Strong faith after: why SUI still has long-term growth potential

This article was published by Aquarius Capital in conjunction with Klein Labs, with special thanks to eco-projects especially NAVI Protocol and Bucket Protocol and Comma3 Ventures for their technical guidance and support during the research process.

TL;DR

1. The Cetus vulnerability originates from the contract implementation, not the SUI or Move language itself:
   This attack is rooted in the lack of boundary checks on the arithmetic functions in the Cetus protocol - a logical vulnerability caused by mask over-with and displacement overflow - and has nothing to do with the resource-oriented security model of the SUI chain or the Move language. The vulnerability can be fixed with "one line boundary check" and does not affect the core security of the entire ecosystem.

2. The "reasonable centrality" of SUI's mechanism showed its value in the crisis: Although SUI's use of DPoS verifier rounds and blacklist freezes was mildly centralized, it came in handy during the CETUS response: verifiers quickly synchronized malicious addresses to the Deny List, refused to package transactions, and instantly froze more than $160 million in funds. This is essentially a form of positive "chain Keynesianism", where effective macro-control has a positive effect on the economic system.

3. Reflections and recommendations for technical security:
   Math and boundary checks: introduce upper and lower bound assertions for all key arithmetic operations (e.g., displacement, multiplication and division) with extreme value fuzzing and formal verification. In addition, there is a need for enhanced auditing and monitoring: in addition to general code auditing, add a professional math audit team and real-time on-chain transaction behavior detection to catch unusual splits or large flash credits early.

4. Summary and Recommendations for Fund Protection Mechanisms:
   In the Cetus incident, SUI and the project team demonstrated efficient coordination by successfully freezing over $160 million in funds and implementing a 100% reimbursement plan, showcasing robust on-chain crisis response capabilities and ecosystem accountability. Additionally, the SUI Foundation allocated an extra $10 million in audit funding to strengthen security defenses.
   Moving forward, the following measures can further enhance fund protection mechanisms:
   - On-chain tracking systems for real-time threat detection
   - Community-driven security tools for decentralized monitoring
   - Decentralized insurance protocols to mitigate risks
   - Expanded auditing programs to prevent future exploits
   This framework ensures a more resilient and secure ecosystem.

5. **Diversified expansion of the SUI ecosystem **
   SUI has rapidly realized the leap from "new chain" to "strong ecosystem" in less than two years, and built a diversified ecological map covering stablecoin, DEX, infrastructure, DePIN, games and other tracks. The total scale of stable coins has exceeded $1 billion, providing a solid liquidity foundation for DeFi modules; TVL ranks 8th globally, transaction activity is 5th globally, and non-EVM networks are 3rd (after Bitcoin and Solana), showing strong user participation and asset depositing capacity.

1. Chain reaction triggered by a single attack

On May 22, 2025, Cetus, a header AMM protocol deployed on the SUI network, was hacked, exploiting a logic vulnerability related to an "integer overflow problem" to launch a precision manipulation that resulted in the loss of over $200 million in assets. This incident is not only one of the largest security in lcidents in the DeFi space so far this year, but also the most destructive hack since theaunch of the main SUI network.

According to DefiLlama data, the TVL of SUI's entire chain plummeted by more than $330 million on the day of the attack, while the Cetus protocol's own lockup amount instantly evaporated by 84% to $38 million. As a result, many popular tokens on SUI (including Lofi, Sudeng, Squirtle, etc.) plummeted by 76% to 97% in just one hour, prompting widespread concern about SUI's security and ecological stability.

However, the SUI ecosystem has demonstrated strong resilience and recovery ability after the shockwave. Despite the short-term confidence fluctuations brought about by the Cetus incident, the chain's funding and user activity did not suffer a sustained decline, but instead prompted the entire ecosystem to pay significantly more attention to security, infrastructure construction and project quality.

Klein Labs will focus on the cause of the attack, the node consensus mechanism of SUI, the security of MOVE language, and the ecological development of SUI, to sort out the current ecological landscape of this public chain which is still in the early stage of development, and to discuss its future development potential.

2. Analysis of the causes of the Cetus incident attack

2.1  Attack Execution Process

According to the technical analysis of the Cetus attack by the SlowMist team, the hackers successfully exploited a critical arithmetic overflow vulnerability in the protocol, and with the help of flash loan, precise price manipulation, and contractual flaws, stole more than $200 million in digital assets in a short period of time. The path of the attack can be broadly categorized into the following three stages:

① Initiate flash loans and manipulate prices

The hackers started by lending large amounts of money for price manipulation using maximum slippage flashcash 10 billion haSUI flash loans. Flash loans allow users to borrow and return funds in the same transaction, paying only a fee, with high leverage, low risk and low cost. Hackers used this mechanism to drive down the market price in a short period of time and keep it precisely within an extremely narrow range.

The attacker then prepares to create an extremely narrow liquidity position, setting the price range exactly between the minimum quote of 300,000 (and the maximum price of 300,200, with a price width of only 1.00496621%.

By doing the above, the hackers managed to manipulate the haSUI price by utilizing a large enough number of tokens with huge liquidity. They then targeted several tokens of no real value for manipulation.

② Add liquidity

The attacker creates a narrow liquidity position, declares to add liquidity, but ends up collecting only 1 token due to a vulnerability in the checked_shlw function.

Essentially this is due to two reasons:
a. Overly broad mask setting: This equates to an extremely large upper limit on liquidity additions, resulting in a contract with a null check on user input. The hacker bypasses the overflow detection by setting anomalous parameters and constructing the input to always be less than this upper limit.
b. Data overflow truncation: When performing a n << 64 bit shift operation on the value n, a data truncation occurred because the shift exceeded the valid bit width (256 bits) of the uint256 data type. The high bit overflow was automatically discarded, resulting in a much lower than expected result of the operation, which caused the system to underestimate the amount of haSUI required for the conversion. The final calculation is approximately less than 1, but since it is rounded upwards, the final calculation is equal to 1, i.e. the hacker only needs to add 1 token to exchange for a huge amount of liquidity.

③ Withdrawal of liquidity

Make flash loan repayments and retain huge profits. Ultimately siphoning off token assets totaling hundreds of millions of dollars from multiple liquidity pools. The loss of funds was severe and the attack resulted in the theft of the following assets:
- 12.9 million SUI (about $54 million)
- 60 million USDC
- $4.9 million Haedal Staked SUI
- $19.5 million TOILET
- Other tokens such as HIPPO and LOFI are down 75-80% with liquidity drying up

2.2 Causes and characteristics of this vulnerability

There are three main features of this Cetus breach:

2.2.1. Very low cost to fix: on the one hand, the root cause of the Cetus incident was an omission in the Cetus math library,is not an error in the protocol's pricing mechanism, or an underlying architectural error. On the other hand, the vulnerability is only limited to Cetus itself, and has nothing to do with the core codebases of SUI. The root cause of the vulnerability lies in a boundary condition judgment, only two lines of code can be modified to completely eliminate the risk; after the completion of the repair can be immediately deployed to mainnet, to ensure that the logic of the subsequent contract is complete, to eliminate the vulnerability.

2.2.2. Highly invisible: The contract has been up and running smoothly for two years with no failures, and the Cetus Protocol has been audited several times, but the vulnerability has not been found, mainly because the Integer_Mate library used for mathematical calculations was not included in the audit scope.
Hackers use extreme values to precisely construct trading ranges, constructing extremely rare scenarios that submit to very high liquidity before triggering anomalous logic, suggesting that this type of problem is difficult to detect through ordinary testing. These types of problems are often in the blind spot of people's vision, and therefore lurk for a long time before being detected.

2.2.3. The problem is not unique to Move:
Move outperforms many smart contract languages in terms of resource security and type checking, and has built-in native detection of integer overflows in common scenarios. This overflow is due to a left shift when adding liquidity, which can be commonly referred to as a multiplication overflow when multiplying the number of tokens. Simple addition and subtraction overflows do not occur on move.

Similar vulnerabilities have occurred in other languages (e.g., Solidity, Rust) and are even easier to exploit due to their lack of integer overflow protection; prior to the Solidity release, overflow detection was very weak. Historically, there have been addition overflows, subtraction overflows, multiplication overflows, and so on, all as a direct result of out-of-range operations. For example, the vulnerabilities in the Solidity language's BEC and SMT smart contracts were achieved by carefully constructed parameters that bypassed the contract's detection statements and over-transferred money.

3. Consensus mechanism for SUI

3.1 Introduction to the SUI Consensus Mechanism

Overview:
SUI Adopts Delegated Proof of Stake Framework (DPoS) The DPoS mechanism, while capable of increasing transaction throughput, is unable to provide an extremely high degree of decentralization like PoW (Proof of Work). As a result, SUI has a relatively low degree of decentralization and a relatively high governance threshold, making it difficult for ordinary users to directly influence network governance.
-Average number of verifiers: 106
-Average Epoch Period: 24 hours

Mechanism process:
- Delegation of Interests: Ordinary users do not need to run their own nodes, but can participate in network security assurance and reward distribution by pledging and delegating their SUIs to candidate verifiers. This mechanism lowers the participation threshold for ordinary users, enabling them to participate in the network consensus by "hiring" trusted verifiers. This is also a major advantage of DPoS over traditional PoS.
- Representative rounds out of blocks: a small number of selected verifiers out of blocks in a fixed or randomized order, boosting the speed of confirmation and improving TPS.
- Governance and re-election: after each counting cycle, a dynamic rotation is performed to re-elect the Validator collection based on the voting weights, ensuring node dynamics, consistency of interests, and decentralization.

Advantages of DPoS:
- High efficiency: Due to the controllable number of nodes out of the block, the network can complete the confirmation in milliseconds to meet the high TPS demand.
- Low cost: with fewer nodes involved in consensus, the network bandwidth and computing resources required for message synchronization and signature aggregation are significantly reduced. Thereby, the hardware and operation and maintenance costs drop, and the requirement for computing power drops, resulting in lower costs. Ultimately, lower user fees are realized.
- High security: the pledge and entrustment mechanism allows the attack cost and risk to be amplified simultaneously; with the chain forfeiture mechanism, malicious behavior is effectively suppressed.

Meanwhile, in SUI's consensus mechanism, an algorithm based on BFT (Byzantine Fault Tolerance) is used, which requires that more than two-thirds of the votes of the verifiers agree in order to confirm a transaction. This mechanism ensures that the network remains secure and efficient even if a few nodes go rogue. Any upgrades or major decisions also require more than a two-thirds vote to be implemented.

In essence, DPoS is a compromise of the impossible triangle, a compromise between decentralization and efficiency. DPoS chooses to reduce the number of active block nodes in the impossible triangle of security-decentralization-scalability in exchange for higher performance, giving up a certain degree of complete decentralization but significantly increasing network throughput and transaction speeds compared to pure PoS or PoW. Compared with pure PoS or PoW, it gives up a certain degree of complete decentralization, but significantly improves network throughput and transaction speed.

3.2 Performance of SUI in this attack

3.2.1 Operation of the freezing mechanism

In this case, SUI quickly froze the address associated with the attacker.

On a code level, it is making it impossible to package transfer transactions for uploading to the chain. Validation nodes are the core components of the SUI blockchain, responsible for validating transactions and en     forcing the rules of the protocol. By collectively ignoring transactions associated with an attacker, these validators amount to implementing an 'account freeze' mechanism at the consensus level similar to that used in traditional finance.

The SUI itself has a built-in deny list mechanism, which is a blacklisting feature that blocks any transaction involving a listed address. Since this feature is already present in the client, when an attack occurs.
The SUI is able to freeze the hacker's address immediately. Without this feature, it would be difficult for Cetus to coordinate a one-by-one response from all validators in a short period of time, even if the SUI only had 113 validators.

3.2.2 Who has the authority to change the blacklist

TransactionDenyConfig is a YAML/TOML configuration file loaded locally by each validator. Anyone running a node can edit this file, hot reload or restart the node, and update the list. On the surface, each validator appears to be free to express its own values.

In practice, such critical configuration updates are usually coordinated for the sake of security policy consistency and effectiveness Since this is an "urgent update driven by the SUI team", it is essentially the SUI Foundation (or its authorized developers) that sets up and updates this denial list.

SUI publishes a blacklist, and in theory verifiers can choose whether or not to adopt it - but in practice most people automatically adopt it by default. So while this feature protects user funds, it does have a degree of centralization by its very nature.

