This article is jointly released by Aquarius Capital and Klein Labs . Special thanks to ecological projects such as NAVI Protocol , Bucket Protocol and Comma 3 Ventures for their technical guidance and support during the research process.
TL;DR
1. The Cetus vulnerability originates from the contract implementation, not SUI or Move language itself
The root cause of this attack is the lack of boundary checking of arithmetic functions in the Cetus protocol - a logical vulnerability caused by mask over-width and displacement overflow, which has nothing to do with the resource security model of the SUI chain or Move language. The vulnerability can be fixed with one-line boundary checking without affecting the core security of the entire ecosystem.
2. The “reasonable centralization” in the SUI mechanism shows its value in crises
Although SUI has a slight tendency to centralize by using DPoS validator rounds and blacklist freezing functions, this is exactly what came in handy in the CETUS incident response: the validator quickly synchronized the malicious address to the Deny List, refused to package related transactions, and achieved an instant freeze of more than $160 million in funds. This is essentially a positive on-chain Keynesianism, and effective macroeconomic regulation has played a positive role in the economic system.
3. Reflections and suggestions on technical security
Mathematics and boundary checking: introduce upper and lower limit assertions for all key arithmetic operations (such as bit shift, multiplication and division), and perform extreme value fuzzing and formal verification. In addition, auditing and monitoring need to be enhanced: in addition to general code auditing, add a professional math audit team and real-time on-chain transaction behavior detection to capture abnormal splits or large flash loans as early as possible;
4. Summary and suggestions on funding guarantee mechanism
In the Cetus incident, SUI worked efficiently with the project team to successfully freeze over $160 million in funds and promote a 100% compensation plan, demonstrating strong on-chain resilience and ecological responsibility. The SUI Foundation also added $10 million in audit funds to strengthen security. In the future, we can further promote on-chain tracking systems, community co-construction of security tools, decentralized insurance and other mechanisms to improve the funding guarantee system.
5. Diversified expansion of the SUI ecosystem
In less than two years, SUI has rapidly achieved the transition from new chain to strong ecology, and has built a diversified ecological landscape covering multiple tracks such as stablecoins, DEX, infrastructure, DePIN, games, etc. The total scale of stablecoins has exceeded 1 billion US dollars, providing a solid liquidity foundation for the DeFi module; TVL ranks 8th in the world, transaction activity ranks 5th in the world, and non-EVM network ranks 3rd (second only to Bitcoin and Solana), showing strong user participation and asset precipitation capabilities.
1. A chain reaction caused by an attack
On May 22, 2025, Cetus, a leading AMM protocol deployed on the SUI network, was attacked by hackers. The attacker exploited a logic vulnerability related to the integer overflow problem to launch precise manipulation, resulting in the loss of more than $200 million in assets. This incident is not only one of the largest security incidents in the DeFi field so far this year, but also the most destructive hacker attack since the launch of the SUI mainnet.
According to DefiLlama data, the TVL of the entire SUI chain plummeted by more than $330 million on the day of the attack, and the locked amount of the Cetus protocol itself evaporated by 84% in an instant, falling to $38 million. Affected by the collateral, many popular tokens on SUI (including Lofi, Sudeng, Squirtle, etc.) plummeted by 76% to 97% in just one hour, triggering widespread market attention to the security and ecological stability of SUI.
But after this shock wave, the SUI ecosystem showed strong resilience and recovery capabilities. Although the Cetus incident brought about short-term fluctuations in confidence, the funds and user activity on the chain did not experience a sustained decline. Instead, it prompted the entire ecosystem to significantly increase its attention to security, infrastructure construction and project quality.
Klein Labs will focus on the cause of the attack, SUIs node consensus mechanism, the security of the MOVE language, and SUIs ecological development, sort out the current ecological landscape of this public chain that is still in its early stages of development, and explore its future development potential.
2. Analysis of the cause of the Cetus attack
2.1 Attack Implementation Process
According to the technical analysis of the Cetus attack by the SlowMist team, hackers successfully exploited a key arithmetic overflow vulnerability in the protocol and stole more than $200 million in digital assets in a short period of time with the help of flash loans, precise price manipulation and contract defects. The attack path can be roughly divided into the following three stages:
1. Launching flash loans and manipulating prices
The hacker first used the maximum slippage to quickly redeem 10 billion haSUI flash loans, borrowed a large amount of funds, and manipulated prices.
