Bybit 羅剎安全實驗室發表 最新報告,指出許多主流區塊鏈並非表面那麼無需信任。在強調去中心化的產業裡,這一發現雖無稽但值得疑慮。
Bybit 團隊利用 AI 及手動審核,檢驗了 166 條區塊鏈原始碼,發現其中 16 條已經內建資金凍結能力,還有 19 條只需小幅調整就能啟用相同功能。
這類設計本意是防止駭客攻擊與非法資金流轉,但也讓業界長年思辨的疑問浮上檯面:支撐加密產業的系統,究竟有多去中心化?
調查的契機是一樁高調事件:今年稍早,Sui 基金會在 Cetus DEX 遭駭後,閃電式凍結了超過 1.6 億美元的被盜資產,此舉立即引發社群激烈辯論。
若一個基金會有權封鎖駭客錢包來保障用戶,它未來也是否可能凍結任何人的資產?
此報告尚緣於 Bybit 本身的安全風波。
幾個月前,Bybit 交易所遭遇了高達 15 億美元的駭客事件,這是加密史上最大規模之一。當時包括 Circle 與 Tether 等合作方緊急凍結了 4,290 萬美元被竊穩定幣,其他協議也協助追回資金。
緊急情況下凍結權力顯然能發揮效用,但也凸顯了一種兩難:愈是依賴這些“緊急開關”來應對威脅,加密網路就愈接近它原本要取代的傳統中心化系統。
加密資金凍結︰防駭還是去中心化風險?
區塊鏈上的「凍結」帳戶,意味著封鎖資金移動權限,使其無法轉移、處分。
這多半由區塊產生者(驗證者)或協議規則變更執行,鎖定黑名單上的位址。這些緊急權力普遍視為回應 DeFi 竄升駭客攻擊與詐欺行為的手段。
其邏輯簡單:若竊賊盜取巨額加密資產,務必在鏈上及時阻止其洗錢流向。
例如,在 Sui 的 1.6 億美元 Cetus 事件後,基金會很快在協議層加設黑名單,直接凍結駭客錢包。
同樣,BNB Chain 的開發者也在 2022 年跨鏈橋駭案後,硬編碼關鍵黑名單,遏止 5.7 億美元資金外流。早在 2019 年 VeChain 也因基金會錢包被竊 660 萬美元,採取類似黑名單機制。
這類措施已證實能有效遏制損失。
「沒人希望幾億美元就這麼消失不見」,一位分析師表示。
將被盜資產暫時凍住,有助於爭取時間展開調查、追討資金或和駭客談判。例如 Sui 最終由社群投票追討 Cetus 被駭金,將資金歸還受害者。
從安全角度來說,「暫停交易」是鏈上營運者應對災難的有力工具。
然而,能阻擋搶劫的權力,也可能動搖去中心化精神。不可篡改、抗審查本應是區塊鏈的根本特色——「Code is law」。中心化團隊若能事後停用或回溯交易,就等於動搖此一原則。
批評者認為,若有權威可單方面凍結帳本資產,網路是否還稱得上中立無私?
就如在 Sui 緊急凍結後,部分社群人士指責基金會「背叛去中心化理想」,形同權限網路表面無門檻,實際上隱藏重大控制點。這也引發疑問:誰能啟動這類“緊急開關”?基於何種標準?未來會否被濫用、權力向外擴張?
Bybit 新報告揭露此種「安全與主權」權衡日益增加,且這些凍結功能遠比大部分用戶認知還普遍。166 條受檢鏈中,有 16 條(近 10%)原生納入凍結機制,更涵蓋全球超八成 DeFi 鎖倉價值,也就是說,如今大多加密交易,其實都可在條件下遭“暫停、過濾、凍結”,這與區塊鏈「不受控制」的主流形象大相徑庭。
就治理層面而言,中心化風險一目了然。
Lazarus Lab 研究指出,約 7 成凍結事件其實在驗證者或共識層發生——也就是協議中核心但一般用戶不易感知的深層區塊。這類「緊急權力」往往集中在少數圈內人:核心開發者、基金會理事會、或頂級驗證者,而這些機制與決策過程通常不透明。有違開放原始碼、「人治少於程式」的精神,這類治理往往在閉門或臨時決議下完成。
權力不透明更讓人擔憂「信任」正被重新導入理應無需信任的系統。正如有人所言,去中心化經常終結於“驗證者插手之際”。
凍結機制如何運作
Bybit 報告將鏈上凍結功能分為三大類:
硬編碼黑名單
將凍結邏輯直接寫入區塊鏈程式碼。協議升級即可於底層把特定錢包列為禁用,新增或移除須發布新軟體(或硬分叉)。如 BNB Chain、VeChain 等皆有採用,雖然黑名單在碼庫中公開,但只有開發團隊或授權團體能透過更新改動項目。
設定檔式凍結
更隱蔽方法,由驗證者或節點營運者透過設定檔(如 YAML、TOML)加載私有黑名單,並在出塊時進行比對。
這種“設定檔凍結”無需改動主程式,只需營運者間低調協議,更新設定檔後重啟節點即可,代表 Aptos、Sui、Linea 等 L1 皆屬此類。黑名單只存在於本地設定,未對大眾公開透明,也增加運作不明問題。
鏈上合約凍結
透過系統層的智能合約以鏈上操作方式,即時凍結/解凍帳戶,行使交易處理監管權。
Heco(火幣生態鏈)即為代表,驗證者查詢指定合約判斷是否禁用轉帳。此法相對彈性(無須重啟節點),但合約條目仍由“管理金鑰”或特定治理掌控。
實際應用
無論方式如何,這些手段皆賦予少數團隊可凍結網路交易的權力——這是傳統金融體系銀行或監管機關才有的職能。
值得一提的是,這類機制經常默默地嵌入各鏈設計。部分專案僅在代碼說明書或配置檔中著墨,從未公開強調有類似「暫停按鈕」。
許多用戶與開發者,其實直到危機發生前都未察覺鏈上已構建凍結功能。
報告披露,16 條具凍結能力的區塊鏈中就有 10 條採設定檔方式,驗證者只需更新節點黑名單即可實施私下封鎖,包括 Aptos、Sui、EOS 等。
黑名單存在本地設定檔,外部觀察時網路運作如常——沒有人能從公開帳本判斷哪些資產被凍結,僅有協調凍結的內部人士(以及少數區塊瀏覽器後期追蹤異常)才看出此類操作。
另有 5 條鏈在原始碼直接實作黑名單凍結。
Bybit 分析則將 Binance BNB Chain、VeChain、Chiliz、「VIC」(報告內小型鏈)、XinFin XDC Network 歸於此類。這些鏈都是在共識規則層直接寫入黑名單機制——這種防線已有極明顯中心化色彩。例如 BNB Chain 的開發碼庫清單標明哪些位址將被排除於新出塊,名單異動通常需由 Binance 團隊發佈升級。VeChain 即於 2019 被盜後新添「硬編碼黑名單模組」,專案方強調前述設置曾經過社群投票,不是永久性後門(細節尚待說明)。
剩下的 1 條(Heco)純採用鏈上智能合約方式。
特別留意,Tron——本段內容待續 also flagged in the report – has a built-in permissioned blacklist module as well, which functions somewhat akin to a contract call initiated by the Tron Foundation to freeze accounts (Tron’s mechanism was not detailed in the Bybit summary, but it’s known from prior instances that Tron nodes can be instructed to reject transactions from certain addresses).
在該報告中也有被標註 —— 其本身內建有權限控管的黑名單模組,運作方式類似由 Tron 基金會發起的合約呼叫來凍結帳號(Bybit 摘要並未細述 Tron 的機制,但過去數次事件中已知 Tron 節點可被指示拒絕特定地址的交易)。
In all cases, whether the freeze is code-based, config-based, or contract-based, the end result is the same: specific addresses can be made unable to transact, at the discretion of those controlling the feature.
無論是基於程式碼、設定檔還是合約層級的凍結,其最終結果都是一樣的:只要控制此功能的實體決定,特定地址就可以被阻擋進行交易。
Quietly, a kind of template for freeze control has propagated across different blockchain ecosystems.
在不知不覺間,一種「凍結控制」的模組設計,已經在各種區塊鏈生態圈中蔓延開來。
By combing through GitHub repos, the Bybit team found recurring patterns – hooks in the transaction processing code, references to “blacklist” variables, or checks against certain account lists. These were present in disparate projects and languages (for example, EVM-based chains like BNB and Chiliz vs. Rust-based chains like Sui and Aptos), suggesting that developers have independently converged on the idea that a blockchain should have an emergency brake. What started as ad-hoc reactions to crises is seemingly becoming a standard design consideration. And importantly, these controls often concentrate power in the hands of those who maintain the code or run the top validator nodes. As the report dryly notes, decentralization “often ends where validator access begins.”
Bybit 團隊在爬梳 GitHub 倉庫時發現不少共通模式 —— 例如交易處理流程中的函式掛鉤(hook)、與「blacklist」變數相關的程式碼引用,或針對某些帳戶的檢查。這些都出現在不同專案與不同開發語言(如以 EVM 為基礎的 BNB、Chiliz,或用 Rust 撰寫的 Sui、Aptos)當中,顯示開發者已不約而同認為區塊鏈應具備「緊急剎車」的機制。這類本來僅是應急措施的設計,現在似乎正成為標準考量。且值得注意的是,這些控制權往往集中在維護程式碼或主導驗證節點的少數人手中。正如報告所冷淡指出的:「去中心化,常常就在驗證者存取權開始的地方結束。」
16 Major Blockchains With Freeze Capabilities
具有帳號/交易凍結功能的 16 條主流公鏈
Bybit’s research pinpointed sixteen public blockchains that currently have native functionality to freeze accounts or transactions. Below is the list of those networks and the known mechanism by which they can lock down funds:
Bybit 的研究指出,目前共有 16 條公鏈原生支援帳號或交易凍結功能。以下列出這些鏈以及已知的資金凍結機制:
- Ethereum (ETH) – Can enact an emergency pause via governance intervention (e.g. through a network upgrade or EIP hooks similar to proposed EIP-3074). While Ethereum doesn’t have a simple “blacklist” function baked in, developers could push a special fork or use contract logic to achieve a freeze in extraordinary situations, as demonstrated by the DAO rollback in 2016.
- 以太坊(ETH)——可透過治理介入(例如網路升級或像 EIP-3074 提案那樣的 EIP 掛鉤)啟動緊急暫停。雖然 Ethereum 沒有直接內建黑名單功能,開發者仍可在特殊情況下推動特殊分叉或合約邏輯來實現凍結(如 2016 年 DAO 回滾事件所示)。
- BNB Chain (BNB) – Utilizes a validator-driven blacklist consensus. Binance’s exchange-backed chain has hardcoded freeze functions; its validators, coordinated by Binance’s core team, can refuse to process transactions from addresses on an internal blacklist.
- BNB Chain(BNB)——採用由驗證者驅動的黑名單共識。作為幣安主導的公鏈,內部寫死了凍結功能;節點(由幣安核心團隊協調)可拒絕處理內部黑名單上的地址交易。
- Polygon (POL) – Employs dynamic address filtering in transaction pools. Polygon’s nodes can be configured (via forks or updates) to filter out transactions involving certain addresses, effectively preventing blacklisted accounts from being included in new blocks.
- Polygon(POL)——在交易池中動態過濾地址。Polygon 節點可通過分叉或升級設定,過濾特定地址相關交易,有效阻隔黑名單帳戶進入新區塊。
- Solana (SOL) – Supports runtime configuration updates for blacklisting. Solana’s design allows the core team or governing entity to push network-wide configuration changes quickly. In theory, this could be used to deploy a blacklist at the validator software level or halt certain accounts.
- Solana(SOL)——支援執行階段黑名單配置更新。Solana 的架構容許核心團隊或治理實體快速推送全網設定變更,理論上可在驗證者軟體層部署黑名單或暫停特定帳號。
- Avalanche (AVAX) – Features governance-triggered transaction halts. Avalanche can utilize its on-chain governance (via validator voting) to implement emergency halts or address-specific restrictions on its C-Chain and subnetworks, if a supermajority of validators agree.
- Avalanche(AVAX)——採治理機制啟動交易暫停。Avalanche 可經由鏈上治理(如驗證者投票)對 C-Chain 及子網絡進行緊急暫停,或針對指定地址施加限制,只要有超過門檻的驗證者同意。
- Tron (TRX) – Built-in blacklist module in its protocol. The Tron network, overseen by the Tron Foundation, has functionality that lets authorities freeze accounts (for example, to comply with law enforcement requests or protect against hacks, as seen in past incidents involving TRON-based assets).
- Tron(TRX)——協議層內建黑名單模組。Tron 由波場基金會主導,具備讓相關單位凍結帳號的功能(例如配合法規、協助執法或因應駭客攻擊,過去 TRON 資產也曾因此凍結過帳戶)。
- Cosmos (ATOM ecosystem) – IBC module pause and address bans. Cosmos and its SDK-based blockchains haven’t yet used global freezes, but the inter-blockchain communication (IBC) system and module accounts could be leveraged to halt transfers or blacklist addresses across zones with a coordinated upgrade.
- Cosmos(ATOM 生態系)——IBC 模組暫停及地址封鎖。Cosmos 及其 SDK 生態目前尚未施行全域凍結,但跨鏈溝通(IBC)模組及特殊帳戶有可能配合協調升級,達到全域停止轉帳或黑名單特定地址的效果。
- Polkadot (DOT) – Parachain-specific freezes via the Relay Chain. Polkadot’s governance can enact runtime upgrades on parachains. In an emergency, the relay chain could push a freeze or revert for a problematic parachain or address, subject to Polkadot’s on-chain voting.
- Polkadot(DOT)——由中繼鏈針對平行鏈凍結。Polkadot 的治理可針對平行鏈執行執行階段升級,緊急時(如問題平行鏈或異常地址),中繼鏈可依鏈上投票結果推動凍結或回滾。
- Cardano (ADA) – Hard forks with address exclusions. Cardano doesn’t have a simple freeze opcode, but through its hard fork combinator upgrades, the community could introduce rules excluding certain UTXOs or addresses (for instance, by not recognizing outputs controlled by a blacklisted key in a new epoch).
- Cardano(ADA)——硬分叉排除黑名單地址。Cardano 沒有簡單的凍結指令,但可透過硬分叉組合升級,納入排除特定 UTXO 或地址的規則(如新 epoch 不承認黑名單密鑰控制的輸出)。
- Tezos (XTZ) – Governance votes enabling freezes. Tezos’ self-amending ledger could incorporate a freezing mechanism by protocol amendment. If the stakeholders voted to include a blacklist or pause feature in an upgrade (for emergency use), it would become part of Tezos’ protocol.
- Tezos(XTZ)——治理投票納入凍結機制。Tezos 的自我修訂帳本可經協議修正納入帳號凍結功能。如果利害關係人投票通過將黑名單或暫停功能加入升級中(供緊急情況啟用),該機能就會成為 Tezos 協議的一部分。
- Near Protocol (NEAR) – Shard-level transaction filters. NEAR’s sharded design might allow its coordinating nodes to filter or refuse transactions targeting specific addresses in a given shard – a capability that could be deployed via protocol governance in extreme events.
- Near Protocol(NEAR)——分片層級交易過濾。NEAR 的分片架構可能讓協調節點可針對特定分片之地址過濾或拒絕交易,極端情境下透過治理機制部署啟用。
- Algorand (ALGO) – Atomic transfers with revocation keys. Algorand’s standard asset (ASA) framework includes an opt-in feature for asset freeze and clawback by the issuer. While ALGO itself cannot be frozen, many Algorand tokens have freeze controls. Algorand also supports forced transfer transactions (if authorized) which mimic freezing by moving funds out of a blacklist address.
