Web3
DeFi protocol Summer.fi halts Lazy Summer vaults after $6 million exploit
The protocol’s SUMR token fell by over 18% after the incident.
By Francisco Rodrigues|Edited by Cheyenne Ligon
Jul 6, 2026, 1:42 p.m.
1 min read
Make preferred on
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
Make preferred on
Summary
Show
Summer.fi has paused all Lazy Summer Protocol vaults following an exploit that resulted in the theft of approximately $6 million from the yield platform.
The exploiter used a flash loan attack to manipulate the accounting logic of the USDC vaults, allowing them to artificially inflate assets and redeem them for profit.
The protocol’s SUMR token fell by over 18% following the incident.
Decentralized finance protocol Summer.fi has paused its Lazy Summer vaults after an exploit that drained about $6 million from the Ethereum-based yield platform, according to the project and several blockchain security firms.
Lazy Summer is an automated yield platform that routes deposits across lending markets such as Aave and Morpho in search of higher returns while handling rebalancing on behalf of users.
The incident was first flagged by blockchain security firm Blockaid, with PeckShield and CertiK also reporting suspicious activity. Summer.fi later confirmed it was investigating the attack and said protocol guardians had paused affected vaults to prevent additional losses.
Early analyses suggest the attacker leveraged a large flash loan attack, reportedly sourced through Morpho, to manipulate the accounting logic of Lazy Summer's automated USDC vaults.
DeFi security researcher Bhari noted that the exploit took advantage of a flaw in the code to inflate total assets, which they were then allowed to redeem for a net profit. The stolen funds were apparently converted to DAI on Curve before being transferred to the attacker's wallet.
The protocol had $22 million in total value locked before the exploit, according to DeFiLlama data. The protocol's SUMR token lost more than 18% of its value after the exploit was uncovered.
DeFiWeb3
Latest Crypto News
1
Coinbase secures UK authorization to offer traditional investments alongside crypto
1 hour ago
2
Bitcoin's July gains may be fleeting as U.S. demand stays weak
1 hour ago
3
Bitcoin stalls as open interest decline raises questions about rally's staying power
1 hour ago
4
Binance taps into Bitcoin holders’ hunger for yield with new covered call yield play
4 hours ago
5
Bitcoin's recent macro relief faces a challenge from Japanese interest rates
4 hours ago
6
Live markets: Samsung earnings miss sparks uncertainty as bitcoin dips below $64,000
5 hours ago
7
BONK faces $20 million treasury drain after attacker spends $4 million to pass malicious proposal
6 hours ago
8
XRP stalls near $1.14 as breakout attempt struggles for volume
7 hours ago
9
Bitcoin drops after a run at $64,000, shrugging off Strategy's $213 million BTC sale
8 hours ago
10
Bitcoin's U.S. reserve still a work-in-progress as federal agencies hash it out
14 hours ago
Latest Research
Building the Zcash Machine: Tachyon and Quantum Readiness
Building the Zcash Machine: Tachyon and Quantum Readiness
Zcash’s Tachyon upgrade aims to scale shielded payments, improve quantum readiness, and test whether its funding, security, and governance can hold.
By CoinDesk Research
Jun 30, 2026
Commissioned byGenZcash
Zcash’s Tachyon upgrade aims to scale shielded payments, improve quantum readiness, and test whether its funding, security, and governance can hold.
Why it matters:
Zcash’s Tachyon upgrade aims to scale shielded payments, improve quantum readiness, and test whether its funding, security, and governance can hold.
View Full Report
More From Web3
Mysterious Solana project World unveiled as fully onchain prediction market
Buterin says Ethereum Foundation will shrink, sell less ETH, and focus on 'CROPS'
Kelp claims that LayerZero approved the setup it blamed for $292 million bridge hack