Skip to main content

Movement Labs M2: EVM + Move Hybrid Lets Solidity Inherit Resource-Type Safety

· 9 min read
Dora Noda
Dora Noda
Software Engineer

Smart contract exploits drained more than $3.1 billion from DeFi in the first half of 2025 alone — already eclipsing 2024's full-year toll of $2.85 billion. Reentrancy attacks accounted for $420 million of those Q3 losses. Integer overflow bugs continue showing up in audits. The Penpie protocol lost $27 million to a single reentrancy in 2024. Every one of these vulnerabilities is a direct consequence of how the Ethereum Virtual Machine handles assets and function dispatch — and every Solidity developer knows it.

Movement Labs is betting that developers don't have to choose between Ethereum's $50 billion liquidity moat and Move's compile-time safety guarantees. Its M2 chain — the first Move VM-based Layer 2 for Ethereum, settled on Celestia and now plugged into Polygon's AggLayer — claims a way to deploy unmodified Solidity bytecode into a Move execution environment. If it works, it's the most ambitious "safety upgrade" pitch in Ethereum's L2 era. If it doesn't, it joins a long list of hybrid VMs that appealed to neither constituency.

Why Ethereum Keeps Losing Money to the Same Bugs

The reason DeFi exploits cluster around a small handful of root causes is structural, not coincidental. The EVM treats assets as ledger entries — numbers in a mapping that can be incremented, decremented, or copied with no language-level guard against the obvious mistakes. When a contract calls another contract and gets called back before its own state updates, that's reentrancy. When a function increments a balance past 2^256 - 1 and wraps to zero, that's integer overflow. When a buggy migration accidentally mints two copies of the same token, that's the absence of resource semantics.

The DeFi industry has spent a decade layering defenses on top of these primitives. ReentrancyGuard modifiers. SafeMath libraries. Solidity 0.8+ built-in overflow checks. Formal verification on the highest-stakes protocols. And still, in a typical year, more than $3 billion gets stolen — about a third of it from vulnerabilities the EVM design itself permits.

Move was built by the Diem (formerly Libra) team at Meta to make these classes of bugs impossible at the language level rather than caught by audits. Three properties matter:

  • Resources are linear types. A token defined as a Move resource cannot be silently copied or destroyed. The compiler refuses to emit code that does either. Assets aren't numbers in a mapping — they're values that must be moved from one location to another, with the type system tracking ownership at every step.
  • Reentrancy is structurally prevented. Move uses static dispatch, meaning every function call resolves at compile time. Contracts cannot call unknown code at runtime. The classic reentrancy pattern — where contract A calls contract B which calls back into A before A has updated its state — is not expressible in Move.
  • The Move Prover offers formal verification. Developers can write specifications about contract behavior and the prover checks them mathematically. Aptos and Sui both ship production Move codebases verified this way.

The catch, until now, has been that taking advantage of any of this required leaving Ethereum. Move developers had to bootstrap users, liquidity, and tooling on Aptos or Sui. Ethereum developers stayed put because the moat was too deep to bridge.

The M2 Architecture: Move VM Underneath, Solidity Compatibility on Top

Movement Labs raised $38 million in a Series A led by Polychain Capital in April 2024, with Hack VC, dao5, Robot Ventures, Placeholder, Archetype, Maven 11, Figment Capital, Bankless Ventures, OKX Ventures, and Aptos Labs participating. By early 2025 the company had reportedly closed a $100 million Series B at a $3 billion valuation with CoinFund and Brevan Howard joining the cap table. That's the kind of war chest typically reserved for L1s, not L2s — and it tells you how seriously sophisticated investors take the thesis.

The M2 design has three load-bearing pieces:

  1. Move VM as the execution layer. Smart contracts execute under Move's resource-typed semantics, getting the safety properties described above by default.
  2. Solidity bytecode compatibility. Developers can deploy existing Ethereum contracts unchanged. Movement's MEVM (Move-EVM) layer accepts Solidity bytecode and re-executes it within the Move runtime, giving Solidity projects access to Move's performance and security without writing a single line of Move.
  3. Modular settlement and DA. M2 is a ZK rollup that settles to Ethereum and uses Celestia for data availability. The combination targets sustained throughput exceeding 100,000 transactions per second — verified figures cited by Movement's own technical disclosures by early 2026.

Movement also joined Polygon's AggLayer, which adds shared liquidity routing across the broader Polygon ecosystem. The testnet attracted roughly $160 million in committed TVL ahead of mainnet, and Movement-powered applications crossed $200 million in TVL by early 2026 — modest by Arbitrum standards but meaningful for a chain whose core value proposition is a different VM, not just cheaper gas.

The marketing pitch is direct: deploy your Uniswap fork unchanged, get reentrancy immunity for free.