3.2.3 The nature of the blacklisting function

The blacklist function is actually not the underlying logic of the protocol, it is more like an additional layer of security to deal with unexpected situations and ensure the safety of user funds.

Essentially, it is a security assurance mechanism. It is similar to a "security chain" that is attached to the door and is enabled only for those who want to break into the home, i.e., to commit an evil against the protocol. For users:
- For the big players, the main providers of liquidity, the protocol is the most important to ensure the security of funds, because in fact, the chain data tvl is contributed by all the major players, and in order to ensure the long-term development of the protocol, it will be a priority to ensure security.
- For the retailer, the contributor of ecological activity, the strong supporter of technology and community co-construction. The project side also hopes to attract retail investors to build together, so as to gradually improve the ecology and enhance the retention rate. As for the defi field, the most important thing is the safety of funds.

The key to determining "centralization" is whether the user has control over the assets. In this regard, SUI utilizes the Move programming language as a natural way to vest in the user's assets:
SUI is built on top of the Move language, and the core idea of Move can be summarized as "money follows address":
Unlike the Solidity language, which uses smart contracts as the core of interaction, in Move, the user's assets are always stored directly under the individual's address, and the transaction logic revolves around the transfer of ownership of resources. This means that the control of assets naturally belongs to the user and is not contractually hosted, reducing the risk of losing funds due to contract loopholes or improperly designed permissions, and fundamentally enhancing the decentralization property.

SUI is also currently working to enhance decentralization. It is in the process of gradually lowering the barrier to entry for verifiers through the implementation of the SIP-39 proposal.

The new proposal adjusts the threshold of access for verifiers from simply the number of pledges to the right to vote, thus increasing the participation of ordinary users.

3.3 The Boundaries and Realities of Decentralization: The Governance Controversy Raised by SUI

In the case of SUI's emergency response, the joint action of the community and the verifiers led to a heated debate about the extent of its "decentralization":

Some crypto practitioners see SUI as more decentralized:

• SUI community members responded "Decentralization is not about sitting back and letting people be victimized, it's about allowing people to act together without needing to get permission from anyone." -- It's impossible to sit back and do nothing when huge amounts of money are stolen.

• "This is real-world decentralization, not 'powerlessness' but 'alignment with and response from the community.' At the heart of decentralization "is not the ability to stand by and watch people get attacked, but the ability for communities to act in concert without permission."

• This is not unique to SUI - most PoS chains, from Ether to BSC, face a similar risk of validator centralization, and SUI's case just brings the issue into sharper focus.

Some practitioners also believe that SUI is too centralized:

-For example, Cyber Capital founder Justin Bons says that SUI's validators are teaming up to scrutinize hackers' transactions - does this mean SUI is centralized? The short answer is: yes. But more importantly, why? Because the 'founders' hold most of the supply and there are only 114 verifiers! For comparison, Ethereum has over 1 million verifiers and Solana has 1,157.

But we think this theory is a bit one-sided：

• SUI All validators are basically functionally the same and dynamically rotate to update the validators to achieve metabolism and prevent centralization of power and unequal allocation.

From the perspective of macroeconomic theory, moderate and slight centralization is necessary at the current stage due to information asymmetry and incomplete market development.

In traditional economic theory, the centrality model also has its advantages:
- Reducing the risk of information asymmetry: centralized subjects tend to have more information and are able to more accurately assess the risk of transactions, effectively avoiding the occurrence of adverse selection and moral hazard.
- Responding to market volatility: In the face of external shocks or systemic risks, the centralized mechanism can quickly unify decision-making and resource deployment, thus improving the resilience and adaptability of the market.
- Promoting coordination and cooperation: centralized institutions help to achieve more efficient coordination in the game of multiple interests and promote the rational allocation of resources and the improvement of overall efficiency.

Overall, slight and bounded centralization is not a scourge, but an effective complement to the ideal of "decentralization" under realistic economic conditions. This is a transitional arrangement, and the crypto world will eventually evolve towards decentralization, which is the industry consensus and the ultimate goal of the development of technology and concepts. In the scenario of this event, this centralization enables Keynesian-like macro-control. The same is true in economies, where a completely decentralized market economy can also lead to economic crises, and moderate macro-control can move the economic system in a favorable direction.

