Summer Finance Pauses Vaults After $65.4M Flash Loan Attack Causes $6M Loss

Summer Finance suffered a $6 million loss on Monday, July 6, 2026, when an attacker exploited a vulnerability in the Lazy Summer Protocol using a $65.4 million flash loan. The breach targeted the Fleet Commander contract's asset accounting logic, allowing the attacker to manipulate token valuations and extract funds through an arbitrage maneuver. The attack pushed total decentralized finance (DeFi) ecosystem losses past $840 million in 2026, according to blockchain security firms that flagged the incident in real-time onchain analytics.

Attacker Exploits Fleet Commander Contract With $65.4M Flash Loan

Blockchain security firm Certik revealed that the attacker initiated a $65.4 million flash loan to distort the asset valuation framework of the Lazy Summer Protocol vault managed under Summer.fi. By exploiting a vulnerability in the Fleet Commander contract's asset accounting logic, the attacker artificially skewed how the system calculated token value. After depositing approximately $64.8 million into the manipulated ecosystem, the actor executed an arbitrage maneuver to redeem $70.9 million in assets. According to Cyvers, the exploiter rapidly swapped the resulting $6 million profit into DAI stablecoins before funneling the stolen funds into an attacker-controlled wallet to break the paper trail.

Protocol Guardians Pause All Lazy Summer Protocol Vaults

Following the alerts, the Summer Finance team confirmed the breach, stating: "We are aware of the reported exploit a little earlier today and are investigating the root cause. The protocol guardians are currently pausing all Vaults across the Lazy Summer Protocol. We will provide more updates as we have them." The protocol guardians paused all vaults while the core development team completes a full patch.

Security Experts Issue Defensive Precautions for Participants

Security experts urged participants to take immediate defensive precautions, including revoking permissions or canceling any active smart contract approvals tied to the affected Lazy Summer Protocol vaults. Experts also advised participants to verify all communications exclusively through official project channels to avoid phishing attacks, and to consider moving digital assets out of online "hot" wallets into offline cold storage until the core development teams patch the underlying protocols.

FAQ

What happened to Summer Finance on July 6, 2026? Summer Finance suffered a $6 million loss on Monday, July 6, 2026, when an attacker used a $65.4 million flash loan to exploit a vulnerability in the Fleet Commander contract's asset accounting logic within the Lazy Summer Protocol.

How did the attacker steal funds from Summer Finance? The attacker initiated a $65.4 million flash loan to manipulate token valuations in the Lazy Summer Protocol vault. After depositing approximately $64.8 million into the system, the attacker redeemed $70.9 million in assets through an arbitrage maneuver, swapped the $6 million profit into DAI stablecoins, and transferred the funds to an attacker-controlled wallet.

What actions did Summer Finance take after the attack? The Summer Finance team confirmed the breach and stated that protocol guardians paused all vaults across the Lazy Summer Protocol while the core development team investigates the root cause and completes a full patch.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments