Summer.fi Suffers $6M DeFi Exploit After Alleged Flash Loan Manipulates Vault Accounting
In Brief
Summer.fi lost about $6 million in a suspected flash loan attack that allegedly exploited a share accounting flaw in its DeFi vault infrastructure.

Web3 security platform Blockaid reported an ongoing exploit targeting DeFi platform Summer.fi, with approximately $6 million in assets drained so far.
According to Blockaid, the attack affected the platform’s Lazy Summer smart contracts. Security researchers said a wallet funded through FixedFloat on the Base network initiated a suspicious transaction on Ethereum.
Preliminary analysis indicates the attacker exploited a vulnerability in the vault’s share accounting mechanism by manipulating asset prices. The stolen funds were subsequently converted into DAI and transferred to an address controlled by the attacker.
Blockchain security firm PeckShield identified the primary affected vault as LazyVault_LowerRisk_USDC (LVUSDC), which is managed by Block Analitica. During the incident, the vault’s displayed annual percentage yield (APY) briefly surged to around 2.08 million, reflecting the abnormal state of the protocol. PeckShield also noted that one of the vault’s largest holders, a wallet believed to be associated with Torben Jorgensen (UDHC), had deposited roughly 8.6 million USDC into the affected vault.
Flash Loan Attack Suspected as Cause of Exploit
Separately, CertiK pointed to a suspicious transaction consistent with a flash loan attack. According to the firm’s analysis, the attacker obtained a flash loan worth approximately $65.4 million and used the borrowed funds to manipulate liquidity across Curve’s DAI/USDC pools and Morpho V2 vaults. The exploit is believed to have abused the vault deallocation mechanism, enabling the attacker to manipulate share accounting before extracting $6 million in profit. The flash loan was repaid within the same blockchain transaction, meaning the attacker did not need to commit their own capital beyond transaction fees.
Flash loan attacks remain difficult to prevent because they allow large amounts of capital to be borrowed and repaid within a single transaction, making it possible to temporarily distort liquidity or pricing conditions without long-term financial exposure.
Summer.fi provides yield aggregation and automated vault management services, offering institutional-focused infrastructure for DeFi users. It enables users to borrow stablecoins, manage leveraged positions, and earn yield through integrations with multiple DeFi protocols. The project had not publicly commented on the incident at the time of publication.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in crypto, AI, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in crypto, AI, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.