4. Technical Moat of Move Language

In the crypto world where smart contract security incidents are frequent, Move language is gradually becoming an important infrastructure for the new generation of public chains by virtue of its resource model, type system and security mechanism:

1). Clear attribution of funds and natural segregation of authority Move:
Assets are "resources", each resource is independent and can only be attributed to one account, it must be clear who is the "owner". Assets strictly belong to the money in the user's wallet, only the user can manage them, and permissions are clear. Solidity: User assets are actually controlled by the contract, and developers have to write additional control logic to restrict access. Once the permissions are written incorrectly, the smart contract may fail and the assets can be manipulated arbitrarily.

2). Linguistic anti-re-entry attacks
Move: Based on resource ownership and linear type system, every time a resource is used, it is "moved" and cannot be called again, which naturally shields it from the risk of re-entry attacks. Solidity: "Re-entry attacks" are one of the most famous attacks on Ether, such as the famous The DAO vulnerability.Solidity is susceptible to re-entry attacks, which need to be manually defended by developers through the "check-effect-interaction" model.

3). Automatic memory management and resource ownership tracking
- Move: Based on Rust's linear type and ownership model, all resources can be tracked at compile time, and the system automatically recycles unused variables and prohibits implicit copying or discarding, eliminating the risk of suspension and repeated releases. - Solidity: using manual memory management stack model, developers need to maintain the variable life cycle by themselves, prone to memory leakage, invalid references or privilege abuse, increasing the possibility of vulnerabilities and attack surface.

4). Structure from Rust, security and readability is stronger
-Tighter syntax: strong type checking at compile time, memory safety, no uninitialized variables, logic errors are caught before running, reducing online accidents.
-Perfect Error Reporting Mechanism: The compiler clearly indicates the location and type of errors, which facilitates development and debugging and reduces unpredictable behavior.

5). Gas is cheaper and more efficiently implemented
Move language structure is streamlined, the execution path is shorter, and the virtual machine is optimized to consume less gas per unit of computation. It realizes the improvement of execution efficiency and the reduction of user operation cost, which is SUItable for high-frequency transaction application scenarios such as DeFi and NFT mint.

From a comprehensive point of view, Move language is not only significantly better than traditional smart contract language in terms of security and controllability, but also avoids common attack paths and logical vulnerabilities from the root through resource model and type system, Move language represents the direction of smart contract development from "just run" to "inherently secure". It provides a solid infrastructure for new public chains such as SUI, and opens up new possibilities for the technological evolution of the entire crypto industry.

5. A few recommendations based on the SUI attacks

Technical advantage does not mean infallibility. Even in a chain designed with security at its core, complex contract interactions and improperly handled boundary conditions can still become a breakthrough for attackers to exploit. The recent security incident on SUI reminds us once again that auditing and mathematical verification are also indispensable in addition to security design, and we will put forward targeted suggestions and thoughts from the perspective of development and risk control.

5.1 Hacking

1). Mathematical boundary conditions must be analyzed rigorously
The hacking incident revealed the vulnerability of lax mathematical boundary conditions. The attacker bypassed the contract's security detection by manipulating the liquidity positions in the contract, utilizing incorrect boundary conditions and numerical overflows.Therefore, all key mathematical functions must be rigorously analyzed to ensure that they work correctly under various input conditions.

2). Complex vulnerabilities require the introduction of professional math audits
The data overflow and boundary check failure vulnerabilities in this incident involve complex mathematical calculations and displacement operations, which are difficult to be captured by conventional auditing. Traditional code auditing focuses on the functionality and security of the contract, while the review of complex mathematical problems usually requires a more professional mathematical background, so it is recommended to introduce a professional mathematical auditing team to identify and repair such hidden dangers.

3). Raising the standard of scrutiny of projects that have experienced attacks
Hackers' use of the Lightning Loan mechanism for market manipulation is a good example of how even projects that have already experienced an attack are still potentially at risk of being attacked. Projects that have experienced previous attacks need to have their code and contracts scrutinized more rigorously and meticulously to ensure that similar vulnerabilities do not occur again. In particular, the review should be more comprehensive in terms of math processing, data overflow and logic vulnerabilities.

