
Summer.fi is winding down its Labs company and retiring its user interface after the July 6 exploit left the business without enough financial runway to rebuild.
The Summer.fi wind-down ends five years of independent operation following its June 2021 spinout from the Maker Foundation. The team spent another two years building inside Maker before launching independently under the Oasis.app brand and later rebranding to Summer.fi.
The platform served more than 50,000 users across leveraged Maker positions, automated vault management and DeFi yield products. Lazy Summer Protocol reached about $200 million in total value locked during its first nine months before losses tied to the Stream Finance collapse began weighing on its vault system in October 2025.
A meaningful portion of the team’s own capital was held inside the vaults affected by the latest attack. That loss removed funding needed to continue operations after the company reviewed possible recovery paths.
The shutdown adds to pressure on DeFi businesses exposed through privileged infrastructure and vault accounting. Ostium paused trading after an oracle signer compromise drained up to $18 million from its Arbitrum liquidity vault through fabricated price reports and repeated artificial trading profits.
The July 6 Lazy Summer exploit extracted approximately $6.04 million from two Ethereum USDC vaults in a single atomic transaction.
The attacker manipulated the vaults’ net asset value by donating overvalued Silo Varlamore vault tokens into strategy adapters that had been capped for offboarding but remained included in share-price calculations. The inflated valuation allowed the attacker to deposit at the genuine price and redeem against liquid vault assets at a higher artificial price.
The lower-risk vault lost about $5.64 million, while the higher-risk vault lost roughly $400,000. More than $65 million in flash-loaned stablecoins funded the transaction before the extracted assets were converted into DAI.
All Lazy Summer vaults were paused and their deposit caps were reduced to zero. The attacker later routed part of the proceeds through Tornado Cash, reducing the possibility of recovering the full amount through public transaction tracing.
The underlying Lazy Summer Protocol will not automatically close with the Summer.fi company. Its smart contracts and governance remain controlled by the Lazy Summer DAO, which must decide how to handle the affected vaults, remaining liquidity and future operations.
Governance is working to restore withdrawals and redemptions across the vault system, including the two exploited Ethereum products. Around $4 million remained in the affected vaults after the attack, much of it held in illiquid positions that require a DAO-approved distribution process.
The shutdown follows Radiant Capital’s wind-down, which began after the lending protocol failed to recover from a $50 million security breach.
The Summer.fi interface will remain live through August 31. Its support email and Discord channels will also remain available until the end of August while users wait for vault withdrawals and redemptions to resume.
The post Summer.fi Winds Down After $6M Lazy Summer Vault Exploit appeared first on Crypto Adventure.