Category: Move-ecosystem security firm / public audit-report infrastructure / Move developer-tooling platform / ecosystem-specific security research
Summary: MoveBit is best cataloged as ecosystem-specific security infrastructure for Move-based chains rather than as a narrow audit shop. Its first-party materials pair smart-contract audits across Sui, Aptos, and related ecosystems with public audit-report libraries, VS Code language tooling, analyzers, formatter/IDE utilities, and an unusually explicit academic-research posture. The project is especially notable because the same organization is simultaneously helping define security norms for the Move ecosystem, shipping developer tools for that ecosystem, and maintaining a public audit trail across many early Move-native protocols.
What it does:
Performs security audits for Move-based smart contracts and related Web3 systems, especially across Sui and Aptos ecosystems
Publishes a first-party repository of sampled audit reports covering a long list of Move-native protocols and applications, plus some adjacent chains and projects
Builds Move developer tooling including the Sui Move Analyzer, Aptos Move Analyzer, Move formatter, Move Web IDE, Move Scanner, and a Sui contract source verifier
Positions itself as a research-heavy security team with academic and enterprise backgrounds, and surfaces public papers plus ecosystem educational material around Move development and security
Operates as a BitsLab sub-brand focused on Move, while the broader BitsLab umbrella covers other emerging ecosystems such as Bitcoin, TON, and zero-knowledge systems
Key claims:
The homepage says MoveBit has 10+ years of cybersecurity experience, 20+ blockchain security academic papers, and 100+ selected audit projects, which helps explain why it should be treated as a serious ecosystem-specialist rather than a small boutique
The homepage says MoveBit is one of the earliest contributors to the Move ecosystem and has worked closely with developers to establish security standards for secure Move applications
The homepage’s product list makes clear that MoveBit is shipping real tooling, not just PDFs: Sui Move Analyzer, Aptos Move Analyzer, Move formatter, Move Web IDE, Move Scanner, and a Sui contract source verifier are all presented as first-party products
The GitHub organization says MoveBit exists to secure the Move ecosystem and prominently exposes Sampled-Audit-Reports, sui-move-analyzer, and aptos-move-analyzer, which is strong evidence that public reports and IDE tooling are core parts of the operating model
The Sampled-Audit-Reports repository shows a broad first-party audit corpus across Sui, Aptos, Starcoin, and some adjacent ecosystems, reinforcing that MoveBit acts as an ecosystem security layer with durable public output
The Sui and Aptos analyzer materials show MoveBit shipping developer-facing language-server and VS Code workflows with diagnostics, go-to-definition, references, hover types, formatting/linting, and project-template support
Whitepaper: No canonical standalone MoveBit whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official site, the GitHub organization, the sampled audit-report repository, and the first-party analyzer/tooling materials; see ../whitepapers/movebit-primary-sources-2026-05-03.md.