隨意凍結其他人的資產？

這份報告正值 Bybit 自身遭遇重大安全事件之後。

幾個月前，該交易所遭遇了一宗高達15億美元的大型駭客事件，創加密史上最大之一。在那次事件中，Circle 及 Tether 等合作方亦出手，凍結了約4290萬美元的被盜穩定幣，其他協議則幫助追回部分資產。

在危急時刻啟動「暫停」的功能確實有其好處，但同時揭示了一個悖論：加密網絡越依賴這些「殺死開關」對抗風險，就越可能與他們原本要取代的傳統中心化系統變得相似。

凍結加密資金：防駭與去中心化風險的拉鋸

在區塊鏈上，「凍結」帳戶即是令其資金無法移動，完全封鎖轉帳。

實操上，這通常是由區塊生產者（驗證者）或協議變更來阻止被列入黑名單的地址交易。這種緊急權力，近年成為 DeFi 頻繁受駭和詐騙的回應機制。

邏輯很直接：當不法分子偷走巨額加密資產，就要在鏈上及早封鎖，免被洗錢。

例如，在 Sui 因 1.6 億美元 Cetus 漏洞後，基金會立刻在協議層級實施黑名單，鎖定駭客錢包。

同樣，BNB Chain 的開發者亦曾於 2022 年跨鏈橋攻擊後，把黑名單硬編碼進系統，阻止被盜的 5.7 億美元被移動。早至 2019 年 VeChain 亦有相似做法，在其基金會錢包被盜 660 萬美元後啟用黑名單。

這些措施在遏止損失方面確實有效。

「無人希望幾億資金一夜蒸發。」有業內分析師如此形容。

把被盜資產凍結，為專案帶來爭取時間調查、追討或與駭客談判的空間。例如 Sui 案件，社群最後實現治理投票，批准取回 Cetus 盜竊案的凍結資產，把價值還給受害者。

從純安全角度看，「停擺」交易的能力是區塊鏈運營者災害應對的有效工具。

但同樣這種能力，也可能衝擊去中心化精神。公開區塊鏈應該是不可篡改、抗審查的——「以程式為法」。若中央團體能夠追溯阻止或逆轉交易，等同違反這原則。

批評者指，只要有權威能單方面凍結帳上資產，便令人質疑網絡的中立性。

以 Sui 的緊急凍結為例，有社群成員即指這是「背離去中心化理想」，認為表面無需許可的網絡，其實保留了關鍵權限。這帶出尷尬問題：究竟什麼人有權在「去中心化」鏈上啟用 kill switch？什麼情況下才會啟動？未來有否被濫用或擴權之虞？

Bybit 最新報告聚焦安全與主權的日益矛盾。重點結論是這些凍結功能遠比大眾認知普遍——166 條分析過的鏈有 16（將近 10%）原生編好凍結邏輯。其中不少是全球最大網絡，合共佔 DeFi 鎖倉總值 80%，即大部分主流加密活動都在具凍結機制的系統上進行。這與區塊鏈「無人可控」的神話大相徑庭。

從治理角度來看，中心化風險不容忽視。

Lazarus 實驗室指出，他們記錄的大約 70% 凍結事件發生在驗證或共識層，屬於協議深層，普通用戶難以察覺。這些「緊急控制」通常由小圈子——核心開發者、基金會理事會或頭部驗證人——行使，而決策過程卻未必公開透明。與開源區塊鏈代碼相反，這些治理流程往往在暗中或臨時決定。

缺乏透明度再次令人擔心信任會被重新引入本應去信任的系統。正如有人形容，去中心化在驗證者權限介入時已告終結。

凍結機制如何運作

Bybit 報告指，鏈上凍結總體有三大類型：

編碼黑名單

直接把凍結邏輯寫進區塊鏈源代碼。特定地址可以經代碼升級在協議層做封鎖——BNB Chain、VeChain 等即用此方式，須發佈新軟件（或硬分叉）才能增減黑名單。黑名單會公開寫在代碼中，但只有協議開發者或授權者能透過版本更新改動。

配置文件式凍結

更低調手法，由驗證人或節點營運商私下在設定檔（如 YAML, TOML）載入黑名單，軟件於出塊時查核。

這類方式無需改動公共代碼庫，運營者只需事先達成協議、修改設定檔並重啟節點即可。Aptos、Sui、Linea 皆屬擁有該能力的一層主鏈，由驗證者場外協作。因為黑名單只存於節點設定，公眾難以檢視，透明度成疑。

鏈上合約式凍結

協議層級智能合約能即時對帳戶進行黑名單或解凍，直接以鏈上指令控管交易。

Heco（火幣生態鏈）即為一例，實作了一個須由驗證人查核、具黑名單權限的合約。這種方式較為彈性（毋須重啟節點），但最終管理權也歸於擁有管理私鑰的治理者手中。

實際應用

每種方法，本質上都是賦予小圈子成員停擺全網交易的能力——這本是傳統金融銀行或監管部門才能擁有的權力。

值得留意的是，這些機制往往被悄悄編進不少區塊鏈架構。許多專案並未明確公布存在所謂「暫停按鈕」。

功能常常隱藏於代碼庫或設定說明中，而非白皮書或新手文件中重點標示。

這意味著，連用戶甚至部分開發者，往往到緊急時刻才知道鏈上原來有凍結機制。

根據報告，在有凍結功能的 16 條鏈中，有 10 條採用配置文件凍結方式，由驗證人組合「內部」更新節點設定以私下黑名單封鎖地址，如 Aptos、Sui、EOS 等。

