Don't have time to read? Check our video instead! ⬇️
The maxim of “not your keys, not your crypto”, is well-known in the cryptocurrency space — and many cryptocurrency users and investors count on this fact when taking custody of their own assets.
It is widely thought that if you take control of your private keys
, you will always retain control of your assets, and hence, cannot be subject to censorship
. But recent events have proven that this isn’t always the case.
Indeed, you might be surprised to find out that not only is it technically feasible to freeze assets held in an external wallet, but also relatively common. But, unless you’re involved in major criminal activity, the odds of it happening to you remain low.
Despite this, it is wise to familiarize yourself with this relatively unknown phenomenon. Here, we dispel the myth that cryptocurrencies cannot be frozen on-chain
Before we get into how developers are able to freeze assets within a wallet, we first need a short primer on how tokens work.
Contrary to how it might feel when interacting with them, ERC-20
tokens are simply a reference to a database that keeps track of which address holds what number of units of said token. The token contract is responsible for managing this database. When tokens are transferred from one person to another, the contract is responsible for changing the number of tokens associated with each address — deducting the sum from one address and adding it to another to ensure the supply remains constant.
Because this token contract is usually the only smart contract with the authority to modify the token holder database, it can be used to block access to funds, confiscate tokens or, in some cases, even burn the tokens entirely.
If an address is blacklisted by the smart contract
, then it may be unable to buy (or receive) and sell (or send) the token. Only an admin address will be able to update the smart contract with a blacklisted address.
As you can imagine, these features can be used to ward off attacks and confiscate illicit funds, or misused if someone gains admin control over a smart contract.
Though rare, the vast majority of blacklisting events come after an illicit activity is detected in the smart contract — such as if an attacker uses an inflation bug to mint
and transfer tokens to an address they control, or the police requests that assets are frozen pending investigation.
) is one such token with these capabilities. The USDT smart contract has the capability of freezing and reissuing USDT.
An example blacklist function from the Tether token contract. Image courtesy: Etherscan
According to Bloxy explorer
, 704 smart contracts have been blacklisted by the Tether token contract, with new addresses blacklisted every few days over the last month. Most prominently, Tether froze more than $150 million held across three addresses back in January — with the firm simply stating that the funds were frozen in response to a law enforcement request.
More recently, the Acala team froze 16 wallets containing close to 3 billion aUSD — a multi-collateral stablecoin
pegged to the U.S. dollar. Following an exploit that allowed aUSD liquidity providers
to mint non-collateralized aUSD, the Acala team managed to recover and burn these fraudulently minted tokens, but not before the attackers were able to dump a sizeable amount on Polkadot-based DEXes.
It is also possible for smart contract admins to freeze funds potentially associated with criminal activity on external DeFi
applications. For example, Circle
— a popular USDC issuer — recently froze several Ethereum addresses that had interacted with the Tornado Cash DApp
, leaving them unable to send or receive USDC.
It isn’t just Ethereum-based token contracts that might have freeze, blacklist and confiscation capabilities either. Most layer-1
blockchains have this functionality built in as a core feature of token contracts. This includes XRP and Stellar, both of which allow developers to issue tokens with a global freeze function — this allows the issuer to freeze token transfers.
That said, this ability to freeze generally applies only to tokens. Despite popular belief, it is not possible to freeze the native asset associated with most blockchains, such as BTC, ETH, BNB or XRP — unless they are held on a centralized platform, such as an exchange or with a custodian.
In general, the firms behind these centralized companies won’t freeze funds unless they are presented with police or court order. Nonetheless, the associated parent company, issuer or admin may reserve the right to freeze the assets for any or no reason.
An excerpt from Coinbase and Circle's Centre blacklisting policy document
sheds some light on when assets might be frozen on-chain:
“Where Centre determines, in its sole discretion, that failure to grant a blacklisting request presents a threat to the security, integrity, or reliability of the USDC Network, including security breaches that compromise USDC privileged keys (e.g., minter private key) and result in unauthorized USDC being minted from such compromise.”
It should be noted that all USDC issuers are required to comply with an approved blacklist request. And most fiat-backed stablecoins have similar capabilities.
Though the blacklist feature can be used to isolate funds involved in suspected crime, it can also be misused by scammers, through so-called “honeypot scams”. Most often, this takes the form of tokens that cannot be sold after being purchased on a decentralized exchange
By using the blacklist feature to automatically blacklist outbound transfers for any address holding the token, scammers can inflate the perceived value of their token on DEX explorers.
This produces a characteristic chart pattern, with wave after wave of successive green candles with few to no sell orders between.
The scammer, which controls the only whitelisted address(es), seeds the liquidity pool
for the fraudulent token and waits for their LP tokens
to grow in value as victims purchase the unsellable token.
Once the community wises up to the scam and the purchases stop, the scammer(s) then withdraws their LP tokens, claiming all of the funds contributed by unsuspecting buyers.
This type of scam is extremely common, with dozens of honeypot scams launching each month across DEXes like Uniswap, PancakeSwap and QuickSwap.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.