Flash loans allow users to borrow and return funds in the same transaction, and only need to pay a handling fee. It has the characteristics of high leverage, low risk and low cost. Hackers use this mechanism to lower the market price in a short period of time and precisely control it within a very narrow range.
The attacker then prepared to create an extremely narrow liquidity position, setting the price range precisely between the lowest bid price of 300,000 ( and the highest bid price of 300,200), with a price width of only 1.00496621%.
Through the above methods, hackers successfully manipulated the price of haSUI by using a large enough number of tokens and huge liquidity. Subsequently, they manipulated several tokens with no actual value.
2. Adding Liquidity
The attacker creates a narrow liquidity position and declares to add liquidity, but due to a vulnerability in the checked_shlw function, only 1 token is collected in the end.
Essentially it is due to two reasons:
1. The mask is set too wide: This is equivalent to adding a huge liquidity cap, which makes the verification of user input in the contract ineffective. Hackers set abnormal parameters to construct inputs that are always less than the cap, thus bypassing overflow detection.
2. Data overflow is truncated: When performing a shift operation of n << 64 on the value n, data truncation occurs because the displacement exceeds the effective bit width (256 bits) of the uint 256 data type. The high-order overflow part is automatically discarded, resulting in the calculation result being much lower than expected, causing the system to underestimate the number of haSUI required for exchange. The final calculation result is approximately less than 1, but because it is rounded up, the final calculation is equal to 1, which means that the hacker only needs to add 1 token to exchange for a huge amount of liquidity.
3. Withdrawing Liquidity
They made flash loan repayments and retained huge profits, ultimately draining hundreds of millions of dollars worth of token assets from multiple liquidity pools.
The loss of funds was severe, with the following assets stolen as a result of the attack: - 12.9 million SUI (approximately $54 million) - $60 million USDC - $4.9 million Haedal Staked SUI - $19.5 million TOILET - Other tokens such as HIPPO and LOFI fell 75-80%, and liquidity dried up
2.2 Causes and characteristics of this vulnerability
The Cetus vulnerability has three characteristics:
1. The cost of repair is extremely low
On the one hand, the root cause of the Cetus incident is an oversight in the Cetus math library , not an error in the price mechanism or underlying architecture of the protocol. On the other hand, the vulnerability is limited to Cetus itself and has nothing to do with SUIs code. The root cause of the vulnerability lies in a boundary condition judgment. Only two lines of code need to be modified to completely eliminate the risk. After the repair is completed, it can be deployed to the main network immediately to ensure that the subsequent contract logic is complete and eliminate the vulnerability.
2. High concealment
The contract has been running smoothly for two years without any problems. Cetus Protocol has conducted multiple audits, but no vulnerabilities have been found. The main reason is that the Integer_Mate library used for mathematical calculations was not included in the audit scope.
Hackers use extreme values to accurately construct trading ranges and construct extremely rare scenarios with extremely high liquidity, which triggers abnormal logic, indicating that such problems are difficult to discover through ordinary tests. Such problems are often in the blind spot of peoples vision, so they lurk for a long time before being discovered.
3. This is not unique to Move
Move is superior to many smart contract languages in terms of resource safety and type checking, and has built-in native detection of integer overflow problems in common scenarios. The overflow occurred because when adding liquidity, when calculating the required number of tokens, the wrong value was first used for the upper limit check, and the shift operation was used instead of the conventional multiplication operation. If it is a conventional addition, subtraction, multiplication and division operation, the overflow will be automatically checked in Move, and this high-order truncation problem will not occur.
Similar vulnerabilities have also appeared in other languages (such as Solidity and Rust), and they are even easier to exploit because of their lack of integer overflow protection; before the Solidity version was updated, the overflow detection was very weak. Addition overflow, subtraction overflow, multiplication overflow, etc. have occurred in history, and the direct cause is that the calculation result is out of range. For example, the vulnerabilities in the two smart contracts of BEC and SMT in the Solidity language bypass the detection statements in the contract through carefully constructed parameters, and the attack is carried out by excessive transfer.
