Firm Belief After the Security Crisis: Why SUI Still Has Long-Term Rise Potential?

1. A chain reaction triggered by an attack

On May 22, 2025, the leading AMM protocol Cetus on the SUI network was attacked by hackers. The attackers exploited a logical vulnerability related to the "integer overflow issue," leading to losses of over $200 million in assets. This is one of the largest security incidents in the DeFi space so far this year and the most destructive hacker attack since the launch of the SUI mainnet.

According to DefiLlama data, the total value locked (TVL) of the SUI chain plummeted by over $330 million on the day of the attack, with the locked amount of the Cetus protocol evaporating by 84% to $38 million. Several popular tokens on SUI experienced a drop of 76% to 97% within just one hour, triggering widespread concerns in the market regarding the safety and ecological stability of SUI.

However, after this shockwave, the SUI ecosystem has demonstrated strong resilience and recovery ability. Although there have been fluctuations in confidence in the short term, the on-chain funds and user activity have not experienced sustained decline, but rather have prompted a significant increase in the entire ecosystem's focus on security, infrastructure development, and project quality.

2. Analysis of the Causes of the Cetus Incident Attack

2.1 Attack Implementation Process

According to the analysis by the Slow Fog team, hackers exploited a critical arithmetic overflow vulnerability in the protocol, using flash loans, precise price manipulation, and contract flaws to steal over $200 million in digital assets in a short period. The attack path can be roughly divided into three stages:

1. Initiate a flash loan, manipulate the price
2. Add Liquidity
3. Withdraw liquidity

The attack resulted in the theft of the following assets:

• 12.9 million SUI (approximately 54 million USD)
• 60 million USDC
• 4.9 million USD Haedal Staked SUI
• 19.5 million USD TOILET
• Other tokens like HIPPO and LOFI have dropped 75-80%, with liquidity exhausted.

2.2 The causes and characteristics of this vulnerability

The vulnerability of Cetus has three characteristics:

1. The cost of fixing is extremely low: only two lines of code need to be modified to completely eliminate the risk.

2. High concealment: The contract has been running smoothly for two years with zero faults, and despite multiple audits, no vulnerabilities have been found.

3. Not a problem unique to Move: Similar vulnerabilities have also appeared in other languages (such as Solidity, Rust).

3. The consensus mechanism of SUI

3.1 Introduction to SUI Consensus Mechanism

SUI adopts a Delegated Proof of Stake (DPoS) framework, which has a relatively low degree of decentralization and a higher governance threshold.

Mechanism Process:

• Equity Delegation
• Represents round block
• Dynamic Election

Advantages of DPoS:

• High efficiency
• Low cost
• High Security

3.2 The performance of SUI in this attack

Operation of the 3.2.1 Freezing Mechanism

SUI quickly froze the addresses related to the attacker, preventing transfer transactions from being packed on the chain. The built-in deny list mechanism of SUI played a key role.

3.2.2 Who has the authority to change the blacklist?

In fact, for the consistency and effectiveness of security policies, updates to such critical configurations are usually coordinated. Essentially, the SUI Foundation (or its authorized developers) sets and updates this denial list.

The essence of the blacklist function 3.2.3

The blacklist feature is actually not a logic at the protocol level; it is more like an additional layer of security protection to respond to emergencies and ensure the safety of user funds.

3.3 The Decentralized Boundaries and Reality: Governance Controversies Triggered by SUI

In this emergency response regarding SUI, the joint actions of the community and validators have sparked intense discussions about its level of "decentralization":

Some cryptocurrency practitioners believe that SUI is relatively decentralized, while others think that SUI is too centralized.

From the perspective of macroeconomic theory, due to information asymmetry and the underdevelopment of the market, moderate and slight centralization is somewhat necessary at the current stage.

Overall, mild and bounded centralization is not a monster, but an effective supplement to the ideal of "decentralization" under real economic conditions. It is a transitional arrangement, and the crypto world will ultimately evolve towards decentralization, which is the consensus of the industry and the ultimate goal of technological and conceptual development.

4. The Technical Moat of Move Language

The Move language, with its resource model, type system, and security mechanisms, is gradually becoming an important infrastructure for the new generation of public chains.

1. Clear ownership of funds, with permissions naturally isolated.
2. Language-level protection against reentrancy attacks
3. Automatic Memory Management and Resource Ownership Tracking
4. The structure derives from Rust, enhancing safety and readability.
5. Lower gas costs and higher execution efficiency

Overall, the Move language not only significantly outperforms traditional smart contract languages in terms of security and controllability, but also fundamentally avoids common attack pathways and logical vulnerabilities through its resource model and type system. It provides a solid infrastructure for new public chains like SUI and opens up new possibilities for the technological evolution of the entire crypto industry.

5. Thoughts and Suggestions on SUI Attack Events

5.1 Hacker Attack

1. The mathematical boundary conditions must be strictly analyzed.
2. Complex vulnerabilities require the introduction of professional mathematical audits.
3. Raise the review standards for previously attacked projects.
4. Strict boundary checking for cross-type numerical conversion
5. The massive damage caused by the "Dust Attack"
6. Strengthen real-time monitoring and response capabilities for hacker activities

5.2 On-chain capital security protection and emergency handling

5.2.1 Crisis Management Response Mechanism of SUI

1. Validator nodes interconnect and promptly block hacker addresses.
2. Audit subsidies and on-chain security enhancement
3. The collaborative response between Cetus and SUI

5.2.2 Reflection on the Cetus Hacker Attack Incident Regarding User Fund Security

1. From a technical perspective, directly recovering funds on-chain is not completely impossible.
2. Community co-construction, improving security tracking mechanisms
3. Introduce insurance compensation to ensure fund safety

6. The Continuously Thriving SUI Ecosystem: Beyond DeFi, Everything is Rising

As of now, the TVL of the SUI network is approximately 1.6 billion USD, with a daily average trading volume of around 300 million USD for DEX, demonstrating strong capital activity and enthusiasm among on-chain users. SUI currently ranks 8th in total TVL across all chains and 3rd among non-EVM chains (only behind Solana and Bitcoin); in terms of on-chain trading activity, SUI ranks 5th globally and 3rd among non-EVM networks.

Representative projects in the SUI ecosystem include:

DeFi Protocol

• Navi Protocol
• Bucket Protocol
• Momentum
• Bluefin
• Haedal Protocol
• Artinals

DePIN & AI

• Walrus Protocol

The SUI ecosystem is growing at an astonishing speed, attracting a large number of developers, users, and capital with its unique technical architecture and rich application scenarios. Whether in infrastructure, DeFi, gaming, or in the fields of DePIN and AI, SUI has demonstrated strong competitiveness and innovation. With more mainstream exchanges like Binance increasing their support for the SUI ecosystem, SUI is expected to further solidify its position as a "gaming chain" and a diversified application platform in the industry, opening a new chapter in ecological development.