- Algorand(ALGO)——原子轉帳與撤回金鑰。Algorand 的 ASA 標準資產框架包含資產持有人凍結與追回選項(需啟用)。雖然原生 ALGO 無法凍結,但大多數 Algorand 代幣都具備凍結功能。也可以透過強制轉帳機制(經授權)將資金移出黑名單地址,達到類似凍結效果。
- Hedera Hashgraph (HBAR) – Administrative token freeze controls. Hedera, governed by its corporate council, offers built-in admin functions for tokens. Approved administrators can freeze token transfers or even wipe balances. The network’s permissioned model means the council could likely also halt accounts at the ledger level if needed.
- Hedera Hashgraph(HBAR)——管理員主導的代幣凍結。Hedera 由企業理事會主導,內建代幣管理員功能。經核准的管理員可凍結代幣轉移甚至清除餘額。在這種有權限的網絡模式下,理事會若有需要,也可能在帳本層級停用帳戶。
- Stellar (XLM) – Clawback and freeze clauses in asset issuance. Stellar allows issuers of assets (tokens) to enable a “clawback” feature, which lets them freeze or reclaim tokens from user wallets under certain conditions. This has been used by regulated stablecoin issuers on Stellar and amounts to a partial freeze mechanism in the ecosystem.
- Stellar(XLM)——資產發行帶有追索與凍結條款。Stellar 容許資產發行人啟用「追索(clawback)」功能,在特定條件下可凍結或收回用戶錢包內的代幣。在 Stellar 上發行的合規穩定幣,常用這一類追索機制,等同變相凍結。
- Ripple XRP Ledger (XRP) – Escrow and line-freeze functionality. The XRP Ledger doesn’t allow freezing of the native XRP currency, but it does let issuers of IOU tokens (like stablecoins or securities on the ledger) to globally freeze assets or specific trust lines. Ripple’s network also supports locking XRP in escrow contracts (time-locked holds), which is related to restricting fund movement.
- Ripple XRP Ledger(XRP)——託管與信用線凍結功能。XRP 帳本原生 XRP 不能被凍結,但 IOU 代幣(如穩定幣或證券型代幣)發行方可全球性凍結資產或特定信任線。Ripple 網絡也支援以託管合約鎖住 XRP(時間鎖定),可間接限制資金流動。
- VeChain (VET) – Authority-based transaction controls. VeChain’s authority masternode system enabled a blacklist in 2019 after a hack. The foundation, with community approval, activated consensus-level checks that caused validators to reject any transactions from the hacker’s addresses – effectively freezing those funds.
- VeChain(VET)——權威節點主導的交易控制。VeChain 在 2019 年駭客事件後基於權威主節點系統啟用黑名單,基金會在社群同意下觸發共識層檢查,使驗證節點拒絕來自駭客地址的所有交易,資金實際被凍結。
It’s important to note that not all projects agree with how their freeze capability has been characterized.
值得注意的是,並非所有專案都認同其被描述為具備凍結能力。
For instance, after Bybit’s report came out, VeChain’s team publicly refuted the notion that its protocol has a permanent hardcoded freeze per se.
例如,Bybit 報告發表後,VeChain 團隊公開反駁,稱其協議並非永久性寫死的凍結機制。
The VeChain Foundation explained that in the 2019 incident, the community voted to issue a one-time patch – a consensus rule change – that blocked the hacker’s addresses at validator level.
VeChain 基金會闡述,2019 年事件時社群表決通過的是「一次性修補」,以共識規則變更阻擋駭客地址在驗證層級的操作。
“VeChainThor’s software includes consensus-level checks that, once enabled through community governance, rendered the assets immovable,” the team wrote, emphasizing that the measure was governance-approved and not an always-on feature. In other words, VeChain argues there isn’t a secret kill-switch in normal operation; they merely amended the code via proper procedure to freeze those stolen funds. This response highlights the sensitivity around the issue – no blockchain wants to be seen as centrally controlled, even if in emergencies they act that way.
團隊表示:「VeChainThor 軟體包含共識層檢查,經社群治理啟用後,這些資產就無法移動。」強調該措施為經治理同意的非常規操作,且並非常駐功能。換言之,VeChain 強調其協議其實沒有暗藏殺手開關,僅是在特殊程序下修正代碼以凍結被盜資產。這種回應也說明了議題的敏感 —— 沒有區塊鏈願意被認為由中心集團全權控制,即使緊急時會採取此類手段。
Next in Line: 19 Networks a Few Clicks Away from Freeze Powers
排隊中:還有 19 條公鏈距離凍結功能只差幾步
Perhaps more startling than the 16 blockchains that have freeze functions is the report’s warning that 19 other networks could adopt similar controls with minimal effort. In many cases, the code scaffolding for blacklists or pausing transactions is already present or easily added. It might take just a few lines of code changed, or flipping a configuration flag, to turn on the feature.
比 16 個已具備資金凍結的公鏈更令人驚訝的,是該報告警告還有 19 條網絡,僅需極少修改就能導入相似的凍結機制。許多鏈的黑名單或暫停交易架構已經具備,或者一加即可。有時只要動幾行程式或切換一個設定參數,功能即能上線。
How pervasive could this become? Potentially very – if developers decide the trade-off is worth it.