3. SUI’s consensus mechanism
3.1 Introduction to SUI Consensus Mechanism
SUI Official Medium
Overview :
SUI adopts the Delegated Proof of Stake (DPoS) framework. Although the DPoS mechanism can increase transaction throughput, it cannot provide a high degree of decentralization like PoW (Proof of Work). Therefore, the degree of decentralization of SUI is relatively low, the governance threshold is relatively high, and it is difficult for ordinary users to directly influence network governance.
- Average number of validators: 106
- Average Epoch period: 24 hours
Mechanism process:
- Equity delegation: Ordinary users do not need to run nodes by themselves. As long as they pledge SUI and delegate it to candidate validators, they can participate in network security assurance and reward distribution. This mechanism can lower the participation threshold for ordinary users, allowing them to participate in network consensus by hiring trusted validators. This is also a major advantage of DPoS over traditional PoS.
- Representative round block generation: A small number of selected validators generate blocks in a fixed or random order, which improves the confirmation speed and TPS. - Dynamic election: After each counting cycle, dynamic rotation is carried out according to the voting weight, and the validator set is re-elected to ensure node vitality, interest consistency, and decentralization.
Advantages of DPoS :
- High efficiency: Since the number of block-producing nodes is controllable, the network can complete confirmation in milliseconds and meet high TPS requirements.
- Low cost: Fewer nodes participate in consensus, and the network bandwidth and computing resources required for information synchronization and signature aggregation are significantly reduced. As a result, hardware and operation and maintenance costs are reduced, the requirements for computing power are reduced, and the cost is lower. Ultimately, lower user fees are achieved. - High security: The pledge and delegation mechanism simultaneously amplifies the cost and risk of attacks; in conjunction with the on-chain penalty mechanism, malicious behavior is effectively suppressed.
At the same time, in the consensus mechanism of SUI, an algorithm based on BFT (Byzantine Fault Tolerance) is adopted, which requires more than two-thirds of the votes among the validators to reach a consensus before the transaction can be confirmed. This mechanism ensures that even if a few nodes act maliciously, the network can remain safe and operate efficiently. When making any upgrades or major decisions, more than two-thirds of the votes are required to implement them.
In essence, DPoS is actually a compromise solution of the impossible triangle, which compromises decentralization and efficiency. In the impossible triangle of security, decentralization and scalability, DPoS chooses to reduce the number of active block nodes in exchange for higher performance. Compared with pure PoS or PoW, it gives up a certain degree of complete decentralization, but significantly improves network throughput and transaction speed.
3.2 SUI’s performance in this attack
3.2.1 Operation of the freezing mechanism
In this incident, SUI quickly froze the attackers related addresses
From the code level, it makes it impossible to package transfer transactions on the chain. The verification node is the core component of the SUI blockchain, responsible for verifying transactions and enforcing protocol rules. By collectively ignoring transactions related to the attacker, these validators have implemented a mechanism similar to the account freezing mechanism in traditional finance at the consensus level.
SUI itself has a built-in deny list mechanism, which is a blacklist function that blocks any transaction involving listed addresses. Since this function already exists in the client, when the attack occurs
SUI is able to freeze the hackers address immediately. Without this feature, even if SUI only has 113 validators, it would be difficult for Cetus to coordinate all validators to respond one by one in a short period of time.
3.2.2 Who has the authority to change the blacklist?
TransactionDenyConfig is a YAML/TOML configuration file loaded locally by each validator. Anyone running a node can edit this file, hot reload or restart the node, and update the list. On the surface, it seems that each validator is free to express its own values.
In practice, updates to such critical configurations are usually coordinated for consistency and effectiveness of security policies. Since this is an urgent update driven by the SUI team, it is basically the SUI Foundation (or its authorized developers) who sets and updates this deny list.
SUI publishes a blacklist, and in theory validators can choose whether to adopt it or not — but in practice most automatically adopt it by default. So while this feature protects user funds, it does inherently have a degree of centralization.