4). Strict boundary checking for cross-type value conversion
Hackers exploit problems such as masks set too wide and data overflows truncated, which ultimately lead to miscalculations in the contract and thus successful price manipulation. All cross-type conversions, such as integer to float conversions, must be subject to strict boundary checks to ensure there is no risk of overflow or loss of precision. In particular, a stricter approach should be taken when calculations are performed on large values.

5). The devastation caused by the "Dust Attack"
By manipulating the price of low-value tokens ("dust"), hackers take advantage of the low liquidity of these tokens, especially when exchanging AMMs in the DeFi space, making them easy to manipulate in the market. This type of manipulation is not limited to high-value tokens, but low-value tokens can also be used as a breakthrough, so project owners need to be aware of the potential threat of "Dust Attacks" and take steps to prevent such risks.

6). Strengthening real-time monitoring and response capabilities for hacking behavior
Prior to the official successful attack on the protocol, the hackers attempted a similar attack, but the transaction failed due to possible Gas insufficiency. Such a large liquidity transaction, even if it fails, should be detected and alerted in a timely manner. The platform's monitoring system should be able to trigger the risk control mechanism immediately upon the occurrence of such abnormal transactions and identify potential threats at an early stage. By strengthening real-time monitoring of on-chain trading behavior and combining it with advanced analytical tools and technological means, the platform can intervene in a timely manner at the early stage of the problem to avoid further losses.

5.2 On-Chain Financial Security and Emergency Response

5.2.1 SUI coping mechanisms in crisis management

1). Validator nodes interconnect to block hacker addresses promptly
SUI minimizes the loss by enhancing the interconnection between validator nodes and blocking the hacker's address promptly.
First of all, it is necessary to understand the basic principle of on-chain fund transfer: each transfer must be signed by a private key to prove the ownership of funds, and after the network verifier (e.g., node or sequencer) confirms its legitimacy, it is then packaged by the block and broadcasted on the chain to finally complete the tamper-proof settlement process.
SUI's blocking of funds is actually realized in the step of verifier confirmation: by adding the hacker's address to the blacklist and synchronously distributing it to all verifier nodes, so that they will refuse to pack and confirm the transactions related to this address, thus blocking the funds from being uplinked and achieving the effect of freezing.

2). Audit Subsidy and On-Chain Security Enhancement
SUI has always emphasized on-chain security, providing free audit services for on-chain projects and providing strong support for ecosystem security. After the Cetus hacking incident, SUI Foundation announced a new $10 million audit subsidy to strengthen audit and vulnerability protection and further enhance on-chain security.

3). Synergy between Cetus and SUI
In this security incident, SUI and Cetus demonstrated exceptional coordinated incident response capabilities and ecosystem coordination mechanisms. Following the anomaly, the Cetus team promptly engaged with SUI validators and, with majority validator consensus, successfully froze the attacker’s two wallet addresses, securing over $162 million in assets. This action established a critical time window for subsequent asset recovery and compensation.
Notably, Cetus officially announced that, leveraging its own cash and token reserves alongside critical support from the SUI Foundation, it will implement a 100% full reimbursement for affected users.
This coordinated effort not only highlights SUI’s infrastructure adaptability and operational efficiency in mitigating systemic risks but also reflects the foundation of trust and shared accountability among ecosystem participants. These actions establish a robust framework for building a more resilient security ecosystem within SUI’s DeFi landscape, setting a precedent for future crisis management in decentralized environments.

5.2.2 Reflections of the Cetus Hack on the Security of Users' Funds

1) From a technical point of view, direct on-chain funding recovery is not completely impossible, and there are two main types of common responses:
- Rollback on-chain operations: i.e., "rolling back" some on-chain transactions to bring the state back to a point in time prior to the attack;
- Move Multiple Signature Authority: Take control of a critical wallet and forcibly retrieve funds from a hacked address through multiple party authorizations.