因黑名單只於本地配置檔，網絡表面如常，公鏈賬本並未明示哪些地址已被封鎖。唯有參與協調凍結的內部人士（或區塊瀏覽器後期標註該地址零交易記錄）才會揭示干預痕跡。

另外有 5 條鏈則在源代碼中硬編凍結函數。Bybit 分析師以 Binance BNB Chain、VeChain、Chiliz、「VIC」（報告點名一小型網絡）和 XinFin XDC Network 為例。此類系統把黑名單直接寫入共識規則，極度中心化。例如 BNB Chain 現時代碼庫就明列被封鎖地址，需由 Binance 核心團隊透過升級才能改變。VeChain 則於 2019 年受駭後新增硬編黑名單模組，官方聲稱為社群投票啟動，並非永久後門（詳情下文）。

剩餘 1 條（Heco）則完全以鏈上智能合約方式實現。

值得一提的是，Tron——原本... also flagged in the report – has a built-in permissioned blacklist module as well, which functions somewhat akin to a contract call initiated by the Tron Foundation to freeze accounts (Tron’s mechanism was not detailed in the Bybit summary, but it’s known from prior instances that Tron nodes can be instructed to reject transactions from certain addresses).

同時亦被該報告點名 —— 內置有一個需授權的黑名單模組，其運作方式有點類似於由Tron基金會發起的合約調用去凍結帳戶（雖然Bybit的總結內未有詳細說明Tron的機制，但根據之前的案例，大家都知道Tron的節點可以被指示去拒絕來自某些地址的交易）。

In all cases, whether the freeze is code-based, config-based, or contract-based, the end result is the same: specific addresses can be made unable to transact, at the discretion of those controlling the feature.

無論凍結的方式是以程式碼、設定，或者合約為基礎，最終效果都相同：由功能控制者決定之下，某些指定地址可以被禁止進行交易。

Quietly, a kind of template for freeze control has propagated across different blockchain ecosystems.

其實，一種「凍結控制」的範本正悄悄地在不同區塊鏈生態中傳播開去。

By combing through GitHub repos, the Bybit team found recurring patterns – hooks in the transaction processing code, references to “blacklist” variables, or checks against certain account lists. These were present in disparate projects and languages (for example, EVM-based chains like BNB and Chiliz vs. Rust-based chains like Sui and Aptos), suggesting that developers have independently converged on the idea that a blockchain should have an emergency brake. What started as ad-hoc reactions to crises is seemingly becoming a standard design consideration. And importantly, these controls often concentrate power in the hands of those who maintain the code or run the top validator nodes. As the report dryly notes, decentralization “often ends where validator access begins.”

Bybit團隊通過仔細檢查GitHub倉庫，發現多個項目裡都出現過同類模式——例如在交易處理程式碼中設置鉤子、引用 “blacklist” 相關變數、又或者以某些帳戶名單作核對。這些情況在不同語言及架構的項目（如基於EVM的BNB、Chiliz，與基於Rust的Sui、Aptos等）都見得到，顯示開發者其實各自想到同一點：區塊鏈應該要有一個「緊急掣」。一開始只是臨時應對風險的操作，現在慢慢成為設計時的基本考慮。更重要的是，這些控制權往往集中在能修改程式碼或者掌管主要驗證節點的人手中。正如報告中一句冷嘲：「去中心化的盡頭，大多就是驗證者擁有權限的起點。」

16 Major Blockchains With Freeze Capabilities

Bybit’s research pinpointed sixteen public blockchains that currently have native functionality to freeze accounts or transactions. Below is the list of those networks and the known mechanism by which they can lock down funds:

Bybit的研究指出，目前有16條公有區塊鏈原生支持凍結帳號或交易的功能。以下是各大網絡及已知可鎖定資產的方法：

• Ethereum (ETH) – Can enact an emergency pause via governance intervention (e.g. through a network upgrade or EIP hooks similar to proposed EIP-3074). While Ethereum doesn’t have a simple “blacklist” function baked in, developers could push a special fork or use contract logic to achieve a freeze in extraordinary situations, as demonstrated by the DAO rollback in 2016.

  • 以太坊（ETH）——可經治理介入加強應急暫停（例如透過網絡升級或類似EIP-3074的hook實現）。[Ethereum]並無「黑名單」這種簡單功能，但在極端情況下，開發者可以推出特殊分叉或利用合約邏輯去達到凍結效果，正如2016年DAO事件的回滾操作所見。

• BNB Chain (BNB) – Utilizes a validator-driven blacklist consensus. Binance’s exchange-backed chain has hardcoded freeze functions; its validators, coordinated by Binance’s core team, can refuse to process transactions from addresses on an internal blacklist.

