Why SUI Still Has Long-Term Growth Potential After the Security Crisis

2025.06.03

Why SUI Still Has Long-Term Growth Potential After the Security Crisis

Whether in infrastructure, DeFi, gaming, or the DePIN and AI sectors, SUI has demonstrated strong competitiveness and innovation.

2025.06.03 - 09:20:02

Sui

Navigating Web3 tides with focused insights

Whether in infrastructure, DeFi, gaming, or the DePIN and AI sectors, SUI has demonstrated strong competitiveness and innovation.

Author: Klein Labs, Aquarius Capital

TL;DR

1. The Cetus vulnerability stems from contract implementation, not SUI or the Move language itself:

The root cause of this attack lies in the absence of boundary checks within arithmetic functions in the Cetus protocol—specifically, overly broad masking and bit-shifting overflow leading to a logic flaw. This issue is unrelated to SUI's chain architecture or Move’s resource security model. The vulnerability can be fixed with “a single line of boundary check” and does not compromise the core security of the entire ecosystem.

2. SUI’s “reasonable centralization” demonstrated value during crisis response:

Although SUI employs DPoS validator rotation and blacklist freezing mechanisms that reflect mild centralization tendencies, these features proved instrumental during the CETUS incident. Validators quickly synchronized malicious addresses onto a Deny List, rejecting related transactions and enabling the immediate freeze of over $160 million in funds. This represents a form of positive "on-chain Keynesianism," where effective macro-level intervention plays a constructive role in stabilizing economic systems.

3. Reflections and recommendations for technical security:

Mathematical and boundary validation: Introduce upper and lower bound assertions for all critical arithmetic operations (e.g., shifts, multiplication/division), conduct extreme-value fuzzing, and apply formal verification. Additionally, enhance auditing and monitoring: beyond standard code audits, incorporate specialized mathematical audit teams and real-time on-chain transaction behavior detection to identify anomalies such as unusual splits or large flash loans at an early stage.

4. Summary and recommendations for fund protection mechanisms:

In the Cetus incident, SUI and the project team collaborated efficiently to freeze over $160 million in assets and pushed forward a 100% compensation plan, demonstrating strong on-chain responsiveness and ecological responsibility. The SUI Foundation also added $10 million in funding for audits to strengthen its security defenses. Going forward, further development of on-chain tracking systems, community-built security tools, decentralized insurance mechanisms, and other measures could help完善 the financial protection framework.

5. Diversified expansion of the SUI ecosystem

In less than two years, SUI has rapidly evolved from a “new chain” to a “robust ecosystem,” building a diverse landscape across multiple sectors including stablecoins, DEXs, infrastructure, DePIN, gaming, and more. Total stablecoin supply has surpassed $1 billion, providing solid liquidity foundations for DeFi modules. SUI ranks 8th globally in TVL, 5th in transaction activity, and 3rd among non-EVM networks (after Bitcoin and Solana), reflecting strong user engagement and asset accumulation capabilities.

1. A Chain Reaction Triggered by One Attack

On May 22, 2025, Cetus, a leading AMM protocol deployed on the SUI network, suffered a hacker attack. Exploiting a logic flaw related to “integer overflow,” the attacker executed precise manipulations resulting in losses exceeding $200 million. This event was not only one of the largest DeFi security incidents so far this year but also the most destructive hack since SUI’s mainnet launch.

According to DefiLlama data, SUI’s total TVL temporarily plummeted by over $330 million on the day of the attack, with Cetus’ own locked value evaporating by 84%, dropping to $38 million. As a result, several popular tokens on SUI—including Lofi, Sudeng, and Squirtle—plunged between 76% and 97% within an hour, triggering widespread concern about SUI’s security and ecosystem stability.

Yet, following this shockwave, the SUI ecosystem demonstrated remarkable resilience and recovery capacity. Despite short-term confidence fluctuations caused by the Cetus incident, on-chain capital and user activity did not experience sustained decline. Instead, it significantly heightened the entire ecosystem’s focus on security, infrastructure development, and project quality.

