VeChain Addresses 2019 Blocklist Incident as a Unique Community-Approved Measure
VeChain has firmly responded to allegations stemming from a report by Bybit’s Lazarus Security Lab, which asserted that the blockchain contains a concealed feature enabling the freezing of user funds. In a statement issued on Thursday, VeChain labeled these claims as “factually incorrect and damaging to its reputation.”
VeChain Responds to Bybit’s Research Lab Claims
In its response on social media platform X, VeChain clarified that the only relevant incident occurred in December 2019, when a theft of a private key affected an individual wallet on the network. In the wake of this breach, the VeChain community voted to introduce a one-time blocklist to safeguard the stolen assets from liquidation. Validators updated their node software to prevent any transactions initiated from the thief’s wallets, thereby ensuring that the misappropriated funds could not be transferred or accessed. VeChain emphasized that this was a transparent, governance-based decision made in response to a significant security breach, rather than a permanent fund freeze embedded within the blockchain’s code.
The company highlighted the critical difference between “blocking” and “freezing,” criticizing Bybit’s report for misrepresenting validator-level policies as hardcoded freezing functionalities. “We urge the report’s author to perform a more thorough technical analysis to better grasp the consequences of conflating these two mechanisms in a public discussion,” VeChain stated.
Independent Audits Support VeChain’s Governance Model
VeChain also noted that independent audits conducted by firms like NCC Group, Coinspect, and Hacken have verified that VeChainThor’s software enables validators to reject specific transactions through community-approved governance, but does not allow for asset seizure or freezing. The blockchain’s consensus mechanisms are designed to facilitate decentralized decision-making rather than centralized control, according to VeChain.
Bybit’s Research Lab Findings
The report from Bybit’s Lazarus Security Lab, titled “Blockchain Freezing Exposed: Examine the Impact of Fund Freezing Ability in Blockchain,” claimed that 16 prominent blockchain networks possess functionalities that allow developers or validators to freeze or limit user funds. The report included VeChain among several others, such as Binance-backed BNB Chain, Sui, Aptos, and XinFin’s XDC Network, which it claimed had hardcoded freezing abilities directly within their source code.
The study analyzed 166 blockchain networks through a combination of AI-assisted coding analysis and manual verification, identifying three main categories of fund-freezing mechanisms: hardcoded freezing, configuration-based freezing, and on-chain contract freezing. It referenced several historical instances of fund-freezing actions, such as Sui’s freezing of $162 million in stolen assets after the Cetus hack and BNB Chain’s use of hardcoded blacklists to address a $570 million bridge exploit. Researchers concluded that while these measures can help limit damage from security incidents, they also provoke concerns regarding centralization and censorship, indicating that the presence of fund-freezing capabilities—regardless of their security intent—challenges the ideal of complete decentralization.