  • BNB鏈（BNB）——採用由驗證者主導的黑名單共識機制。BNB由幣安交易所支持，設有硬編碼凍結功能；由幣安核心團隊協調下，驗證者可拒絕處理列入內部黑名單地址的交易。

• Polygon (POL) – Employs dynamic address filtering in transaction pools. Polygon’s nodes can be configured (via forks or updates) to filter out transactions involving certain addresses, effectively preventing blacklisted accounts from being included in new blocks.

  • Polygon（POL）——交易池內支持動態地址過濾。[Polygon]節點可以經分叉或升級設定，把涉及指定地址的交易排除，即讓某些黑名單帳戶的交易無法納入區塊。

• Solana (SOL) – Supports runtime configuration updates for blacklisting. Solana’s design allows the core team or governing entity to push network-wide configuration changes quickly. In theory, this could be used to deploy a blacklist at the validator software level or halt certain accounts.

  • Solana（SOL）——運行期可更新設黑名單。[Solana]設計允許核心團隊或管理實體快捷推出全網設定變更，理論上可用來在驗證節點層推行黑名單或凍結某些帳戶。

• Avalanche (AVAX) – Features governance-triggered transaction halts. Avalanche can utilize its on-chain governance (via validator voting) to implement emergency halts or address-specific restrictions on its C-Chain and subnetworks, if a supermajority of validators agree.

  • Avalanche（AVAX）——可透過治理觸發交易暫停。[Avalanche]可以用鏈上治理（驗證者投票）通過C-Chain及其子網絡實施緊急凍結或限制特定地址，只要超過一半驗證者同意即可。

• Tron (TRX) – Built-in blacklist module in its protocol. The Tron network, overseen by the Tron Foundation, has functionality that lets authorities freeze accounts (for example, to comply with law enforcement requests or protect against hacks, as seen in past incidents involving TRON-based assets).

  • Tron（TRX）——協議層面原生黑名單模組。[Tron]由Tron基金會監管，具備讓有權機構凍結帳戶的功能（例如配合法規要求或應對黑客，過往TRON資產就出現過凍結情況）。

• Cosmos (ATOM ecosystem) – IBC module pause and address bans. Cosmos and its SDK-based blockchains haven’t yet used global freezes, but the inter-blockchain communication (IBC) system and module accounts could be leveraged to halt transfers or blacklist addresses across zones with a coordinated upgrade.

  • Cosmos（ATOM生態）——IBC模組可支持暫停及地址禁令。[Cosmos]及其SDK架構的鏈暫未執行過全局凍結，但其跨鏈通訊機制（IBC）及模組帳戶，技術上可透過協調升級去暫停或在多zone層級下黑名單禁止轉帳。

• Polkadot (DOT) – Parachain-specific freezes via the Relay Chain. Polkadot’s governance can enact runtime upgrades on parachains. In an emergency, the relay chain could push a freeze or revert for a problematic parachain or address, subject to Polkadot’s on-chain voting.

  • Polkadot（DOT）——中繼鏈主導，有能力針對平行鏈實行凍結。[Polkadot]治理可實時對平行鏈做升級，遇突發事件中繼鏈可推緊急凍結或回滾問題平行鏈或地址，由鏈上表決決定。

• Cardano (ADA) – Hard forks with address exclusions. Cardano doesn’t have a simple freeze opcode, but through its hard fork combinator upgrades, the community could introduce rules excluding certain UTXOs or addresses (for instance, by not recognizing outputs controlled by a blacklisted key in a new epoch).

  • Cardano（ADA）——藉硬分叉實現排除地址。[Cardano]本身無簡單凍結指令，但透過硬分叉組合升級，社群可寫入規則排除個別UTXO或地址（例如新時期不承認由黑名單key控制的輸出）。

• Tezos (XTZ) – Governance votes enabling freezes. Tezos’ self-amending ledger could incorporate a freezing mechanism by protocol amendment. If the stakeholders voted to include a blacklist or pause feature in an upgrade (for emergency use), it would become part of Tezos’ protocol.

  • Tezos（XTZ）——由治理投票決定是否加入凍結。[Tezos]可自我修訂協議，若持幣人表決通過在升級中納入黑名單或暫停功能（作緊急用途），此功能會被寫入協議。

• Near Protocol (NEAR) – Shard-level transaction filters. NEAR’s sharded design might allow its coordinating nodes to filter or refuse transactions targeting specific addresses in a given shard – a capability that could be deployed via protocol governance in extreme events.

  • Near Protocol（NEAR）——分片級交易過濾功能。[NEAR]的分片設計令協調節點可在單一分片上過濾或拒絕針對特定地址的交易，必要時可由協議治理開啟。

• Algorand (ALGO) – Atomic transfers with revocation keys. Algorand’s standard asset (ASA) framework includes an opt-in feature for asset freeze and clawback by the issuer. While ALGO itself cannot be frozen, many Algorand tokens have freeze controls. Algorand also supports forced transfer transactions (if authorized) which mimic freezing by moving funds out of a blacklist address.

