logo
    TicketsSpeakers
    News
    logo

    #Summer Finance

    Summer Finance Hit by $6 Million Exploit

    Summer Finance Hit by $6 Million Exploit

    Charles Obison
    July 8, 2026
    1,987 views
    Make Us Preferred on Google

     

    Summer Finance, a DeFi yield optimization protocol, was hit by an exploit that affected the protocol's USDC vaults, resulting in an estimated loss of roughly $6 million.

     

    The exploit was confirmed by several blockchain security firms, including Blockaid, Cyvers, and CertiK. According to Cyvers, the attack appears to have been caused by the exploitation of a shared accounting vulnerability. The stolen funds were eventually swapped for the DAI stablecoin and transferred to the attacker's wallet.

     

    Although all vaults across the Lazy Summer Protocol were immediately paused after the exploit was confirmed, the team later released a post-mortem report detailing how the attack occurred, its scope and impact, the response actions taken, and ongoing fund recovery efforts.

     

    Image credit: x.com

     

    According to the post-mortem report, the exploit targeted two Lazy Summer Protocol USDC vaults on the Ethereum mainnet. The attack, which is believed to have been planned over a period of about 3 months, was executed using a $65 million flash loan. Of that amount, approximately $64.8 million was deposited into Summer's vaults.

     

    The attacker then deposited Varlamore USDC (vgUSDC) Growth tokens, which were essentially worthless, into the vulnerable Silo Ark vault, which had been partially shut down. Because the vault's accounting logic incorrectly treated the fake vgUSDC tokens as legitimate assets with real value, the attacker was able to withdraw genuine funds from the protocol.

     

    In response, the Summer Finance team took several measures to contain the impact, including pausing vaults across the Ethereum, Base, Arbitrum, and Sonic networks. The team has also launched an investigation and begun tracing the stolen funds.

     

    The Summer Finance exploit occurred around the same time that the BonkDAO treasury was drained of approximately $20 million. In that incident, the attacker reportedly purchased $4.4 million worth of BONK tokens, allowing them to meet the DAO's low quorum threshold. The attacker then passed a malicious governance proposal, BIP 76, which automatically transferred approximately $20 million from the treasury. 

     

    Tags:
    #Defi#Ethereum#USDC#blockchain security#Crypto Exploit#Flash Loan Attack#Summer Finance