Klein Labs will analyze the root causes of this attack, SUI’s node consensus mechanism, the safety of the MOVE language, and the growth of the SUI ecosystem to map out the current state of this still-early-stage public chain and explore its future potential.

2. Analysis of the Cetus Incident Attack Cause

2.1 Attack Execution Process

Based on SlowMist’s technical analysis of the Cetus attack, the hacker successfully exploited a key arithmetic overflow vulnerability, leveraging flash loans, precise price manipulation, and contract flaws to steal over $200 million in digital assets within minutes. The attack path can be roughly divided into three stages:

① Initiate flash loan, manipulate price

The hacker first used maximum slippage to swap 10 billion haSUI via flash loan, borrowing substantial capital for price manipulation.
Flash loans allow users to borrow and repay funds within a single transaction, paying only fees—offering high leverage, low risk, and low cost. The attacker leveraged this mechanism to sharply depress market prices and precisely control them within an extremely narrow range.
The attacker then prepared to create an extremely narrow liquidity position, setting the price range exactly between 300,000 and 300,200—the width being just 1.00496621%.
Through these methods, the hacker manipulated the haSUI price using massive token volume and huge liquidity. They then targeted several worthless tokens for further manipulation.

② Add Liquidity

The attacker created a narrow liquidity position and claimed to add liquidity, but due to a flaw in the checked_shlw function, ultimately paid only 1 token.

This occurred essentially due to two reasons:

Mask set too wide: Equivalent to an excessively high upper limit for liquidity addition, rendering input validation ineffective. By setting abnormal parameters, the attacker constructed inputs always below this threshold, bypassing overflow detection.
Data overflow truncated: When performing a left shift operation n << 64 on value n, the shift exceeded the effective bit width of the uint256 data type (256 bits), causing data truncation. The overflowing high-order bits were automatically discarded, making the result far smaller than expected. This led the system to vastly underestimate the required amount of haSUI. The final computed value was approximately less than 1, but due to ceiling rounding, it equaled 1—meaning the hacker needed to deposit only 1 token to withdraw massive liquidity.

③ Withdraw Liquidity

Repay the flash loan while retaining enormous profit. Ultimately extracted token assets worth hundreds of millions of dollars from multiple liquidity pools.

Losses were severe, with the following assets stolen:

- 12.9 million SUI (~$54 million)

- $60 million USDC

- $4.9 million Haedal Staked SUI

- $19.5 million TOILET

- Other tokens like HIPPO and LOFI dropped 75–80%, liquidity dried up

2.2 Root Causes and Characteristics of This Vulnerability

The Cetus vulnerability has three characteristics:

1. Extremely low repair cost: On one hand, the fundamental issue was an oversight in Cetus’ math library—not a flaw in the protocol’s pricing mechanism or underlying architecture. On the other hand, the vulnerability was confined solely to Cetus and had no connection to SUI’s codebase. The root cause was a missing boundary condition check, fixable with just two lines of code; once patched, it could be immediately redeployed to mainnet to ensure complete logical integrity and eliminate recurrence.

2. High concealment: The contract operated smoothly for two years without faults. Cetus Protocol underwent multiple audits, yet the vulnerability remained undetected—primarily because the Integer_Mate library used for mathematical calculations was excluded from audit scope.

The hacker precisely crafted transactions under extreme values, creating a rare scenario involving extremely high liquidity submissions that triggered abnormal logic. Such issues are difficult to detect through conventional testing and often reside in blind spots, allowing them to remain dormant for long periods before discovery.

3. Not unique to Move:

Move surpasses many smart contract languages in resource security and type checking, featuring native overflow detection under common scenarios. This particular overflow arose when calculating required token amounts during liquidity addition—using incorrect values for upper-bound checks and replacing standard multiplication with bit-shifting operations. Regular addition, subtraction, multiplication, and division in Move automatically check for overflow and would not suffer from high-bit truncation issues.

