Just-In: Summer.fi Hit By Suspected $6M Flash Loan Exploit As DeFi Vaults Targeted

Coingapestaff
Coingapestaff

Coingapestaff

Journalist
CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.
Read full bio
coingape google news
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Summer.fi Hit By Suspected $6M Flash Loan Exploit As DeFi Vaults Targeted
Sponsored This page may contain affiliate links. If you sign up through these links, we may earn a commission at no additional cost to you. This does not influence our editorial reviews or rankings.

Highlights

  • An attacker used a $65.4M Morpho flash loan to drain about $6M, mostly in DAI, from Summer.fi's Lazy Summer Protocol.
  • The exploit manipulated vault share accounting in a single atomic transaction, targeting a known ERC-4626 vulnerability.
  • Blockaid and CertiK confirmed the attack, Summer.fi has yet to issue an official statement as users monitor positions.

In a recent development earlier today, Blockaid and CertiK, blockchain security firms, identified a flash loan exploit on Summer.fi (Lazy Summer Protocol). With a flash loan of $65.4 million, sourced from Morpho, the attacker was able to stash about $6 million, mostly in DAI, and alter the accounting of vault shares all in one atomic transaction.

How the Summer.fi Attack Unfolded

The Lazy Summer Protocol is the yield vault protocol launched by Summer.fi in early 2025 and SUMR is the governance token introduced in January 2026.

The protocol moves user deposits from the top DeFi loan markets, such as Morpho, Fluid, and Aave, automating the rebalancing of funds for optimal risk-adjusted returns. This attack now puts that automated vault architecture under scrutiny, as DeFi Flash Loan Attacks have drained $500M, a pattern still hitting protocols in 2026.

The exploit reportedly exploited one of Summer.fi’s ERC-4626-style vaults, known as LazyVault_LowerRisk_USDC. The attacker’s wallet, 0x7BF…3BDCa, has been seen on-chain, with the wallet receiving funds approximately two months prior to the attack, showing careful planning.

The attacker obtained a $65.4 million flash loan from Morpho and routed the funds through Curve, Uniswap, and Balancer to manipulate vault liquidity and share prices.

By making large deposits and withdrawals within a single atomic transaction, the exploiter distorted the vault’s share accounting and extracted approximately $6 million before repaying the flash loan. Because the transaction was atomic, it either executed entirely or failed completely.

The exploit leveraged a known ERC-4626 tokenized vault vulnerability involving share inflation through token donations, a flaw previously observed in several DeFi incidents. The attack was independently confirmed by security firm PeckShield and the exploit monitoring platform Phalcon.

The Yearn Finance Flash Loan Exploit on Aave in a prior cycle used comparable vault manipulation mechanics, underscoring how this attack vector has persisted across DeFi generations.

Impact, Response, and What’s Next

At the time of writing, Summer.fi has not made any official statement. At the time of the initial Blockaid alert, the attack was said to be continuing. They are being urged to keep a close eye on positions if affected by the impacted vault.

Blockaid identified the exploit and alerted users in real time through its threat detection network. According to CertiK, the attacker profited approximately $6 million through liquidity manipulation. Initial reports indicated that no external user funds were at risk, as the exploit was limited to the affected vault’s mechanics.

The incident adds to a growing number of DeFi security breaches in 2026. Flash loan attacks remain particularly difficult to defend against because they require no upfront collateral, and failed attacks are automatically reverted.

The extent to which the wider DeFi movement can recover, and if at all, will depend on the Summer.fi team’s findings regarding a mitigation strategy as well as their outreach efforts via a “whale hat” approach. The Best DeFi Lending Platforms in 2026 still carry smart contract exploit risks, a reminder that due diligence remains critical even on audited platforms.

 

Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Why Trust CoinGape

CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more… to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.

Newsletter
Your crypto brief.
Delivered every day.
  • Insights that move markets
  • 100,000 active subscribers
By signing-up you agree to our Terms and Conditions and Privacy Policy.
About Author
About Author
CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.