  • Algorand（ALGO）——標準資產架構（ASA）自帶資產凍結與追回權。[Algorand]本幣不可被凍結，但依賴IALGO的資產則可經發行方自行選用資產凍結及「clawback」回收。Algorand支援授權下強制轉帳，等同把黑名單資產遷出。

• Hedera Hashgraph (HBAR) – Administrative token freeze controls. Hedera, governed by its corporate council, offers built-in admin functions for tokens. Approved administrators can freeze token transfers or even wipe balances. The network’s permissioned model means the council could likely also halt accounts at the ledger level if needed.

  • Hedera Hashgraph（HBAR）——行政級代幣凍結控制。[Hedera]由企業理事會管治，原生支援管理員功能。獲授權管理員可凍結代幣轉帳甚至抹除餘額。由於屬許可制架構，理事會有需要應可全網記賬層級凍結帳戶。

• Stellar (XLM) – Clawback and freeze clauses in asset issuance. Stellar allows issuers of assets (tokens) to enable a “clawback” feature, which lets them freeze or reclaim tokens from user wallets under certain conditions. This has been used by regulated stablecoin issuers on Stellar and amounts to a partial freeze mechanism in the ecosystem.

  • Stellar（XLM）——資產發行時可啟動clawback和凍結條款。[Stellar]容許資產發行人啟動「clawback」，即根據條件凍結或取回用戶錢包內代幣。部份穩定幣發行商已在Stellar生態使用過，形成局部凍結機制。

• Ripple XRP Ledger (XRP) – Escrow and line-freeze functionality. The XRP Ledger doesn’t allow freezing of the native XRP currency, but it does let issuers of IOU tokens (like stablecoins or securities on the ledger) to globally freeze assets or specific trust lines. Ripple’s network also supports locking XRP in escrow contracts (time-locked holds), which is related to restricting fund movement.

  • Ripple XRP分類帳（XRP）——有托管與信任線凍結功能。[XRP分類帳]本身不能凍結原生XRP，但發行IOU代幣（如穩定幣、證券）可全局凍結資產或某信任線。Ripple亦支援XRP設置合約托管（時間鎖），此皆與資金移動受限相關。

• VeChain (VET) – Authority-based transaction controls. VeChain’s authority masternode system enabled a blacklist in 2019 after a hack. The foundation, with community approval, activated consensus-level checks that caused validators to reject any transactions from the hacker’s addresses – effectively freezing those funds.

  • VeChain（VET）——權威機構基礎的交易控制。[VeChain]2019年被駭後權威主節點系統啟用黑名單。基金會經社群審批，推共識級檢測，使驗證者一律拒絕黑客帳號交易，資金實際被完全凍結。

It’s important to note that not all projects agree with how their freeze capability has been characterized.

值得注意，並非所有項目都同意外界如何描述其凍結機能。

For instance, after Bybit’s report came out, VeChain’s team publicly refuted the notion that its protocol has a permanent hardcoded freeze per se.

例如Bybit報告發佈後，VeChain團隊即公開否認協議存在永久硬編碼的凍結權限。

The VeChain Foundation explained that in the 2019 incident, the community voted to issue a one-time patch – a consensus rule change – that blocked the hacker’s addresses at validator level.

VeChain基金會解釋，2019年事件時，社群通過一次性緊急補丁——更改共識規則——在驗證者層級封鎖了黑客帳號。

“VeChainThor’s software includes consensus-level checks that, once enabled through community governance, rendered the assets immovable,” the team wrote, emphasizing that the measure was governance-approved and not an always-on feature. In other words, VeChain argues there isn’t a secret kill-switch in normal operation; they merely amended the code via proper procedure to freeze those stolen funds. This response highlights the sensitivity around the issue – no blockchain wants to be seen as centrally controlled, even if in emergencies they act that way.

團隊寫道：「VeChainThor軟件內的共識級檢查，經社群治理啟動後，能令資產無法轉動」，強調此措施是獲治理同意而非預設常開。換言之，VeChain主張其運作下平常無所謂『暗殺掣』；只是用規程臨時修正代碼去追回被盜資產。這一回應點出問題的敏感——就算緊急時中央集權地作決定，沒區塊鏈項目希望被外界認定為「中央控制」。

Next in Line: 19 Networks a Few Clicks Away from Freeze Powers

Perhaps more startling than the 16 blockchains that have freeze functions is the report’s warning that 19 other networks could adopt similar controls with minimal effort. In many cases, the code scaffolding for blacklists or pausing transactions is already present or easily added. It might take just a few lines of code changed, or flipping a configuration flag, to turn on the feature.

更令人震驚的是，該報告警告還有19條公鏈其實只需小小變動即可具備凍結功能。很多情況下，黑名單或暫停交易的程式結構已原生內置或隨時擴充，只要微調幾行程式碼，甚至在設定內切換一個參數，就可以啟用凍結。

How pervasive could this become? Potentially very – if developers decide the trade-off is worth it.

這個現象可以去到多普遍？若開發者認為值博，隨時遍地開花。

Bybit’s team did call out several specific projects in this “could easily freeze” category.

Bybit團隊更特別指出幾個具代表性的「輕易即可凍結」項目。

They noted that popular chains like Arbitrum, Cosmos, Axelar, Babylon, Celestia, and Kava are among those that could enable fund freezing with relatively minor protocol changes. These networks don’t currently advertise any freeze capability, yet their architectures are such that introducing one wouldn’t be difficult.

他們提到部分熱門鏈如Arbitrum、Cosmos、Axelar、Babylon、Celestia及Kava等，只需輕微修改協議便可以加入資金凍結功能。這些網絡目前並無明列凍結能力，但其架構上實施相關機制其實並不困難。

For example, many Cosmos-based chains use a module-account system (for things like governance or fee collection accounts).

例如很多Cosmos衍生鏈都用「模組賬戶」系統（用於治理或費用徵收帳等等）。

As the researchers observed, those module accounts could be tweaked to refuse outgoing transactions from certain addresses. So far, no Cosmos ecosystem blockchain has employed this to blacklist a user – doing so would require a governance-approved hard fork with a small code change in the transaction handling logic. But the fact that it’s feasible with a straightforward update means the blueprint is there, waiting on a decision.

研究員指出，這些模組賬戶只要微調程式，即能拒絕部份地址的外發交易。Cosmos生態目前未有鏈曾以該方式黑名單用戶，實施需靠治理通過和小幅度的交易處理邏輯修改。不過既然只需小改就能實現，換言之方案已在等待抉擇。

In practice, enabling a freeze feature on these additional chains would likely follow a familiar pattern: a major hack or

實際上，這些鏈要開啟凍結功能，多半都只等一次大型事故或……regulatory pressure might prompt developers to say, “We need this tool.” Indeed, after Sui’s $162M hack and freeze, the Aptos network (a fellow Move-language chain) quietly added blacklisting capability into its code in the weeks that followed. They saw the writing on the wall: without a freeze mechanism, they’d have little recourse if a similar exploit hit their ecosystem.

監管壓力可能會令開發者話：「我哋需要呢個工具。」事實上，Sui 發生 1.62 億美元被駭兼凍結事件之後，Aptos 網絡（同樣係用 Move 語言嘅公鏈）喺之後幾星期靜悄悄咁加咗黑名單功能入去佢嘅代碼。佢哋見勢色唔妙：如果冇凍結機制，一旦有差唔多嘅漏洞爆發，對個生態圈幾乎無計可施。

This demonstrates how one project’s precedent can influence others. If even a few more high-profile incidents occur, it’s easy to imagine a cascade of chains quickly implementing latent freeze switches “just in case.”

呢件事好清楚咁顯示咗一個項目嘅先例可以點樣影響其他項目。如果再有多一兩個高調攻擊事件出現，好容易諗到好多鏈會「做定啲掣」，臨急臨忙加返備用嘅凍結機制以備不時之需。

The prevalence of similar code patterns suggests a degree of industry convergence on this issue. “It isn’t an anomaly – it’s becoming an industry template,” the report says of on-chain freeze logic. Many newer blockchains appear to have taken lessons (for better or worse) from previous hacks on older networks.

同類型代碼模式出現得咁頻密，亦都說明咗成個行業喺呢方面開始出現趨同。「呢啲（鏈上凍結邏輯）唔再係異數——已經成咗業界模板。」報告咁樣形容。好多新公鏈，明顯有（學好學壞都有）從舊有網絡被黑事件吸取經驗。

They may include hooks in their design that allow optional centralized actions, even if they don’t advertise them.

佢哋設計上有機會預留啲「鉤子」去俾之後可以選擇做集中式操作，即使佢哋表面冇公開講過。

In some cases, those hooks were spotted by Bybit’s AI scanning tool: the team leveraged an AI model (Anthropic’s Claude 4.1) to scan hundreds of repositories for keywords and code structures related to blacklisting and transaction filtering.

有時，呢啲鉤子會被 Bybit 用 AI 掃描工具發現：佢哋團隊用咗 AI 模型（Anthropic 嘅 Claude 4.1）去掃咗幾百個代碼倉，搵下有冇關於黑名單或者交易過濾器嘅關鍵字同代碼結構。

This AI helper flagged dozens of potential instances across various projects.

呢個 AI 助手喺唔同項目裡面搵到成十幾廿個懷疑案例。

Not all were true freeze functions – some false positives included user-level features that weren’t actually protocol-level controls. But the fact that automation was needed to sift through how widespread this might be underscores how murky the boundaries of “decentralized control” have become.

唔係全部都真係凍結功能——有啲只是用戶級別功能，唔係協議層級嘅控制。不過，要靠自動化掃描先分得清楚幾普遍，其實已經反映出「去中心化控制」嘅界線越嚟越模糊。

The researchers had to verify each case manually in the end , illustrating that even experts can struggle to discern where a blockchain has hidden levers of control.

最後，研究人員都要逐單人手檢查清楚，都說明其實連專家都可以好難搞清楚條鏈背後有冇啲控制桿藏喺邊。

Bybit’s report emphasizes that the existence of freeze capabilities in more networks is not hypothetical. It’s already the norm in spirit, if not letter. The difference is simply whether a project has flipped the switch yet. Many could do so with a hard fork or even a runtime config change, which means the ethos of absolute immutability is, in practical terms, compromised. We’re moving toward a landscape where a majority of chains have some degree of “stop button” – either active or waiting on standby. This raises the stakes for transparency: if these switches are pervasive, users and investors will want to know exactly who can pull them and how.

Bybit 報告強調，多數公鏈其實唔係「理論上」有凍結功能，係事實上都已經有晒——就算佢哋唔係成文公開，只不過係未開掣啫。好多都可以用硬分叉或者甚至只要即時配置就實現，即實際上「不可篡改」呢套理念已經被打折。依家行業已經係一個大部分公鏈都有某程度「剎掣」——啱用、備用總有一個在手。呢點對透明度要求越嚟越高：如果有咁多隱藏掣，咁用戶同投資者自然會想知，到底邊個有權掣得，點樣掣。

Pragmatic Security or Hidden Centralization?

實用安全定係隱藏中心化？

The debate over these findings essentially boils down to a classic dilemma: do the benefits of emergency intervention outweigh the costs to decentralization?

關於以上發現嘅討論，講到底就係一條經典問題：緊急介入帶嚟嘅好處，值唔值得放棄部分去中心化？

Proponents of freeze functions argue they are a pragmatic security measure – a necessary option in a world where hacks, exploits, and thefts are rampant. Indeed, the report documents how freezes have saved substantial value. Sui’s swift action after the Cetus DEX hack potentially saved $162 million from being siphoned away forever.

支持凍結功能嘅人會話，呢種做法係實際又必要——喺黑客、攻擊、盜竊咁猖獗嘅世界，絕對要有個備案。報告都有記錄：有時凍結功能真係救過好多錢。例如 Sui 因為 Cetus DEX 被黑後爆即時反應，可能拯救咗 1.62 億美元免於被洗劫一空。

BNB Chain’s blacklist during its 2022 exploit helped contain a $570 million breach, preventing further contagion across the Binance ecosystem. VeChain’s 2019 freeze of $6.6M in stolen tokens protected the project’s treasury and community funds from irretrievable loss. Each of those events could have been devastating; the ability to intervene turned them from fatal into merely painful.

BNB Chain 喺 2022 年攻擊事件加實黑名單制，箝制住咗 5.7 億美元損失，防止禍害蔓延到成個幣安體系。VeChain 2019 年凍結 660 萬美元被盜代幣，亦都救返項目金庫同社區資金免於無法追回。每一單都可以致命，靠凍結介入，好多時可以由滅頂危機變成「損失大啫」。

“Without them, hacks like Cetus or the BNB bridge exploit would have wiped out investors,” as the report notes in defense of these mechanisms.

「如果無呢啲得手，Cetus、BNB 橋咁嘅黑客事件，投資者分分鐘全軍覆沒。」報告為機制辯護咁講。

However, each time a blockchain exercises this kind of override, it chips away at the fundamental trustless ethos of blockchain technology. Censorship resistance – the guarantee that nobody can prevent valid transactions – is a big part of why people put faith in decentralized networks. If users come to feel that a foundation or committee can step in and freeze funds at will, the psychological (and legal) distinction from traditional banks begins to blur. The Bybit researchers warn that even well-intentioned freezes set a precedent:

不過，每一次公鏈行使呢種「一錘定音式」介入，都係削弱著區塊鏈本來嘅「信任最小化」精神。抗審查本來就係去中心化網絡受人信賴嘅核心：係保證無人可以阻止一單真正有效交易。如果用戶覺得基金會或者委員可以隨時凍結資金，咁同傳統銀行之間「心態上、法律上」嘅界線就愈嚟愈模糊。Bybit 研究員警告，就算係出於好意，凍結咗一次都成咗慣例：

“Once a chain freezes funds once, it’s hard to imagine it won’t again,” they write. The worry is that what starts as an exceptional measure could morph into a routine tool of control.

「一條鏈凍結過資金之後，好難講佢下次唔會再掣。」擔心嘅係，本來只係非常手段，慢慢就變成日常管控工具。

There’s evidence that the line is already moving.

而家有證據見到界線真係已經移緊。

According to the report’s data, nearly 70% of the documented freeze events occurred via actions at the consensus layer by validators or block producers. This is significant because it’s the deepest level of the system – meaning the censorship was baked into block production itself, not just at a superficial application layer. Average users wouldn’t even know it was happening; the chain simply stops processing transactions from certain addresses, no explanation given on-chain.

報告數據話，差唔多七成已記錄嘅凍結事件，係由驗證人或者區塊生產者直接喺共識層搞掂就手。呢個位好關鍵，因為係成個系統最底層——抗審查係寫入出塊步驟裡面，唔止係表面 App 層做做樣。普通用戶根本唔會察覺，鏈就咁停止處理某啲地址交易，鏈上亦唔會有解釋。

In a majority of cases the decisions to freeze were made by small governance councils, foundation teams, or core dev groups.