Similar vulnerabilities have occurred in other languages (e.g., Solidity, Rust) and may even be easier to exploit due to weaker built-in overflow protections. Before version updates, Solidity had very weak overflow detection. Historical cases included addition, subtraction, and multiplication overflows—all directly caused by results exceeding data ranges. For example, vulnerabilities in BEC and SMT smart contracts on Solidity exploited carefully constructed parameters to bypass contract checks and enable unauthorized transfers.

3. SUI’s Consensus Mechanism

3.1 Overview of SUI’s Consensus Mechanism

SUI Official Medium

Overview:

SUI adopts a Delegated Proof-of-Stake (DPoS) framework. While DPoS improves transaction throughput, it cannot achieve the same level of decentralization as PoW (Proof of Work). Thus, SUI exhibits relatively lower decentralization and higher governance barriers, making it difficult for ordinary users to directly influence network governance.

- Average number of validators: 106

- Average Epoch duration: 24 hours

Mechanism Flow:

- Stake delegation: Ordinary users do not need to run nodes themselves. By staking SUI and delegating to candidate validators, they can participate in network security and reward distribution. This lowers participation barriers, enabling users to “hire” trusted validators to join consensus—a major advantage of DPoS over traditional PoS.

- Representative block production: A small group of selected validators produce blocks in fixed or random order, improving confirmation speed and TPS.

- Dynamic election: After each voting cycle, validator sets are re-elected based on voting weight, ensuring node vitality, alignment of interests, and moderate decentralization.

Advantages of DPoS:

- High efficiency: With a controlled number of block-producing nodes, the network achieves millisecond-level confirmations, meeting high-TPS demands.

- Low cost: Fewer consensus participants reduce bandwidth and computational overhead for message synchronization and signature aggregation. Hardware and operational costs decrease accordingly, lowering requirements for computing power and ultimately reducing user fees.

- High security: Staking and delegation amplify attack costs and risks. Combined with on-chain slashing mechanisms, malicious behaviors are effectively deterred.

Additionally, SUI’s consensus mechanism incorporates a BFT (Byzantine Fault Tolerance)-based algorithm, requiring over two-thirds of validators to agree before confirming transactions. This ensures network safety and efficiency even if some nodes act maliciously. Any upgrades or major decisions also require supermajority approval.

Essentially, DPoS represents a compromise within the blockchain trilemma—balancing decentralization and scalability. In the trade-off between security, decentralization, and scalability, DPoS sacrifices full decentralization by reducing active block producers to gain higher performance, offering significant improvements in throughput and transaction speed compared to pure PoS or PoW chains.

3.2 SUI’s Performance During This Attack

3.2.1 Operation of the Freeze Mechanism

During this incident, SUI rapidly froze addresses associated with the attacker:

At the code level, this meant preventing transfer transactions from being packaged into blocks. Validators are core components of the SUI blockchain, responsible for validating transactions and enforcing protocol rules. By collectively ignoring transactions linked to the attacker, validators effectively implemented a consensus-layer mechanism akin to “account freezing” in traditional finance.

SUI natively supports a Deny List (blacklist) feature that blocks any transaction involving listed addresses. Since this functionality already exists in clients, when the attack occurred,

SUI was able to immediately freeze the hacker’s address. Without this capability, even with only 113 validators, coordinating all of them to respond promptly would have been extremely challenging for Cetus.

3.2.2 Who Has the Authority to Modify the Blacklist?

TransactionDenyConfig is a YAML/TOML configuration file locally loaded by each validator. Anyone running a node can edit this file, hot-reload, or restart the node to update the list. On the surface, each validator appears to independently express their values.
In practice, however, such critical configuration updates are usually coordinated. As this was an “emergency update initiated by the SUI team,” the SUI Foundation (or its authorized developers) effectively sets and manages the deny list.
SUI publishes the blacklist; theoretically, validators can choose whether to adopt it—but in reality, most default to automatic adoption. Therefore, while this function protects user funds, it inherently involves a degree of centralization.