However, these practices are generally only activated when the volume of funds is very large and the risks are extremely high. Although effective, they have a certain impact on the principle of decentralization and are prone to controversy. Therefore, many project parties will try to avoid adopting them, except when they are forced to do so, when they cannot negotiate, and when the funds cannot be recovered.
Cetus and SUI, in their recent case, did not choose to directly "knife" the data on the chain, but dealt with it in a gentler way - for example, freezing the transaction request of the malicious address at the level of the verifier. Compared with traditional violent means, this approach is more respectful of the spirit of decentralization, and also reflects the more delicate security governance capabilities of the Move ecosystem.

2) Community co-construction and improvement of security tracking mechanisms
To strengthen the security of the Move ecosystem, community building is key. Currently, the technical foundation of Move is solid, but the number of participants is relatively small, especially in terms of on-chain tracking and security auditing, which is still not mature enough. In contrast, Ether has already developed comprehensive on-chain monitoring tools (e.g. Etherscan) through years of community building. Therefore, more developers and security organizations need to participate in building a similar tracking system to enhance the transparency and risk resistance of the overall ecosystem.

3) Introducing insurance compensation to guarantee the safety of funds
Some decentralized projects cooperate with insurance agreements such as Nexus Mutual to provide security for users' pledged funds and reduce the risk of loss due to loopholes or attacks.

6. A continuously thriving SUI ecology: beyond DeFi, everything grows

SUI is undoubtedly in a special period at the moment, and although it faces some challenges, it still maintains its leading position in TVL, developer activity and ecological construction, and is firmly at the top of the Move series of public chains. However, some communities still have FUD and lack rational understanding of SUI's technical advantages and ecological potential.

Up to now, the TVL of SUI network is about $1.6 billion, and the average daily DEX transaction volume is maintained at about $300 million, showing strong capital activity and enthusiasm of on-chain users. Although SUI is still a relatively young member of the mainstream public chains, it has already ranked among the top in terms of developer activity, and its ecological construction is proceeding at a rapid pace. Starting from the NFT collection in the early days, SUI now covers a number of vertical tracks such as DEX, infrastructure, games, DePIN, etc. More and more projects have chosen to build on SUI, gradually forming a diversified application matrix.

Among them, the rapid development of the stablecoin ecosystem has laid a key foundation for SUI's DeFi foundation. According to DefiLlama, the total scale of stablecoins deployed on SUI chain has exceeded $1 billion, accounting for a significant proportion of TVL and becoming an important source of on-chain liquidity.

This trend is also reflected in DefiLlama's public chain rankings: SUI is currently ranked 8th in TVL and 3rd in non-EVM chains (after Solana and Bitcoin), and in terms of on-chain transaction activity, SUI is ranked 5th in the world and 3rd in non-EVM networks. Surprisingly, the fact that SUI has achieved this in less than two years on the mainnet is not just due to the resources of Mysten Labs or the Foundation, but also to the participation of developers, users, and infrastructure partners.

Binance's attention to SUI's eco-projects has also increased significantly recently. Its Alpha Project Zone has successively launched a number of representative projects including NAVI, SCA, BLUE, HIPPO and NS, further amplifying the exposure and trading liquidity of ecological projects, and highlighting the strategic position of SUI Eco in CEX's vision.

The time lag in the response of some of the SUI community has provided us with the time and opportunity to observe other potential projects on SUI. As the leading public chain in the Move system, projects on SUI still deserve our attention. In the process, we will be able to discover more innovative projects worthy of investment and support, and at the same time accumulate experience for future blockchain development.

So,what constitutes the current SUI ecosystem in terms of representative projects? To provide a clear snapshot of SUI’s ecosystem landscape, we will outline its most notable protocols.

While SUI hosts many promising projects in consumer-facing and gaming segments, this analysis will prioritize examining core DeFi protocols, aligning with our focus as liquidity providers.:

There are  many outstanding consumer and gaming protocols that are excellent.Since we are liquidity providers, this time we will focus on analyzing DeFi protocols.

