Strengthening the Sui Ecosystem Through the Security Expansion Initiative

At the Sui Foundation, we are working to build not just a network, but a trusted ecosystem. That’s why, building on the $10M commitment we announced earlier this year, we are launching the Sui Ecosystem Security Expansion Initiatives. This initiative is a multi-year effort to secure beyond traditional audits, investing in proactive monitoring, formal verification, and shared defense tools that raise the baseline of safety for everyone.

From the start we have invested heavily in base-layer security. But like every leading L1, we’ve seen that the most common and impactful threats often do not target the core networking protocol. They occur at the ecosystem level, where users interact with apps, wallets, and third-party tools. 

In the first half 2025 alone, nearly $2.5 billion has been impacted by hacks and exploits in Web3. It’s clear that Web3 has a multibillion-dollar problem on its hands, and Sui’s answer is to build ecosystem-wide defenses. 

As Christian Thompson, Managing Director of the Sui Foundation, put it: “For too long, advanced security has been an overlooked part of crypto tooling. Sui is setting a new standard by not only protecting the core protocol, but also hardening the entire ecosystem.” 

Moving beyond audits

To address this, the Sui Foundation is rolling out a comprehensive, multi-year program to strengthen every layer where users and builders interact. security expansion that strengthens every level of interaction with the network. Audis remain necessary, but are not sufficient on their own. 

By providing shared, always-on defenses rather than leaving teams to navigate threats on their own, this initiative will harden the entire ecosystem and help Sui become one of the most resilient and security-conscious networks in Web3.

Think of it this way: an audit is like a pre-flight checklist. It is essential as it confirms whether the plane is ready to take off, but it doesn't protect the flight from turbulence, changing weather conditions, or unforeseen events. This initiative is our commitment to building a live air traffic control system for the ecosystem, an always-on protection that helps our community navigate threats in real time. This is not a one-time fix. It’s an ongoing, phased approach to hardening vulnerable surfaces and protecting users. 

Expanding security capabilities

Our commitment is a comprehensive initiative, expanding defenses across the most critical layers of the ecosystem and delivering protections where builders and users connect. We are building a complete ecosystem of defense through four core pillars:

Shielding end-users

• Impersonation detection: Expanding Web2 takedown coverage to more ecosystem brands, reducing phishing and lookalike site risk.
• Transaction simulation: Already live in wallets like Slush, OKX, and Backpack, this will be extended to more wallets, helping users spot malicious transactions before they sign.
• Malicious app detection: Identifying suspicious apps, tokens, and addresses across more user-facing tools, so threats are flagged before users interact with them.

Ecosystem-wide visibility

• Exploit monitoring & alerting: Active detection of smart contract exploits, with alerts for ecosystem teams to respond quickly and limit impact.
• Explorer-integrated tools: Transaction graph visualizations, wallet risk scores, and address attribution embedded into block explorers, giving the entire community visibility into suspicious activity.

Advanced protocol security

• Exploit simulations: Identifying vulnerabilities before attackers do.
• Formal verification: Expanding access to Move Prover services, making it easier for teams to mathematically validate critical contract logic.
• Crowdsourced AI bugfinding: Leveraging community and AI-driven efforts to surface hidden vulnerabilities in high-risk contracts.

Secure development standards

• Smart Contract Templates: Publishing secure-by-default templates that developers can use as a foundation, raising the default level of safety across new projects.

Raising the baseline for all

The goal of this expansion is not to subsidize existing security practices, but to raise the floor for everyone. 

For users, this means safer wallets, explorers, and marketplaces where risk warnings, address tagging, and escrow protections reduce the chance of loss. 

For builders, it means access to advanced security techniques and tools, such as formal verification, exploit simulations, and secure-by-default contract templates, which are now funded and shared by the Sui Foundation.

Advancing ecosystem safety

Building in crypto requires both creativity and vigilance. The threats of tomorrow are not yet known, but our commitment today is to ensure we are ready for them. This is how we raise the standard of trust, protect our users and builders, and set a new bar for what it means as a Layer 1 that leads in security.

If you’re interested in contributing to this effort or learning how your project can participate, reach out to us at [email protected].