3.2.3 The Nature of the Blacklist Functionality

The blacklist is not a core protocol-level logic but rather an additional security layer designed to handle emergencies and protect user funds.

It functions as a safety guarantee mechanism—like a “security chain” on a door, only activated against those attempting intrusion or acting maliciously toward the protocol. From the user perspective:

- For large holders, who are primary liquidity providers, protocols have the strongest incentive to secure their funds, as TVL on-chain largely comes from major players. To ensure long-term viability, protocols must prioritize security.

- For retail users, who contribute to ecosystem activity and support technological and community co-construction, projects also aim to attract participation to gradually improve the ecosystem and retention. However, in DeFi, fund security remains paramount.

The key to judging “decentralization” should be whether users retain control over their assets. In this regard, SUI leverages the Move programming language to uphold natural ownership of user assets:

Built on Move, SUI embodies the core principle of “funds follow the address”:

Unlike Solidity, where smart contracts serve as the interaction hub, in Move, user assets are always directly stored under personal addresses, with transaction logic centered on resource ownership transfer. This means asset control naturally belongs to users—not custodied by contracts—reducing risks of loss due to contract bugs or flawed permission designs, thereby fundamentally enhancing decentralization.

SUI is actively working to strengthen decentralization. Through SIP-39 proposals, it is gradually lowering validator entry thresholds. The new proposal adjusts validator eligibility from pure stake quantity to voting power, increasing ordinary user participation.

3.3 The Boundary of Decentralization and Reality: Governance Controversy Sparked by SUI

During SUI’s emergency response, joint actions by the community and validators sparked intense debate about its “decentralization” level:

Some crypto practitioners believe SUI is reasonably decentralized:

- A SUI community member responded: “Decentralization isn’t about standing by while people suffer—it’s about enabling collective action without needing anyone’s permission.” — With massive funds stolen, inaction is unacceptable.

- “This *is* real-world decentralization—not ‘helplessness,’ but ‘alignment with the community and responsive action.’ The essence of decentralization is not passively watching attacks unfold, but the ability of the community to coordinate and act autonomously without permission.”

- It’s not unique to SUI—chains from Ethereum to BSC face similar validator centralization risks. SUI simply makes the issue more visible.

Other practitioners argue SUI is overly centralized:

- For instance, Cyber Capital founder Justin Bons stated bluntly: “SUI validators are colluding to censor hacker transactions—isn’t that proof SUI is centralized? Short answer: yes. But more importantly, why? Because founders hold most of the supply, and there are only 114 validators!” By comparison, Ethereum has over 1 million validators, and Solana has 1,157.

However, we believe this view is somewhat one-sided:

- All SUI validators perform essentially identical functions, with dynamic rotation and renewal preventing concentration of power and unequal distribution.

From a macroeconomic theory perspective, given information asymmetry and incomplete market development, moderate, slight centralization is currently necessary.

Traditional economic theories recognize advantages of centralized models

- Reducing information asymmetry risk: Centralized entities often possess more information, enabling more accurate assessment of transaction risks and effective prevention of adverse selection and moral hazard.

- Responding to market volatility: In the face of external shocks or systemic risks, centralized mechanisms enable rapid unified decision-making and resource allocation, enhancing market resilience and adaptability.

- Facilitating coordination and cooperation: Centralized institutions help achieve efficient coordination amid multi-party interest conflicts, promoting rational resource allocation and overall efficiency gains.

Overall, mild and bounded centralization is not a monster, but rather a practical complement to the ideal of “decentralization” under real-world economic conditions. It is a transitional arrangement, and the crypto world will inevitably progress toward greater decentralization—a shared industry consensus and the ultimate goal of technological and philosophical evolution. In this incident, such centralization enabled Keynesian-style macroeconomic regulation. Just as fully decentralized markets can trigger crises, moderate macro intervention steers economic systems in favorable directions.

4. Move Language’s Technical Moat

In a crypto world plagued by frequent smart contract breaches, Move language—with its resource model, type system, and security mechanisms—is emerging as vital infrastructure for next-generation blockchains:

1. Clear fund ownership, naturally isolated permissions

Move: Assets are resources—each resource is independent, belongs to one account, and ownership must be explicitly defined. Assets strictly belong to users' wallets; only users manage them, ensuring clear permissions.

Solidity: User assets are actually controlled by contracts. Developers must manually write access control logic. If permissions are misconfigured, it can lead to contract failures and arbitrary asset manipulation.

2. Language-level protection against reentrancy attacks

- Move: Based on resource ownership and linear typing, each resource is moved out after use and cannot be reused, naturally blocking reentrancy risks.

- Solidity: Reentrancy attacks are among the most infamous exploits in Ethereum history, exemplified by The DAO hack. Solidity carries inherent reentrancy risks, requiring developers to manually implement “check-effects-interaction” patterns for defense—any oversight leads to high risk.

3. Automatic memory management and resource ownership tracking

- Move: Built on Rust’s linear types and ownership model, all resources have lifecycles tracked at compile time. The system automatically recycles unused variables and prohibits implicit copying or dropping, eliminating dangling pointers and double-free risks.

- Solidity: Uses manual stack-based memory management, requiring developers to maintain variable lifecycles, which easily leads to memory leaks, invalid references, or privilege abuse, increasing vulnerability surfaces.

4. Architecture derived from Rust, stronger security and readability

- Stricter syntax: Strong compile-time type checking, memory safety, no uninitialized variables—logical errors caught before runtime, reducing live incidents.

- Comprehensive error reporting: Compiler clearly indicates error location and type, aiding debugging and reducing unpredictable behaviors.

5. Lower gas costs, higher execution efficiency

Move’s streamlined structure, shorter execution paths, and optimized VM result in lower gas consumption per computation. This boosts execution efficiency and reduces user costs—ideal for high-frequency applications like DeFi and NFT minting.

Overall, Move not only significantly outperforms traditional smart contract languages in security and controllability but also fundamentally prevents common attack vectors and logic flaws through its resource model and type system. Move represents a shift in smart contract development—from “it works” to “secure by design”—providing solid infrastructure for new chains like SUI and opening new possibilities for the broader crypto industry’s technical evolution.

5. Reflections and Recommendations Based on the SUI Attack Incident

Technical advantages do not guarantee invulnerability. Even on chains designed with security at their core, complex contract interactions and improper handling of edge cases can become attack vectors. Recent security incidents on SUI remind us again: beyond secure design, auditing and mathematical verification are equally indispensable. Below, we offer targeted suggestions and reflections from development and risk management perspectives.

5.1 Hacker Attacks

1. Mathematical boundary conditions must be rigorously analyzed

The incident exposed vulnerabilities stemming from lax mathematical boundary conditions. The attacker manipulated liquidity positions in the contract, exploiting incorrect boundary checks and numerical overflow to bypass security validations. Therefore, all critical mathematical functions must undergo strict analysis to ensure correct operation under various input conditions.

2. Complex vulnerabilities require specialized mathematical audits

The data overflow and boundary check failure in this incident involved complex mathematical computations and bit-shifting operations—beyond the reach of conventional audits. Traditional code audits mainly assess functional correctness and general security, whereas deep mathematical reviews require specialized expertise. We recommend introducing dedicated mathematical audit teams to identify and resolve such hidden risks.

3. Raise review standards for previously attacked projects

The hacker exploited the flash loan mechanism for market manipulation, highlighting that even projects previously attacked remain vulnerable. Projects that have suffered breaches should undergo stricter, more thorough code and contract reviews to prevent recurrence—especially comprehensive scrutiny of mathematical processing, data overflow, and logic flaws.

4. Strict boundary checks for cross-type numeric conversions

The hacker exploited issues like overly broad masks and truncated data overflow, leading to contract calculation errors and successful price manipulation. All cross-type numeric conversions—such as integer-to-floating-point—must undergo strict boundary checks to prevent overflow or precision loss. Special caution is needed when computing large numbers.