這樣的「凍結滲透力」有多高?如果開發者認為利大於弊,普及的可能性非常高。
Bybit’s team did call out several specific projects in this “could easily freeze” category.
Bybit 團隊亦指名道姓列舉了多個「隨時可以凍結」的特定專案。
They noted that popular chains like Arbitrum, Cosmos, Axelar, Babylon, Celestia, and Kava are among those that could enable fund freezing with relatively minor protocol changes. These networks don’t currently advertise any freeze capability, yet their architectures are such that introducing one wouldn’t be difficult.
他們提到如 Arbitrum、Cosmos、Axelar、Babylon、Celestia、Kava 等熱門鏈,只要經過小幅協議調整,即可實施資金凍結。這些網絡目前並未公開宣稱有凍結功能,但設計結構使新增此機能相對輕鬆容易。
For example, many Cosmos-based chains use a module-account system (for things like governance or fee collection accounts).
舉例來說,許多 Cosmos 生態鏈採模組帳戶制(常用於治理或費用收取帳號)。
As the researchers observed, those module accounts could be tweaked to refuse outgoing transactions from certain addresses. So far, no Cosmos ecosystem blockchain has employed this to blacklist a user – doing so would require a governance-approved hard fork with a small code change in the transaction handling logic. But the fact that it’s feasible with a straightforward update means the blueprint is there, waiting on a decision.
據研究團隊觀察,這些模組帳戶能通過設計進行微調,限制特定地址的轉帳。目前尚無 Cosmos 生態鏈用此手段黑名單特定用戶,若要實施須透過治理批准進行硬分叉,並在交易處理邏輯做小幅代碼更動。但只要這功能可簡單補上 blueprint 就已成型,只待決策點頭。
In practice, enabling a freeze feature on these additional chains would likely follow a familiar pattern: a major hack or
實際上,若這些新鏈啟用凍結功能,多半也會走和前述事件雷同的劇本——例如遭遇重大駭客攻擊或...regulatory pressure might prompt developers to say, “We need this tool.” Indeed, after Sui’s $162M hack and freeze, the Aptos network (a fellow Move-language chain) quietly added blacklisting capability into its code in the weeks that followed. They saw the writing on the wall: without a freeze mechanism, they’d have little recourse if a similar exploit hit their ecosystem.
監管壓力可能會讓開發者說出:「我們需要這個工具。」事實上,在 Sui 發生 1.62 億美元的駭客事件並凍結資產後,另一個同樣採用 Move 語言的鏈 Aptos 也在其後幾周靜悄悄地將黑名單功能加入了程式碼。他們看清了情勢:如果沒有凍結機制,當類似的漏洞攻擊發生在自家生態系時,他們幾乎無計可施。
This demonstrates how one project’s precedent can influence others. If even a few more high-profile incidents occur, it’s easy to imagine a cascade of chains quickly implementing latent freeze switches “just in case.”
這說明了一個專案的先例如何影響其他專案。如果再發生幾起高調事件,不難想像會有越來越多公鏈「先做準備」,快速實作潛在的凍結機制。
The prevalence of similar code patterns suggests a degree of industry convergence on this issue. “It isn’t an anomaly – it’s becoming an industry template,” the report says of on-chain freeze logic. Many newer blockchains appear to have taken lessons (for better or worse) from previous hacks on older networks.
類似代碼模式的大量出現,顯示此議題正逐漸成為業界共識。報告中提到這類鏈上凍結邏輯:「這不是偶而為之——它正在變成產業模板。」許多新一代公鏈看來都從前輩鏈的駭客事件中學到了教訓(無論好壞)。
They may include hooks in their design that allow optional centralized actions, even if they don’t advertise them.
他們也許雖未公開宣傳,卻在設計裡預留了可以選擇啟用的中心化操作掛鉤。
In some cases, those hooks were spotted by Bybit’s AI scanning tool: the team leveraged an AI model (Anthropic’s Claude 4.1) to scan hundreds of repositories for keywords and code structures related to blacklisting and transaction filtering.
在部分案例,這些掛鉤甚至被 Bybit 的 AI 掃描工具發現:該團隊使用一個 AI 模型(Anthropic 的 Claude 4.1)去掃描數百個程式庫,尋找「黑名單」與「交易過濾」等關鍵詞與代碼結構。
This AI helper flagged dozens of potential instances across various projects.
這位 AI 助手於眾多專案中標出了數十個可能的案例。
Not all were true freeze functions – some false positives included user-level features that weren’t actually protocol-level controls. But the fact that automation was needed to sift through how widespread this might be underscores how murky the boundaries of “decentralized control” have become.
但這些發現不全是真正的凍結功能——有些是假陽性,例如僅屬用戶層面的功能,並非協定層控制。即便如此,必須依靠自動化來梳理這些現象,已凸顯「去中心化控制」界線日益模糊。
The researchers had to verify each case manually in the end , illustrating that even experts can struggle to discern where a blockchain has hidden levers of control.