3.2.3 The essence of the blacklist function
The blacklist function is not actually the underlying logic of the protocol. It is more like an additional layer of security to deal with emergencies and ensure the safety of user funds.
It is essentially a security guarantee mechanism. It is similar to a theft prevention chain tied to the door, which is only activated for those who want to break into the house, that is, those who want to do evil to the protocol. For users:
- For large investors, the main providers of liquidity, the protocol is most concerned about ensuring the security of funds, because in fact all the on-chain data tvl is contributed by major investors. If the protocol is to develop in the long term, security must be prioritized.
- For retail investors, they are contributors to the activity of the ecosystem and strong supporters of technology and community co-construction. The project owner also hopes to attract retail investors to co-construct, so that the ecosystem can be gradually improved and the retention rate can be enhanced. For the DeFi field, the most important thing is the security of funds.
The key to determining whether it is centralized is whether the user has control over the assets. In this regard, SUI uses the Move programming language to demonstrate the natural ownership of user assets:
SUI is built on the Move language, and the core concept of Move can be summarized as funds follow addresses:
Unlike the Solidity language, which uses smart contracts as the core of interaction, in Move, user assets are always directly stored under personal addresses, and the transaction logic revolves around the transfer of resource ownership. This means that the control of assets naturally belongs to the user, not the contract, which reduces the risk of losing funds due to contract loopholes or improper permission design, and fundamentally enhances the decentralized attribute.
SUI is also currently working to strengthen decentralization. It is gradually lowering the entry threshold for validators by implementing the SIP-39 proposal. The new proposal adjusts the entry threshold for validators from a simple stake amount to voting rights, thereby increasing the participation of ordinary users.
3.3 The Boundary and Reality of Decentralization: Governance Controversy Caused by SUI
In this emergency response of SUI, the joint actions of the community and validators have triggered a heated discussion on its degree of “decentralization”:
Some crypto practitioners believe that SUI is more decentralized:
- SUI community members responded, Decentralization is not about watching people get hurt, but about allowing everyone to take action together without anyones permission. - It is impossible to sit back and wait for a huge amount of money to be stolen. - This is decentralization in the real world, not powerlessness, but keeping in line with the community and responding. The core of decentralization is not about standing by and watching people being attacked, but the ability of the community to take action in a coordinated manner without permission. - Not unique to SUI - From Ethereum to BSC, most PoS chains face similar risks of validator centralization. The case of SUI only makes the problem more prominent.
Some practitioners also believe that SUI is too centralized:
-For example: Cyber Capital founder Justin Bons bluntly stated that SUIs validators are working together to censor hacker transactions. Does this mean that SUI is centralized? The short answer is: yes. But more importantly, why? Because the founders hold the majority of the supply, and there are only 114 validators! For comparison, Ethereum has more than 1 million validators, and Solana has 1,157.
But we think this theory is somewhat one-sided:
- The functions of all SUI validators are basically the same, and the validators are dynamically rotated and updated to achieve metabolism and prevent the centralization of power and unequal allocation.
From the perspective of macroeconomic theory, due to information asymmetry and incomplete market development, moderate and slight centralization is necessary at the current stage.
In traditional economic theory, the centralized model also has its advantages
- Reduce the risk of information asymmetry: Centralized entities often have more information and can more accurately assess transaction risks, effectively avoiding the occurrence of adverse selection and moral hazard.
- Responding to market fluctuations: When faced with external shocks or systemic risks, centralized mechanisms can quickly unify decisions, allocate resources, and improve market resilience and adaptability.
- Promote coordination and cooperation: Centralized institutions help achieve more efficient coordination in the game of interests among multiple parties, promote the rational allocation of resources and improve overall efficiency.
In general, slight and limited centralization is not a disaster , but an effective supplement to the ideal of decentralization under real economic conditions. This is a transitional arrangement, and the crypto world will eventually evolve in the direction of decentralization. This is the consensus of the industry and the ultimate goal of the development of technology and concepts. In the scenario of this incident, this centralization achieved macroeconomic regulation similar to Keynesianism. The same is true in the economy. A completely decentralized market economy will also trigger an economic crisis. Appropriate macroeconomic regulation can make the economic system develop in a favorable direction.