Navi Protocol

Navi is a one-stop DeFi protocol on SUI with features covering multi-asset lending, leveraged vaults, LSTFi (VOLO LST) and the aggregator Astros, which supports blue-chip assets, LP Token and long-tail assets, and offers flash lending services for advanced strategy needs. Currently TVL is over $400 million, ranking second on SUI network. Native token $NAVI has been launched on OKX, Bybit and other mainstream exchanges, becoming one of the most representative lending platforms on SUI.
Website https://www.naviprotocol.io/
X  https://twitter.com/navi_protocol

Bucket Protocol

Bucket Protocol is a liquidity platform on the SUI Network that allows users to mint the $BUCK stablecoin by locking various assets as collateral. It supports multiple assets like $SUI and $BTC, enabling flexible access to stablecoin liquidity. With over $110 million TVL, Bucket Protocol plays a key role in enhancing liquidity and expanding DeFi use cases within the SUI ecosystem.
Website https:https://www.bucketprotocol.io/\
X  https:https://x.com/bucket_protocol

Momentum

Momentum Finance is a decentralized exchange built on Sui that utilizes the ve(3,3) tokenomics model. It aims to unify token issuance and liquidity management into a single DeFi infrastructure. The ve(3,3) model coordinates incentives between liquidity providers, traders, and the protocol. Protocol incentives drive liquidity and APR, voters receive 100% of the fees and bribes, liquidity providers receive 100% of the MMT emissions, and traders enjoy low fees and minimal slippage. Momentum is also responsible for issuing key stablecoins on Sui, such as AusD, FDUSD, and USDY, further solidifying its role as critical infrastructure.

Website: https://app.mmt.finance/
X: https://x.com/MMTFinance

Bluefin

Bluefin is a decentralized perpetual contract trading platform on SUI that supports more than 10 USDC-collateralized contract markets with up to 20x leverage, an off-chain order book and on-chain settlement architecture, and a confirmation latency of less than 30 milliseconds. Its cumulative trading volume has exceeded $50 billion, with a market share of more than 80%. Bluefin is also expanding its spot trading and sub-protocol AlphaLend, and fully laying out the DeFi lending market.
Currently, its native token $BLUE is live on Bithumb, a mainstream Korean exchange.
Website https://bluefin.io/
X https://x.com/bluefinapp

Haedal Protocol

Haedal is a native LSD protocol on SUI that allows users to pledge SUI in exchange for haSUI, realizing both returns and liquidity. It improves verifier yield through dynamic allocation and introduces Hae3 modules, including the anti-MEV market making mechanism HMM, the CEX simulation strategy vault haeVault, and the governance system haeDAO, which work in tandem to improve APR and capital efficiency. TVL currently ranks fourth in the chain and is becoming a major player in the LSD space.
Currently, its native token $HAEDAL is live on major exchanges such as Binance, Bybit, Bithumb, etc.
Website https://www.haedal.xyz/
X https://x.com/HaedalProtocol

Artinals

Artinals is an RWA protocol built on SUI, which is dedicated to transforming real assets such as art, real estate, and collectibles into tradable NFTs. Its self-developed ART20 standard supports the digitization of the entire process of asset creation, trading, and management, and is equipped with dynamic metadata and royalty-sharing mechanisms. Artinals provides a no-code dashboard and a low-code SDK, which reduces the threshold of asset uploading to the chain, and enables real-time trading of assets through ObjeX.world. Artinals provides a code-free dashboard and low-code SDK to lower the threshold of assets on the chain, and realizes real-time trading of assets through ObjeX.world.
Website https://artinals.com/
X https://x.com/artinalslabs

DePIN & AI

Walrus Protocol

Walrus Protocol, developed by Mysten Labs, is SUI's decentralized storage and data availability protocol designed to address on-chain large file storage. It combines Codec technology and DPoS consensus to distribute data slices to multiple nodes, ensuring high fault tolerance and data recoverability. At the same time, relying on the Move smart contract, Walrus realizes programmable storage, enabling it to excel in applications such as NFT media files.
Currently, its native token $WAL is available on Korean exchanges UPbit, Bithumb and Bybit.
Website https://www.walrus.xyz/

The SUI ecosystem is experiencing remarkable growth at an unprecedented pace, attracting substantial participation from developers, users, and capital through its distinctive technical architecture and diverse application scenarios. Across multiple domains including infrastructure, DeFi, gaming, DePIN, and AI, SUI has demonstrated exceptional competitiveness and innovation capacity. With increasing support from major exchanges such as Binance, SUI is poised to further consolidate its industry position as both a 'gaming chain' and a diversified application platform, heralding a new chapter in ecosystem development.