研究人員最終還是必須逐一手動驗證,顯示即使專家也難以察覺某些區塊鏈何處藏有操控權。
Bybit’s report emphasizes that the existence of freeze capabilities in more networks is not hypothetical. It’s already the norm in spirit, if not letter. The difference is simply whether a project has flipped the switch yet. Many could do so with a hard fork or even a runtime config change, which means the ethos of absolute immutability is, in practical terms, compromised. We’re moving toward a landscape where a majority of chains have some degree of “stop button” – either active or waiting on standby. This raises the stakes for transparency: if these switches are pervasive, users and investors will want to know exactly who can pull them and how.
Bybit 報告強調,愈來愈多公鏈具備凍結機制並非假設,而在精神層面已成常態。差別只在於專案有沒有已經開啟這個開關而已。很多鏈只需硬分叉或改個執行時設定便可啟動,這意謂「絕對不可篡改」的理念已在實際操作上受損。我們正邁入一個大多數鏈都設有「暫停按鈕」的新格局——要嘛已經啟用,要嘛隨時待命。這讓「透明化」重要性大增:如果這些機制無所不在,使用者與投資人都會想知道究竟是誰能動用,以及動用方式。
Pragmatic Security or Hidden Centralization?
務實安全,還是隱性中心化?
The debate over these findings essentially boils down to a classic dilemma: do the benefits of emergency intervention outweigh the costs to decentralization?
這些發現的爭議,最終其實回歸到一個經典難題:緊急介入的好處是否比去中心化的代價更高?
Proponents of freeze functions argue they are a pragmatic security measure – a necessary option in a world where hacks, exploits, and thefts are rampant. Indeed, the report documents how freezes have saved substantial value. Sui’s swift action after the Cetus DEX hack potentially saved $162 million from being siphoned away forever.
主張凍結功能一方認為,這種機制是務實的安全措施——面對駭客、漏洞、竊盜橫行的世界,這是不可或缺的選擇。事實上,報告中記錄不少凍結行動挽救鉅額損失。像 Sui 在 Cetus DEX 被駭後迅速介入,或許挽回了 1.62 億美元免於永久流失。
BNB Chain’s blacklist during its 2022 exploit helped contain a $570 million breach, preventing further contagion across the Binance ecosystem. VeChain’s 2019 freeze of $6.6M in stolen tokens protected the project’s treasury and community funds from irretrievable loss. Each of those events could have been devastating; the ability to intervene turned them from fatal into merely painful.
BNB Chain 2022 年遭利用時開啟黑名單,協助將 5.7 億美元損失限制住,阻止了壞消息蔓延幣安生態圈。2019 年 VeChain 凍結 660 萬美元被盜代幣,則保護了金庫與社群基金未致於全數損失。每一例原本都可能是毀滅性災難,但因得以介入,僅止於「痛」而不致「死」。
“Without them, hacks like Cetus or the BNB bridge exploit would have wiped out investors,” as the report notes in defense of these mechanisms.
「如果沒有這些機制,像 Cetus 或 BNB 跨鏈橋這類駭客事故會讓投資人全軍覆沒,」報告為這些機制辯護時如是說。
However, each time a blockchain exercises this kind of override, it chips away at the fundamental trustless ethos of blockchain technology. Censorship resistance – the guarantee that nobody can prevent valid transactions – is a big part of why people put faith in decentralized networks. If users come to feel that a foundation or committee can step in and freeze funds at will, the psychological (and legal) distinction from traditional banks begins to blur. The Bybit researchers warn that even well-intentioned freezes set a precedent:
然而,每當區塊鏈啟動這種超然權力時,都在侵蝕區塊鏈最根本的「信任最小化」精神。抗審查——即沒人能攔阻有效交易——正是人們相信去中心化網路的原因之一。如果用戶發現基金會或委員會可以隨時凍結資產,這種信心理(甚至法律層面)就會和傳統銀行越來越模糊。Bybit 研究團隊警告,即使出於善意、一次性的凍結,也會成為先例:
“Once a chain freezes funds once, it’s hard to imagine it won’t again,” they write. The worry is that what starts as an exceptional measure could morph into a routine tool of control.
「一旦鏈上已經凍結過用戶資產,就很難想像未來不會重演」他們寫道。大家擔心,原本只是非常時期的例外,最終會變成日常管控工具。
There’s evidence that the line is already moving.
現實證明,這條界線確實正在移動。
According to the report’s data, nearly 70% of the documented freeze events occurred via actions at the consensus layer by validators or block producers. This is significant because it’s the deepest level of the system – meaning the censorship was baked into block production itself, not just at a superficial application layer. Average users wouldn’t even know it was happening; the chain simply stops processing transactions from certain addresses, no explanation given on-chain.
報告數據顯示,近七成的凍結事件都是由區塊鏈驗證者或出塊者,在「共識層」主導發生的。這很關鍵,因為它處於系統最深層——換言之,審查直接嵌入區塊生產流程,而不是停留在應用表層。一般用戶甚至察覺不到:區塊鏈只會默默不再處理某些地址的交易,鏈上也沒有解釋。
In a majority of cases the decisions to freeze were made by small governance councils, foundation teams, or core dev groups.
大多數案例中,作出凍結決策的都是小型治理理事會、基金會團隊,或核心開發群。
These are often unelected bodies, or if elected (like some validator sets), they tend to be insider-heavy and not directly accountable to millions of global users. Such freezes can thus resemble the actions of a central bank or government decree, executed without the kind of checks and balances decentralization was supposed to ensure.