4. Move language’s technical moat
In the crypto world where smart contract security incidents frequently occur, the Move language is gradually becoming an important infrastructure for the new generation of public chains with its resource model, type system and security mechanism:
1. The ownership of funds is clear and the authority is naturally isolated
- Move: Assets are resources. Each resource is independent and can only belong to one account. It is necessary to clearly identify who the owner is. Assets strictly belong to the money in the users wallet. Only the user can manage it, and the permissions are clear.
- Solidity: User assets are actually controlled by contracts, and developers need to write additional control logic to limit access. Once the permissions are written incorrectly, it may cause smart contracts to fail and assets to be manipulated at will.
2. Anti-reentrancy attack at the language level
- Move: Based on resource ownership and linear type system, each resource is emptied after use and cannot be called again, naturally shielding the risk of reentrancy attacks.
- Solidity: Reentrancy attack is one of the most famous attack methods on Ethereum, such as the famous The DAO vulnerability. Solidity has the risk of reentrancy attack, which requires developers to manually defend through the check-effect-interaction mode. Once missed, it will cause extremely high risks.
3. Automatic memory management and resource ownership tracking
- Move: Based on Rusts linear type and ownership model, the lifecycle of all resources can be tracked at compile time. The system automatically recycles unused variables and prohibits implicit copying or discarding, eliminating the risk of dangling and repeated release.
- Solidity: It uses a stack model with manual memory management. Developers need to maintain the variable lifecycle by themselves, which is prone to memory leaks, invalid references, or permission abuse, increasing the possibility of vulnerabilities and attack surfaces.
4. The structure is derived from Rust, which is safer and more readable
-More rigorous syntax: Strong type checking at compile time, memory safety, no uninitialized variables, logical errors can be caught before running, reducing online accidents.
-Improved error reporting mechanism: The compiler clearly prompts the error location and type, which is conducive to development and debugging and reduces unpredictable behavior.
5. Lower gas costs and higher execution efficiency
Move language structure is concise, execution path is shorter, and virtual machine is optimized, resource consumption per unit calculation is lower. It can improve execution efficiency and reduce user operation cost, and is suitable for high-frequency trading application scenarios such as DeFi and NFT mint.
In general, Move is not only significantly better than traditional smart contract languages in terms of security and controllability, but also avoids common attack paths and logic vulnerabilities from the root through resource models and type systems. Move represents the direction of smart contract development from just running to inherently safe. It provides a solid infrastructure for new public chains such as SUI, and also opens up new possibilities for the technological evolution of the entire crypto industry.
5. Thoughts and suggestions based on the SUI attack incident
Technical advantages do not mean infallibility. Even on a chain designed with security as the core, complex contract interactions and improper handling of boundary conditions may still become a breakthrough for attackers to exploit. The recent security incident on SUI reminds us again: In addition to security design, auditing and mathematical verification are also indispensable. Below we put forward targeted suggestions and thoughts from the perspective of development and risk control.
5.1 Hacker Attacks
1. Mathematical boundary conditions must be strictly analyzed. The hacking incident revealed the vulnerability of lax mathematical boundary conditions. The attacker manipulated the liquidity position in the contract, took advantage of incorrect boundary conditions and numerical overflow, and bypassed the security detection of the contract. Therefore, all key mathematical functions must be strictly analyzed to ensure that they work correctly under various input conditions.
2. Complex vulnerabilities require professional mathematical audits. The data overflow and boundary check error vulnerabilities in this incident involve complex mathematical calculations and bit shift operations, which are difficult to capture in conventional audits. Traditional code audits focus on the functionality and security of contracts, while the review of complex mathematical problems usually requires a more professional mathematical background. Therefore, it is recommended to introduce a professional mathematical audit team to identify and fix such hidden dangers.
3. Improve the review standards for projects that have been attacked. Hackers use flash loan mechanisms to manipulate the market, which fully demonstrates that even projects that have been attacked still have the potential risk of being attacked. If a project has been attacked before, its code and contracts need to be reviewed more strictly and carefully to ensure that similar vulnerabilities do not occur again. In particular, the review of mathematical processing, data overflow and logical vulnerabilities should be more comprehensive.