The Investor Geometry Tells the Real Story

Look closely at the cap table and a pattern emerges. Aptos Labs participated in Movement's Series A. Polychain Capital — the lead — has positions in both Aptos and Sui. The fundraise effectively brought together the entire Move-language investment thesis under one umbrella.

That signals two things. First, the investors who funded Aptos and Sui see M2 not as a competitor but as a third front in a coordinated push to make Move the dominant smart contract language. Second, those same investors apparently believe that Ethereum-developer conversion is a faster route to Move adoption than continuing to grow Aptos and Sui ecosystems organically.

The numbers from the standalone Move chains support that read. Sui leads Aptos in monthly active developers (954 vs. 465) and TVL ($1 billion vs. $500 million), but combined the two chains still trail Ethereum L2s like Arbitrum and Base by an order of magnitude on every metric that matters for application diversity. If you believe Move is technically superior — and the Diem-veteran founder team and their backers clearly do — the rational play is to remove the migration cost for Solidity developers entirely.

What M2 Has to Prove

The hybrid VM thesis is elegant in slides and treacherous in practice. The argument against M2 has three parts.

The first risk is that the safety upgrade is leakier than advertised. Re-executing Solidity bytecode under Move's runtime is not the same thing as rewriting the contract in Move. If the EVM compatibility layer faithfully reproduces EVM semantics — including the call-stack model that enables reentrancy — then Move's static dispatch guarantees don't apply to the imported contracts. If the layer rewrites EVM call semantics into Move's static dispatch, then the contracts behave differently than they do on Ethereum, which breaks the "deploy unchanged" promise. Movement's published documentation suggests they've found a workable middle path, but the proof will come when high-value contracts are deployed and either get exploited or don't.

The second risk is the constituency problem. Hybrid VMs have a track record of appealing to neither pure constituency strongly enough. Solidity developers who care about safety mostly already use formal verification, fuzzing, and audits — adding another runtime feels like a complication, not a simplification. Move developers who care about Move's properties tend to want them in their pure form, not filtered through an EVM compatibility layer. The path to product-market fit runs through DeFi protocols who genuinely fear another Penpie-class incident and decide that runtime-level reentrancy immunity is worth the migration friction. There are such teams. There are not, yet, very many of them.

The third risk is that L2 fragmentation eats the play. Ethereum's L2 landscape is already crowded. Arbitrum, Optimism, Base, zkSync, Linea, Scroll, Polygon zkEVM, and a long tail of newer chains all compete for the same liquidity and developer attention. M2's differentiation is real, but L2 selection has historically been driven by ecosystem grants, integrations, and incumbent network effects far more than by technical merit. The chains that "should" have won on technology often haven't.

What M2 has going for it: the Move ecosystem on Aptos and Sui has been growing — Sui's $1 billion TVL is up substantially year-over-year — and the Move language has accumulated production credibility. The M2 launch isn't betting on an unproven VM; it's betting that an already-proven VM can recruit a much larger developer pool through compatibility.

Where This Sits in the Bigger L2 Story

Most Ethereum L2s are racing on the same axis: cheaper gas, faster blocks, stronger fraud-proof or ZK guarantees. They're competing on quantitative improvements to the same underlying execution model. M2 is one of the few that competes on the execution model itself.

That's a high-variance bet. Either resource-typed execution becomes a recognized category that institutional DeFi treasuries and audit-conscious protocols actively seek out — in which case M2 owns a defensible niche regardless of whether it wins the broader L2 war — or the market's revealed preference is that EVM compatibility plus better tooling is enough, and M2's safety properties end up as a bullet point on a marketing page nobody reads.

The 2026 setup is stress-testing both possibilities. Reentrancy losses keep climbing. Solidity 0.8+ has eaten into integer-overflow exploits but hasn't touched the deeper categories. New attack surfaces — AI agent–controlled wallets, autonomous trading strategies, multi-protocol composability — are expanding faster than auditing capacity. If a major institutional DeFi protocol gets hit for nine figures via a reentrancy in late 2026, the safety-first L2 thesis suddenly looks less academic.

For developers building on Move chains today, M2's existence raises a portfolio-construction question. Sui and Aptos are independent L1 ecosystems with their own validator sets, gas tokens, and user bases. M2 inherits Ethereum's settlement guarantees and bridges to Ethereum-denominated liquidity. They are not substitutes — they're three different bets on three different theories of how Move-language adoption plays out.

For Solidity developers, the question is narrower: is the safety property valuable enough to justify deploying on a chain whose ecosystem maturity, in 2026, is still a fraction of Arbitrum's? For most teams the answer is "not yet." For protocols managing high-value flows where a single exploit ends the company, the answer is increasingly "worth a serious look."

BlockEden.xyz operates production RPC infrastructure for the Move ecosystem — including Aptos and Sui — and the broader EVM landscape. Teams evaluating where to deploy can explore our API marketplace to compare endpoints, indexers, and analytics across more than 27 chains, including the Move-language networks that this article discusses.

Share on Twitter