大多數情況下，掣係由少數管理委員會、基金會團隊或者核心開發小組負責拉。

These are often unelected bodies, or if elected (like some validator sets), they tend to be insider-heavy and not directly accountable to millions of global users. Such freezes can thus resemble the actions of a central bank or government decree, executed without the kind of checks and balances decentralization was supposed to ensure.

通常都係唔經選舉嘅組織，或者即使選出嚟都好（例如部分驗證組），成班都係圈內人，唔係向全球廣大用戶問責。咁樣嘅凍結操作，成個味道就好似央行或政府命令，冇咗去中心化本來講求嘅「制衡」。

The opacity around these emergency actions is a big part of the concern.

大家擔心嘅，重點之一就係呢類緊急動作成日都咁不透明。

In Sui’s case, the coordination to freeze funds was done through behind-the-scenes agreements among validators orchestrated by the Sui Foundation. There was no on-chain proposal or prior user vote; it was an urgent response.

以 Sui 為例，凍結資金其實係背後由基金會統籌，之後同驗證人私下協議做。冇公開鏈上提案，亦冇事先用戶投票，只係事情突發下搵辦法頂一頂。

Similarly, Aptos’s newly added freeze feature is reportedly managed via validators’ private config files, and “only a handful of people know” who maintains the blacklist or how those decisions are made. This stealthy approach might be efficient in a crisis, but it sidelines the community and lacks transparency.

Aptos 新加嗰個凍結功能都差唔多，據講係透過驗證人私人配置檔操控，至於邊個負責維護黑名單、決定由邊個掣都只係「幾個人知」。咁樣做，雖然危急時刻得快見效，但完全無視晒社區透明度。

Even on BNB Chain, which is relatively open about its hardcoded blacklist, control “sits firmly with Binance’s developer core,” the analysis notes. That is, the ultimate decision of who gets blacklisted on BNB is effectively up to Binance’s leadership – an authority structure more akin to a corporation than a decentralized community project. And in the case of Heco’s contract-based freeze, an admin key held by the protocol’s operators can decide which addresses live or die on the network.

就算 BNB Chain 相對透明，寫死晒黑名單功能，但主控「都係攞喺 Binance 開發核心手上」，分析話。即係話，BNB Chain 真正話事誰入黑名單，其實最尾都係 Binance 領導——呢種結構幾乎同一般公司無異，好難同分散社區項目比較。至於 Heco 用合約做凍結，控制權就喺協議管理員手上，邊個地址生死都由佢話事。

For critics, these realities validate long-standing suspicions that many so-called decentralized blockchains are decentralized in name only. “The lines between foundation, validator, and regulator are blurring fast,” as one commentary observed. When push comes to shove, most major networks can act very much like centralized intermediaries: they can freeze funds, reverse transactions, or otherwise govern user activity in ways users may not realize.

對批評者嚟講，呢啲現實證實咗多年來對唔少「所謂」去中心化鏈只係「有名無實」嘅懷疑。「基金會、驗證人、監管者之間，界線已經愈嚟愈模糊。」有評論咁講。事到臨頭，絕大多數主流鏈都可以好似中央中介——隨時凍結、反轉交易，操作用戶行為，令人防不勝防。

The crypto community has already seen analogous debates with issues like OFAC sanctions compliance, where Ethereum validators started censoring sanctioned addresses in blocks in 2022. That, too, was seen as a slippery slope where outside pressure led to de facto centralized behavior emerging in a decentralized system.

其實，幣圈早就喺例如 OFAC 制裁合規上面經歷同類爭論。2022 年以太坊驗證人開始喺出塊時審查被制裁地址，被認為係一條滑坡路——外部壓力之下，去中心化生態出現事實上嘅中心化行為。

On the other hand, defenders of emergency powers argue that some ability to intervene is simply part of “growing up” for crypto. As blockchain platforms become mainstream and carry billions in value, the realities of hacks and crime can’t be ignored.

另一方面，支持緊急權力嘅人表示，有得介入本身就係加密產業「成長」一部份——因為平台愈來愈 mainstream、資金規模都係以十億計，現實中嘅盜竊和黑客唔容忽視。

Even staunch decentralists might concede that if their own funds were stolen, they’d welcome a well-timed freeze to get them back. The key, perhaps, is ensuring proper governance and transparency around these capabilities.

就算最死忠嘅去中心化信徒，如果真係自己啲錢出事，都可能會希望有人及時出手救返。重點反而係點樣做監管同保障透明度。

David Zong, Bybit’s head of security who led the research, framed it this way: Blockchain may have been built on decentralization, “yet our research shows that many networks are developing pragmatic safety mechanisms to respond quickly to threats.”

Bybit 領導調查嘅安全負責人 David Zong 咁講：區塊鏈本意係去中心化，「但我哋研究顯示，好多鏈而家實際上係起緊一整套實用型安全機制，方便將來對住威脅時快手應變。」

The crucial thing, he says, is that “transparency builds trust” – meaning if such mechanisms exist, they should be openly disclosed and subject to oversight, not hidden in code.

佢補充，最緊要係「透明先有信任」——即係話，如果真係有呢啲機制，應該公開講出嚟、接受監察，唔好匿埋喺代碼下底。

The worst outcome would be secret backdoors or freeze buttons that users learn about only when it’s too late.

「最差嘅情況，就係暗地度留門仔、設凍結掣，用戶要出事先至知曬啲料。」

By contrast, if a project openly states that it retains an emergency brake and gives a clear policy on how and when it’s used (e.g. only for hacks above X amount, requiring multisignature approval, etc.), users and investors can judge the trade-off for themselves.

相反，如果一個項目一早公開話佢哋保留緊急剎掣、明確交代什麼情況會動用（例如超過 X 金額黑客事件、必須多簽批核等），咁用戶投資者可以自己衡量風險與回報。

VeChain’s earlier-mentioned response is illustrative. They didn’t deny freezing funds – they defended how it was done, portraying it as a community-governed action rather than a unilateral move. This hints at a possible middle ground: any freeze should be enacted through some form of decentralized decision process. In VeChain’s case, they claim token holders approved the blacklist. In Sui’s case, after the fact, a community vote ratified the recovery plan. While these governance steps may be imperfect (critics will note that foundation influence can often sway votes or that emergency timing precludes lengthy debate), they at least attempt to align with decentralized principles. The alternative – a handful of core devs calling the shots – veers uncomfortably close to the centralized systems crypto sought to escape.

以 VeChain 上面講嘅做法為例，其實都唔係否認凍結，而係著重強調用透明、社區制衡代替一言堂。即係想提出一個中間落墨嘅辦法：凍結必須係某種去中心化程序下決定。例如 VeChain 自己就話係代幣持有人通過咗黑名單決議；Sui 就係事件之後搞個社區投票通過恢復方案。雖然批評者仲會話基金會有影響力、或者緊急情況唔容有充足討論，但至少有走去中心化原則嘅努力。相比起一小撮核心開發自己拍板，咁就同大家想像中避開嘅中央集權根本無分別。

Nearly a year on from Ethereum’s historic “DAO fork” in 2016 – arguably the first on-chain fund intervention – the industry is still wrestling with the same core question: Should blockchains ever intervene in on-chain activity, even to correct a wrong?

距離 2016 年以太坊「DAO 分叉」呢個歷史性第一次鏈上資金介入差唔多已經一年，成個行業其實仲係糾結於同一條問題：公鏈究竟可唔可以介入鏈上行為，就算係手刃錯誤都好？

There may never be a one-size-fits-all answer. Different networks are taking different stances, from Bitcoin’s absolutist immutability (even Satoshi-era thefts can’t be reversed) to more flexible, governance-heavy chains like Tezos or Polkadot that explicitly allow community-led alterations. What is clear is that the presence of

未必有一個一勞永逸嘅答案。每條鏈有自己路線——由比特幣堅持「絕對不可改」原則（連 Satoshi 時代啲失竊都唔會追回），到有啲靈活又重治理嘅鏈（如 Tezos、Polkadot），特登寫明俾社區搞改動。清楚嘅只係——these freeze mechanisms blurs the dichotomy of centralized vs decentralized.

好多網絡其實都係介乎中間嘅灰色地帶 —— 日常運作上係去中心化，但一到極端情況就有中央可以介入嘅能力。到底呢啲措施係謹慎風險管理，定係一個致命嘅妥協，往往都視乎你本身嘅理念，甚至睇過你有冇試過係黑客事故入面損失過先。

Closing Thoughts

Bybit嘅報告揭示咗一個令人唔太舒服嘅事實：而家「凍結資金」呢個能力已經成為咗區塊鏈生態圈，特別係頂級網絡，嘅一部分。

依家個問題唔再單純係「中心化」定「去中心化」咁簡單。係「公開誠實嘅治理」對「暗地裡掌控」嘅抉擇。

一啲項目如果開誠布公，講清楚自己有咩權力，並且由民主程序監督，可能可以保住公信力——即係佢哋話：「我哋大部分情況都係去中心化，除非出現大危機，呢度就係我哋會點做。」

相反，如果嗰啲權力一直係不透明、冇監管，遲早會引起質疑或者被濫用。隨住監管機構日益關注，某啲司法管轄區甚至可能會要求區塊鏈必須有凍結功能（歐盟同新加坡已經討論過喺法律度加「緊急剎車」條款嘅建議）。啲機構投資者都可能會傾向選可以控制風險嘅網絡，即使可能要犧牲一部分去中心化。

咁樣有機會令生態圈分裂成「合規」可以介入嘅鏈，對「堅持原則」冇得介入嘅純正鏈，基本上會重新定義加密貨幣世界嘅身份。

總括而言，加密貨幣嘅去中心化唔係死咗，但係而家已經進入成熟期，要面對現實，接受考驗。