4. Strict boundary checking for cross-type numerical conversions. Hackers use problems such as mask settings being too wide and data overflow being truncated, which ultimately lead to contract calculation errors and successfully manipulate prices. All cross-type numerical conversions, such as integer and floating value conversions, must be strictly bounded to ensure that there is no risk of overflow or loss of precision. In particular, when calculating large values, a more stringent approach should be adopted.
5. The huge damage caused by dust attacks Hackers manipulate prices by manipulating low-value tokens (dust), taking advantage of the low liquidity of these tokens, especially when exchanging AMMs in the DeFi field, making them easy to manipulate in the market. This operation is not limited to high-value tokens, low-value tokens may also become a breakthrough for attacks, so project owners need to be aware of the potential threat of dust attacks and take measures to prevent such risks.
6. Strengthen real-time monitoring and response capabilities for hacker activities
Before the successful attack on the protocol, the hacker had attempted a similar attack, but the transaction failed due to a possible lack of gas. Even if such a large-scale liquidity transaction fails, it should be detected and alerted in time. The platforms monitoring system should be able to immediately trigger the risk control mechanism when such abnormal transactions occur, and identify potential threats early. By strengthening the real-time monitoring of on-chain transaction behavior and combining advanced analysis tools and technical means, the platform can intervene in time at the early stage of the problem to avoid further losses.
5.2 On-chain fund security and emergency response
5.2.1 SUI’s response mechanism in crisis management
1. Validator nodes are interconnected and hacker addresses are blocked in time
SUI improves the interconnection between validator nodes and quickly blocks hacker addresses, minimizing losses.
First, you need to understand the basic principle of on-chain fund transfer: each transfer must be signed by a private key to prove the ownership of the funds. After the network validator (such as a node or sorter) confirms its legitimacy, it is packaged by the block and broadcast on the chain, finally completing the tamper-proof settlement process.
SUIs blocking of funds is actually achieved in the step of validator confirmation: by adding the hackers address to the blacklist and distributing it to all validator nodes simultaneously, making them refuse to package and confirm transactions related to the address, thereby blocking the funds from being put on the chain and achieving a freezing effect.
2. Audit subsidies and on-chain security improvements
SUI always attaches great importance to on-chain security and provides free audit services for on-chain projects. It also provides strong support for the security of the ecosystem. After the Cetus hacker attack, the SUI Foundation announced an additional $10 million audit grant to strengthen audits and vulnerability protection and further enhance on-chain security.
3. Coordinated response of Cetus and SUI
In this security incident, SUI and Cetus demonstrated strong collaborative response capabilities and ecological linkage mechanisms. After the anomaly occurred, the Cetus team quickly communicated with the SUI verification node, and with the support of most verifiers, successfully froze the attackers two wallet addresses, locking a total of more than 160 million US dollars in funds, and won a critical time window for subsequent asset recovery and compensation.
More importantly, Cetus has officially announced that, with its own cash and token reserves and the critical support provided by the SUI Foundation, it will be able to achieve 100% full compensation for affected users.
This series of coordinated actions not only demonstrates SUI’s infrastructure flexibility and execution capabilities in the face of extreme risks, but also reflects the trust foundation and responsibility consensus among projects within the ecosystem, laying a solid foundation for SUI DeFi to build a more resilient and secure ecosystem.
5.2.2 Reflections on the Cetus hacker attack on user funds security
1. From a technical perspective, it is not impossible to directly recover funds on the chain. There are two common ways to deal with it:
- Roll back on-chain operations: that is, withdraw some on-chain transactions to return the status to a point in time before the attack;
- Use multi-signature permissions: Through multi-party authorization, control key wallets and forcibly recover funds from hacker addresses.
However, these practices are generally only used when the amount of funds is very large and the risk is extremely high. Although they are effective, they have a certain impact on the principle of decentralization and are prone to controversy. Therefore, many project parties will try to avoid using them unless they are forced to do so, cannot negotiate, and the funds cannot be recovered.
