to leave a comment.

▲ Ethereum (ETH), Decentralized Finance (DeFi), Summer.fi, Cryptocurrency Hacking/AI Generated Image
A 'low-risk' automated asset management product, whose annualized yield soared to 2.08 million% in an instant, turned into a conduit for a $6 million theft. The Ethereum (ETH)-based decentralized finance (DeFi) protocol Summer.fi suffered a $65.4 million flash loan attack and lost a large amount of DAI.
According to cryptocurrency media outlet U.Today on July 6 (local time), Summer.fi, formerly Oasis.app, was subjected to a sophisticated hacker attack on Monday morning. The attacker exploited a vulnerability in an automated asset management product to withdraw approximately $6 million worth of DAI, and security firms such as Blockaid, PeckShield, and CertiK detected the attack.
The core of the attack was a $65.4 million flash loan. The hacker artificially distorted the fund structure of the 'LazyVault_LowerRisk_USDC' liquidity pool, which the development team had presented as a low-risk product. A critical error occurred in the algorithm, causing the displayed Annual Percentage Yield (APY) of the product to instantly skyrocket to 2.08 million%, and the hacker exploited this price distortion to immediately withdraw user funds. Block Analitica was responsible for the risk management of this product.
Summer.fi's multi-chain infrastructure spans Ethereum, Base, and Arbitrum, and has experienced several security issues over the past year. Withdrawals were frozen due to the USDX stablecoin de-pegging incident, an attack via the rsETH project was narrowly avoided, and a malicious governance proposal exploiting outdated access rights was blocked at the last moment. Before the start of Q3 2026, the DeFi industry's cyberattack losses had already exceeded $840 million, with over $640 million in losses recorded in April alone.
The damage from this attack was concentrated on users who had deposited large amounts of funds. According to on-chain information, a wallet linked to Torben Jorgensen, co-founder of Web3 company UDHC, had deposited approximately 8.6 million USDC into the affected liquidity pool just before the attack and suffered the largest loss. The stolen DAI was quickly converted through the Uniswap V3 liquidity pool.
The Summer.fi team has temporarily suspended operations for all affected contracts. No official announcement regarding compensation for damages has been made as of the time of writing.
[Article Key Summary]
-Summer.fi's low-risk automated asset management product was hit by a flash loan attack, resulting in the theft of approximately $6 million worth of DAI.
-The hacker distorted the fund structure with a $65.4 million flash loan, causing the displayed APY to instantly skyrocket to 2.08 million%.
-Summer.fi has temporarily suspended the operation of affected contracts, and no official announcement regarding compensation for damages has been made.
*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*
Newsletter
Get key news delivered to your email every morning
to leave a comment.