5. Massive damage caused by “dust attacks”

The hacker manipulated low-value tokens (“dust”) to distort prices, exploiting their low liquidity. Especially in AMM swaps within DeFi, such tokens are easily manipulated. This tactic isn't limited to high-value assets—low-value tokens can also serve as attack vectors. Project teams must recognize the threat posed by “dust attacks” and implement preventive measures.

6. Strengthen real-time monitoring and response to hacker behavior

Prior to the successful attack, the hacker attempted a similar exploit but failed likely due to insufficient gas. Such a large-scale liquidity transaction—even if unsuccessful—should have been detected and flagged immediately. Monitoring systems should trigger risk controls upon detecting such anomalies. By strengthening real-time on-chain transaction monitoring combined with advanced analytical tools, platforms can intervene early to prevent further losses.

5.2 On-Chain Fund Security and Emergency Response

5.2.1 SUI’s Response Mechanism During Crisis

1. Validator node interconnectivity enables prompt freezing of hacker addresses

SUI leveraged enhanced connectivity among validator nodes to swiftly block hacker addresses, minimizing losses.
First, understand basic on-chain fund transfer principles: Each transfer requires private key signing to prove ownership, validated by network validators (nodes or sequencers) for legitimacy, then packaged into blocks and broadcasted for immutable settlement.
SUI’s fund freeze occurs at the validator validation step: By adding hacker addresses to a blacklist and synchronizing across all validator nodes, transactions from these addresses are rejected from packaging and confirmation, blocking on-chain settlement and achieving freezing effects.

2. Audit subsidies and enhanced on-chain security

SUI consistently prioritizes on-chain security, offering free audit services to ecosystem projects and providing strong support for overall safety. Following the Cetus hack, the SUI Foundation announced an additional $10 million in audit funding to strengthen auditing and vulnerability prevention, further reinforcing on-chain security.

3. Collaborative response between Cetus and SUI

In this security incident, Cetus and SUI demonstrated strong collaborative responsiveness and ecosystem synergy. Upon detecting anomalies, the Cetus team quickly communicated with SUI validator nodes and, with majority validator support, successfully froze two hacker wallet addresses, securing over $160 million in funds—buying crucial time for asset recovery and compensation.

More importantly, Cetus officially announced that, combining its own cash and token reserves with critical support from the SUI Foundation, it will provide 100% full compensation to affected users.

This series of coordinated actions not only reflects SUI’s flexibility and execution capability in extreme-risk scenarios but also reveals trust foundations and responsibility consensus among ecosystem participants—laying a solid groundwork for building a more resilient DeFi security ecosystem on SUI.

5.2.2 Reflections on User Fund Security from the Cetus Hack

1. Technically speaking, direct on-chain fund recovery is not entirely impossible. Common approaches include:

- Rollback on-chain operations: Essentially “undoing” certain transactions to revert state to a point before the attack;

- Utilize multi-signature authority: Through multi-party authorization, control key wallets to forcibly reclaim funds from hacker addresses.

However, these methods are typically reserved for situations involving extremely large sums and high systemic risk. While effective, they challenge decentralization principles and often spark controversy. Hence, most project teams avoid them unless absolutely necessary—when negotiation fails and funds cannot otherwise be recovered.

In this recent case, neither Cetus nor SUI chose to directly “cut” on-chain data. Instead, they adopted milder measures—such as freezing malicious address transactions at the validator level. Compared to traditional heavy-handed approaches, this method better respects decentralization ideals and demonstrates finer-grained security governance capabilities within the Move ecosystem.

2. Community collaboration to improve security tracking mechanisms

To strengthen Move ecosystem security, community co-construction is essential. While Move’s technical foundation is robust, participant numbers remain relatively low—particularly in areas like on-chain tracking and security auditing, which are still immature. In contrast, Ethereum has developed mature on-chain monitoring tools (e.g., Etherscan) through years of community effort. More developers and security firms must join to build similar tracking systems, enhancing overall transparency and risk resistance.