In recent cases, Cetus and SUI did not choose to directly cut the on-chain data, but handled it in a more gentle way - such as freezing the transaction requests of malicious addresses at the validator level. Compared with traditional violent means, this approach respects the spirit of decentralization more and also reflects the more delicate security governance capabilities under the Move ecosystem.
2. Community co-construction and improvement of safety tracking mechanism
To strengthen the security of the Move ecosystem, community co-construction is the key. Currently, Move has a solid technical foundation, but relatively few participants, especially in terms of on-chain tracking and security auditing. In contrast, Ethereum has formed a complete on-chain monitoring tool (such as Etherscan) through years of community construction. Therefore, more developers and security agencies are needed to participate in building a similar tracking system to improve the transparency and risk resistance of the overall ecosystem.
3. Introduce insurance compensation to ensure the safety of funds. Some decentralized projects cooperate with insurance protocols such as Nexus Mutual to provide security for users pledged funds and reduce the risk of losses caused by vulnerabilities or attacks.
6. The SUI ecosystem continues to flourish: Beyond DeFi, everything is growing
SUI is undoubtedly in a special period. Although it faces some challenges, it still maintains its leading position in TVL, developer activity and ecological construction, and remains the leader of the Move series of public chains. However, some communities still have FUD and lack a rational understanding of SUIs technical advantages and ecological potential.
As of now, the TVL of the SUI network is about 1.6 billion US dollars, and the average daily transaction volume of DEX remains at around 300 million US dollars, showing strong capital activity and user enthusiasm on the chain. Although SUI is still a relatively young member of the mainstream public chain, it has ranked among the top in terms of developer activity and its ecological construction is moving rapidly. Starting from the early NFT collection to now covering multiple vertical tracks such as DEX, infrastructure, games, DePIN, etc., more and more projects choose to build on SUI, gradually forming a diversified application matrix.
TVL of SUI Ecosystem, DefiLlama
Among them, the rapid development of the stablecoin ecosystem has laid a key foundation for SUIs DeFi foundation. According to DefiLlama, the total scale of stablecoins currently deployed on the SUI chain has exceeded US$1 billion, accounting for an important proportion of TVL and becoming an important source of on-chain liquidity.
This trend is also reflected in the DefiLlama public chain rankings: SUI currently ranks 8th in the total chain TVL and 3rd in the non-EVM chain (after Solana and Bitcoin); and in terms of on-chain transaction activity, SUI ranks 5th in the world and 3rd in the non-EVM network. Surprisingly, SUI has achieved this result in less than two years since the mainnet was launched, which is not only due to the resource investment of Mysten Labs or the foundation, but also the result of the joint participation of developers, users and infrastructure partners.
SUI Ecosystem TVL ranking among all public chains, DefiLlama
SUI ecosystem TVL ranking in non-EVM public chains, DefiLlama
Binances attention to the SUI ecosystem has also increased significantly recently. Its Alpha project area has launched a number of representative projects including NAVI, SCA, BLUE, HIPPO, and NS, further increasing the exposure and trading liquidity of ecological projects, and also highlighting the strategic position of the SUI ecosystem in the CEX vision.
Part of the SUI community is in a reaction time lag, which provides us with time and opportunities to observe other potential projects on SUI. As the leading public chain of the Move system, the projects on SUI are still worthy of our attention. In this process, we can discover more innovative projects worthy of investment and support, and also accumulate experience for the future development of blockchain.
So, what representative projects make up the current SUI ecosystem? In order to more intuitively present the current ecological landscape of SUI, we will briefly sort out the most representative protocols.
Although there are many outstanding projects on SUI in the consumer and gaming sectors, given our identity as a liquidity provider, this time we will focus on analyzing the core protocols in the DeFi field.
SUI Ecosystem Map, Klein Labs, 23.5.28
DeFi Protocol
Navi Protocol
Navi is a one-stop DeFi protocol on SUI, with functions covering multi-asset lending, leveraged vaults, LSTFi (VOLO LST) and aggregator Astros. It supports blue-chip assets, LP Tokens and long-tail assets, and provides flash loan services to meet advanced strategy needs. The current TVL exceeds US$400 million, ranking second in the entire SUI network. The native token $NAVI has been listed on mainstream exchanges such as OKX and Bybit, becoming one of the most representative lending platforms on SUI.