這類決策單位通常沒有經過全面選舉,即便像部分驗證者一樣採用投票,也極易被圈內人士把持,實際上並不對全球千萬用戶負責。這種凍結行為甚至很像中央銀行或政府的命令——直接由少數人決斷,完全沒有去中心化應有的制衡。
The opacity around these emergency actions is a big part of the concern.
這些緊急操作的「黑箱」特質,更是讓人擔心。
In Sui’s case, the coordination to freeze funds was done through behind-the-scenes agreements among validators orchestrated by the Sui Foundation. There was no on-chain proposal or prior user vote; it was an urgent response.
以 Sui 為例,資產凍結完全是由 Sui 基金會私下協調驗證者後直接進行,根本沒有鏈上提案或事先用戶投票,純粹是緊急處理。
Similarly, Aptos’s newly added freeze feature is reportedly managed via validators’ private config files, and “only a handful of people know” who maintains the blacklist or how those decisions are made. This stealthy approach might be efficient in a crisis, but it sidelines the community and lacks transparency.
據傳,Aptos 新增的凍結功能也是靠驗證者的私有設定檔管理,「只有極少數人知道」誰能維護黑名單,也不清楚決策過程。這種隱密手法,雖然緊急時高效,卻把社群晾在一邊,嚴重缺乏透明度。
Even on BNB Chain, which is relatively open about its hardcoded blacklist, control “sits firmly with Binance’s developer core,” the analysis notes. That is, the ultimate decision of who gets blacklisted on BNB is effectively up to Binance’s leadership – an authority structure more akin to a corporation than a decentralized community project. And in the case of Heco’s contract-based freeze, an admin key held by the protocol’s operators can decide which addresses live or die on the network.
即便像 BNB Chain 這樣較公開說明有硬編碼黑名單,分析也指出其最終控制權「牢牢掌握在幣安核心開發團隊手裡」。誰進黑名單,等於是幣安決定,整體架構更像公司而非去中心化社群。此外例如 Heco 的合約式凍結,是由協議方管理的「管理員密鑰」決定哪些地址可以存活或消失。
For critics, these realities validate long-standing suspicions that many so-called decentralized blockchains are decentralized in name only. “The lines between foundation, validator, and regulator are blurring fast,” as one commentary observed. When push comes to shove, most major networks can act very much like centralized intermediaries: they can freeze funds, reverse transactions, or otherwise govern user activity in ways users may not realize.
對批評者而言,這些事實證實了長久以來對所謂「去中心化鏈」僅流於形式的質疑。例如有評論直言:「基金會、驗證者和監管者界線正在快速模糊。」關鍵時刻,多數主流鏈都會像中心化中介機構一樣可以凍結資產、逆轉交易,或以用戶察覺不到的方式,支配用戶行為。
The crypto community has already seen analogous debates with issues like OFAC sanctions compliance, where Ethereum validators started censoring sanctioned addresses in blocks in 2022. That, too, was seen as a slippery slope where outside pressure led to de facto centralized behavior emerging in a decentralized system.
幣圈社群早已歷經相關爭論,例如因 OFAC 制裁,2022 年以太坊部分驗證者開始封鎖被制裁地址。這同樣被認為是「滑坡效應」根源——外部壓力讓去中心化系統產生實質上的中心化行為。
On the other hand, defenders of emergency powers argue that some ability to intervene is simply part of “growing up” for crypto. As blockchain platforms become mainstream and carry billions in value, the realities of hacks and crime can’t be ignored.
另一方面,支持緊急權力的人則主張,介入能力正是加密產業「成熟」的一環。隨著區塊鏈平台日益主流、掌控數十億資產,駭客和犯罪的真實威脅已不能假裝不存在。
Even staunch decentralists might concede that if their own funds were stolen, they’d welcome a well-timed freeze to get them back. The key, perhaps, is ensuring proper governance and transparency around these capabilities.
即使最堅定的去中心化派,若碰上自己資金被偷,恐怕也會極力歡迎適時凍結救回資產。或許重點是,這些能力必須有妥善治理與透明度。
David Zong, Bybit’s head of security who led the research, framed it this way: Blockchain may have been built on decentralization, “yet our research shows that many networks are developing pragmatic safety mechanisms to respond quickly to threats.”
Bybit 資安主管及本次研究主持人 David Zong 如此詮釋:區塊鏈雖以去中心化為根基,「但我們研究顯示,許多網路正在發展務實的安全機制,以便迅速應對威脅。」
The crucial thing, he says, is that “transparency builds trust” – meaning if such mechanisms exist, they should be openly disclosed and subject to oversight, not hidden in code.
他強調最重要的是「透明才能建立信任」——如果確有這類機制,就該公開揭露、納入監督,而不是偷偷藏在程式碼裡。
The worst outcome would be secret backdoors or freeze buttons that users learn about only when it’s too late.
最糟的情況,就是等用戶親身受害才發現早有秘密後門或凍結按鈕。
By contrast, if a project openly states that it retains an emergency brake and gives a clear policy on how and when it’s used (e.g. only for hacks above X amount, requiring multisignature approval, etc.), users and investors can judge the trade-off for themselves.