3. Introduce insurance mechanisms to safeguard fund security

Some decentralized projects partner with insurance protocols like Nexus Mutual to protect user staked funds, mitigating losses from bugs or attacks.

6. The Thriving SUI Ecosystem: Growth Beyond DeFi

SUI is undoubtedly at a unique juncture. Despite facing challenges, it maintains leadership in TVL, developer activity, and ecosystem development, firmly holding its position as the leading Move-based public chain. Yet, pockets of FUD persist within the community, lacking rational understanding of SUI’s technical strengths and ecosystem potential.

To date, SUI’s network TVL stands at approximately $1.6 billion, with DEX daily trading volume hovering around $300 million—demonstrating strong capital activity and on-chain user enthusiasm. Though still relatively young among mainstream chains, SUI ranks among the top in developer activity, with rapid ecosystem growth. From early NFT collections to now covering DEXs, infrastructure, gaming, DePIN, and more verticals, an increasing number of projects are choosing to build on SUI, forming a diversified application matrix.

SUI Ecosystem TVL, DefiLlama

Notably, the rapid growth of the stablecoin ecosystem has laid a foundational pillar for SUI’s DeFi infrastructure. According to DefiLlama, the total value of stablecoins deployed on SUI has surpassed $1 billion, representing a significant portion of TVL and serving as a major source of on-chain liquidity.

This trend is reflected in DefiLlama’s public chain rankings: SUI currently ranks 8th in total-chain TVL and 3rd among non-EVM chains (after Solana and Bitcoin); in terms of on-chain transaction activity, SUI ranks 5th globally and 3rd among non-EVM networks. Remarkably, SUI achieved this within less than two years of mainnet launch—not solely due to resources from Mysten Labs or the Foundation, but through collective participation by developers, users, and infrastructure partners.

SUI Ecosystem TVL Ranking Among All Public Chains, DefiLlama

SUI Ecosystem TVL Ranking Among Non-EVM Chains, DefiLlama

Binance’s attention to the SUI ecosystem has recently increased significantly. Its Alpha project zone has successively launched multiple representative projects including NAVI, SCA, BLUE, HIPPO, and NS, further amplifying exposure and trading liquidity for ecosystem projects and underscoring SUI’s strategic importance in CEX eyes.

Some parts of the SUI community are experiencing reaction delays, offering us time and opportunity to observe other promising projects on SUI. As the leading Move-based public chain, projects on SUI still warrant our attention. This process allows us to discover more innovative projects worthy of investment and support, while accumulating experience for future blockchain development.

So, what representative projects currently define the SUI ecosystem? To visually present SUI’s current ecosystem landscape, we briefly outline its most representative protocols.

While many standout consumer and gaming projects exist on SUI, given our role as liquidity providers, this analysis focuses primarily on core DeFi protocols.

SUI Ecosystem Map, Klein Labs, 25.5.28

DeFi Protocol

Navi Protocol

Navi is a one-stop DeFi protocol on SUI, offering multi-asset lending, leveraged vaults, LSTFi (VOLO LST), and aggregator Astros. It supports blue-chip assets, LP Tokens, and long-tail assets, and provides flash loan services for advanced strategies. Current TVL exceeds $400 million, ranking second on SUI. Native token $NAVI is listed on major exchanges including OKX and Bybit, making it one of the most representative lending platforms on SUI.

Website: https://www.naviprotocol.io/
X: https://twitter.com/navi_protocol

Bucket Protocol

Bucket Protocol is a liquidity platform on the SUI network allowing users to mint $BUCK stablecoin by collateralizing various assets. It supports multiple assets including $SUI and $BTC, offering flexible access to stablecoin liquidity. With current TVL exceeding $110 million, Bucket Protocol plays a key role in enhancing SUI’s ecosystem liquidity and expanding DeFi use cases.