Website: https://www.naviprotocol.io/
X: https://twitter.com/navi_protocol
Bucket Protocol
Bucket Protocol is a liquidity platform deployed on the SUI network. Users can mint $BUCK stablecoins by pledging multiple assets. It supports multiple assets including $SUI and $BTC, providing a flexible way to obtain stablecoin liquidity. The current TVL (total locked volume) exceeds 110 million US dollars. Bucket Protocol plays a key role in improving the liquidity of the SUI ecosystem and expanding DeFi application scenarios.
Website: https://www.bucketprotocol.io/
X: https://x.com/bucket_protocol
Momentum
Momentum Finance is a decentralized exchange built on Sui that uses ve(3, 3) coin economics and aims to unify token issuance and liquidity management into a single DeFi infrastructure. The Ve(3, 3) model aligns incentives between liquidity providers, traders, and protocols. Protocol incentives promote liquidity and APR, voters receive 100% of fees and bribes, liquidity providers receive 100% of MMT emissions, and traders enjoy low fees and low slippage. Momentum is also responsible for issuing key stablecoins on Sui, such as AusD, FDUSD, and USDY, further consolidating its role as a critical infrastructure.
Website: https://app.mmt.finance/
X: https://x.com/MMTFinance
Bluefin
Bluefin is a decentralized perpetual contract trading platform on SUI, supporting more than 10 contract markets collateralized by USDC, with a maximum leverage of 20 times, using an off-chain order book and on-chain settlement architecture, with a confirmation delay of less than 30 milliseconds. Its cumulative trading volume has exceeded US$50 billion, with a market share of over 80%. Bluefin is also expanding spot trading and its sub-protocol AlphaLend to comprehensively deploy the DeFi lending market.
Currently, its native token $BLUE has been listed on Bithumb, a mainstream exchange in South Korea.
Website: https://bluefin.io/
X: https://x.com/bluefinapp
Haedal Protocol
Haedal is the native LSD protocol on SUI. Users can stake SUI in exchange for haSUI to achieve both returns and liquidity. It improves the validator yield through dynamic allocation and introduces Hae 3 modules, including the anti-MEV market-making mechanism HMM, the CEX simulation strategy vault haeVault, and the governance system haeDAO, to jointly improve APR and capital efficiency. Currently, TVL ranks fourth in the entire chain and is becoming an important player in the LSD field.
Currently, its native token $HAEDAL has been listed on major exchanges such as Binance, Bybit, and Bithumb.
Website: https://www.haedal.xyz/
X: https://x.com/HaedalProtocol
Artinals
Artinals is an RWA protocol built on SUI, dedicated to converting real assets such as artworks, real estate, and collectibles into tradable NFTs. Its self-developed ART 20 standard supports the digitalization of the entire process of asset creation, trading, and management, and has dynamic metadata and royalty sharing mechanisms. Artinals provides a codeless dashboard and low-code SDK to lower the threshold for asset on-chain, and enables real-time asset trading through ObjeX.world.
Website: https://artinals.com/
X: https://x.com/artinalslabs
DePIN AI
Walrus Protocol
Walrus Protocol, developed by Mysten Labs, is SUIs decentralized storage and data availability protocol, designed specifically for large file storage on the chain. It combines erasure coding technology with DPoS consensus to distribute data slices to multiple nodes, ensuring high fault tolerance and data recoverability. At the same time, relying on the Move smart contract, Walrus realizes programmable storage, making it perform well in applications such as NFT media files.
Currently, its native token $WAL has been listed on Korean exchanges UPbit, Bithumb and Bybit
Website: https://www.walrus.xyz/
X: https://x.com/WalrusProtocol/
The SUI ecosystem is growing at an astonishing rate. With its unique technical architecture and rich application scenarios, it has attracted a large number of developers, users and capital to participate. Whether in infrastructure, DeFi, games, or DePIN and AI, SUI has demonstrated strong competitiveness and innovation. As more mainstream exchanges such as Binance increase their support for the SUI ecosystem, SUI is expected to further consolidate its industry position as a game chain and a diversified application platform in the future, opening a new chapter in ecological development.