相比之下,若一個專案公開有保留緊急剎車權,並載明何時、如何啟動(如僅針對大額駭客事件、多簽名授權才可動用等),用戶與投資人就能自行衡量利弊。
VeChain’s earlier-mentioned response is illustrative. They didn’t deny freezing funds – they defended how it was done, portraying it as a community-governed action rather than a unilateral move. This hints at a possible middle ground: any freeze should be enacted through some form of decentralized decision process. In VeChain’s case, they claim token holders approved the blacklist. In Sui’s case, after the fact, a community vote ratified the recovery plan. While these governance steps may be imperfect (critics will note that foundation influence can often sway votes or that emergency timing precludes lengthy debate), they at least attempt to align with decentralized principles. The alternative – a handful of core devs calling the shots – veers uncomfortably close to the centralized systems crypto sought to escape.
以先前提到的 VeChain 做例子蠻有啟發性。他們沒否認凍結資產,但強調是經社群治理而非單方面決定。這透露了可能的折衷解方:所有凍結行動都該透過某種去中心化程序執行。在 VeChain 案例,他們聲稱持幣人同意該黑名單;Sui 則是事後以社群投票確認復原方案。當然這些治理步驟不盡完美(批評者會指出基金會常有巨大影響力,且緊急事件已難有充分討論),但至少有意願接近去中心化原則。反觀另一種狀況——只由核心開發一小撮人拍板定案——即將加密圈推向它亟欲擺脫的中心化舊體制。
Nearly a year on from Ethereum’s historic “DAO fork” in 2016 – arguably the first on-chain fund intervention – the industry is still wrestling with the same core question: Should blockchains ever intervene in on-chain activity, even to correct a wrong?
距離以太坊 2016 年「DAO 分叉」——可謂史上初次由鏈上干預資金之舉——已近一年,整個產業仍在反覆辯論同一核心問題:區塊鏈應否為了矯正某個錯誤,介入鏈上的行為?
There may never be a one-size-fits-all answer. Different networks are taking different stances, from Bitcoin’s absolutist immutability (even Satoshi-era thefts can’t be reversed) to more flexible, governance-heavy chains like Tezos or Polkadot that explicitly allow community-led alterations. What is clear is that the presence of
這個問題或許永遠不會有放諸四海皆準的答案。不同網路有不同立場,從比特幣絕對不可改動(連 Satoshi 時代的失竊都不可逆)到 Tezos、Polkadot 此類允許社群帶頭治理、充滿彈性的鏈。不過很明顯的是……these freeze mechanisms blurs the dichotomy of centralized vs decentralized.
這些凍結機制模糊了「去中心化」與「中心化」之間的二分界線。
Many networks occupy a gray zone in between – decentralized in daily operation, but with centralized override capabilities in extreme scenarios. Whether one views that as prudent risk management or a fatal compromise likely depends on their philosophy and perhaps whether they’ve ever been on the losing end of a hack.
許多網路都處於這兩者之間的灰色地帶——日常運作上是去中心化的,但在極端情況時卻擁有中心化的干預能力。有人會認為這是謹慎的風險管理,有人則將其視為致命的妥協,這很大程度上取決於個人的理念,甚至是否曾在駭客攻擊中吃過虧。
Closing Thoughts
結語
Bybit’s report has pulled back the curtain on an uncomfortable truth: the ability to freeze funds is now part of the blockchain landscape, especially among top networks.
Bybit 的報告揭開了一個令人不安的事實:資金凍結的能力,如今已成為區塊鏈生態中的一部分,特別是在頂級公鏈中。
The choice facing the industry is not simply “centralization vs. decentralization” anymore. It’s honest governance vs. hidden control.
業界現在面臨的選擇已不再只是「中心化」或「去中心化」。而是「公開誠實的治理」與「隱晦難察的操控」。
Projects that come clean about their powers and put them under democratic checks may retain their credibility – they’ll be saying we are mostly decentralized, except in dire emergencies, and here’s exactly how that works.
若有專案願意坦承自身的權限,並將其置於民主監督下,或許還能維持信譽——等於公開宣示:「我們基本上是去中心化的,只有在緊急情況下才啟動例外機制,而且運作方式公開透明。」
In contrast, if such powers remain opaque and unchecked, it’s only a matter of time before they sow distrust or get misused. As regulatory scrutiny grows, some jurisdictions may even mandate on-chain freeze capabilities (the EU and Singapore have already floated ideas for “emergency brake” provisions in law ). Institutional investors, too, may prefer networks that can control risk, even if it means sacrificing some decentralization.
反之,若這類權力依舊不透明且缺乏監督,遲早會引發不信任,甚至被濫用。隨著監管壓力加劇,部分司法轄區甚至可能強制要求公鏈具備鏈上凍結功能(歐盟與新加坡就曾提出類似「緊急煞車」條款的構想)。機構投資人同樣可能傾向選擇能控制風險的網路,即使那代表需犧牲一些去中心化特性。
This could lead to a split between “compliant” chains that can intervene and “purist” chains that refuse, fundamentally reshaping the crypto ecosystem’s identity.
這將可能導致生態系出現劃分:一邊是能因應監管、可施行干預的「合規鏈」;另一邊則是堅守純粹去中心化、拒絕干預的「理想鏈」——最終從根本上重塑加密生態的身份認同。
In the end, decentralization in crypto is not dying – but it is maturing and facing hard reality checks.
最終,加密產業的去中心化並沒有消逝——而是在成熟,也正面臨現實的嚴苛考驗。