Website: https://www.bucketprotocol.io/
X: https://x.com/bucket_protocol

Momentum

Momentum Finance is a decentralized exchange built on Sui, adopting the ve(3,3) tokenomics model, aiming to unify token emissions and liquidity management into a single DeFi infrastructure.

The ve(3,3) model aligns incentives among liquidity providers, traders, and the protocol. Protocol incentives boost liquidity and APR; voters receive 100% of fees and bribes; LPs earn 100% of MMT emissions; traders enjoy low fees and low slippage.

Momentum also issues key stablecoins on Sui, such as AusD, FDUSD, and USDY, further cementing its role as critical infrastructure.

Website: https://app.mmt.finance/
X: https://x.com/MMTFinance

Bluefin

Bluefin is a decentralized perpetual futures trading platform on SUI, supporting over 10 USDC-collateralized contract markets with up to 20x leverage. Using an off-chain order book with on-chain settlement, it achieves confirmation latency under 30 milliseconds. Its cumulative trading volume has surpassed $50 billion, capturing over 80% market share. Bluefin is also expanding into spot trading and sub-protocol AlphaLend, comprehensively entering the DeFi lending space.

Currently, its native token $BLUE is listed on South Korea’s major exchange Bithumb.

Website: https://bluefin.io/
X: https://x.com/bluefinapp

Haedal Protocol

Haedal is SUI’s native LSD protocol. Users can stake SUI to receive haSUI, achieving both yield and liquidity. It enhances validator yields through dynamic allocation and introduces the Hae3 module, including anti-MEV market-making mechanism HMM, CEX-simulation strategy vault haeVault, and governance system haeDAO—working together to boost APR and capital efficiency. Currently ranked fourth in chain-wide TVL, Haedal is becoming a major player in the LSD space.

Its native token $HAEDAL is now listed on major exchanges including Binance, Bybit, and Bithumb.

Website: https://www.haedal.xyz/
X: https://x.com/HaedalProtocol

Artinals

Artinals is an RWA protocol built on SUI, aiming to tokenize real-world assets such as art, real estate, and collectibles into tradable NFTs. Its proprietary ART20 standard supports full digital lifecycle management of asset creation, trading, and administration, featuring dynamic metadata and royalty distribution. Artinals offers no-code dashboards and low-code SDKs to lower onboarding barriers and enables real-time trading via ObjeX.world.

Website: https://artinals.com/
X: https://x.com/artinalslabs

DePIN & AI

Walrus Protocol

Developed by Mysten Labs, Walrus Protocol is SUI’s decentralized storage and data availability solution, designed specifically for storing large files on-chain. Combining erasure coding with DPoS consensus, it shards data across multiple nodes for high fault tolerance and recoverability. Leveraging Move smart contracts, Walrus enables programmable storage, excelling in applications like NFT media files.

Its native token $WAL is now listed on Korean exchanges UPbit, Bithumb, and Bybit.

Website: https://www.walrus.xyz/
X: https://x.com/WalrusProtocol/

The SUI ecosystem is growing at an astonishing pace, attracting extensive participation from developers, users, and capital thanks to its unique technical architecture and rich application scenarios.

Whether in infrastructure, DeFi, gaming, or DePIN and AI, SUI demonstrates exceptional competitiveness and innovation.

With increasing support from major exchanges like Binance, SUI is poised to further solidify its industry position as a gaming chain and diversified application platform, ushering in a new chapter of ecosystem development.

This article is jointly published by Aquarius Capital and Klein Labs. Special thanks to NAVI Protocol, Bucket Protocol, and Comma3 Ventures for technical guidance and support during the research process.

Join TechFlow official community to stay tuned

Telegram:https://t.me/TechFlowDaily

X (Twitter):https://x.com/TechFlowPost

X (Twitter) EN:https://x.com/BlockFlow_News

Add to Favorites

Share to Social Media

Author

Klein Labs

@kleinlabsxyz

Why SUI Still Has Long-Term Growth Potential After the Security Crisis

TechFlow Selected TechFlow Selected