TL;DR:
The DeFi yield optimization protocol Summer Finance suffered an exploit of approximately $6 million, stolen through a sophisticated flash loan attack. Blockchain security firm Blockaid was the first to detect the breach, while other analysts provided additional technical details on the attack vector.
According to security firm CertiK, the attacker took out a $65.4 million flash loan to achieve a redemption of $70.9 million, exploiting vulnerabilities in the way Summer.fi’s Lazy Summer Protocol accounted for assets within its vaults.
We are aware of the reported exploit a little earlier today and are investigating the root cause. The protocol guardians are currently pausing all Vaults across the Lazy Summer Protocol.
We will provide more updates as we have them.
— Summer.fi
(@summerfinance_) July 6, 2026
The protocol operates as an automated yield optimization system that uses artificial intelligence agents to dynamically reallocate user deposits across high-yield lending platforms.
“The attacker was able to redeem $70.9 million after making a deposit of $64.8 million by manipulating the totalAssets() accounting of the FleetCommander across a series of vaults, particularly Silo: Varlamore USDC Growth, which the attacker had previously accumulated and donated to the Ark,” CertiK explained. The FleetCommander is the smart contract that manages the vaults, while the Ark is the contract that connects a vault to a lending protocol.
Blockaid's exploit detection system has identified an ongoing exploit on @summerfinance_.
~$6M drained so far.
More details in— Blockaid (@blockaid_) July 6, 2026
Security firm Cyvers specified that the attack targeted a share accounting vulnerability through price manipulation. The stolen funds — approximately $6 million — were converted into the stablecoin DAI and transferred to an address controlled by the attacker.
ALERT
Our system has detected a suspicious transaction involving @summerfinance_ with an estimated loss of $6M.
An address funded via #FixedFloat on #Base executed a suspicious transaction on the #ETH network.
Root cause: The attacker appears to have exploited a share… pic.twitter.com/oS1OE5vGYh
—
Cyvers Alerts
(@CyversAlerts) July 6, 2026
Phylax Systems founder Odysseas Lamtzidis published a technical analysis indicating that the Summer Finance exploit originated in vault accounting flaws within the same transaction and in incorrect assumptions about liquidity, ruling out any compromise of private keys or admin privileges.
1/ Attacker was able to redeem $70.9M following $64.8M deposit thanks to manipulation of FleetCommander's accounting of totalAssets() on a host of vaults, particularly Silo: Varlamore USDC Growth, which the attacker had accumulated beforehand and donated to the Ark in between. pic.twitter.com/x2eeKlWy3n
— CertiK Alert (@CertiKAlert) July 6, 2026
The incident adds to the growing list of incidents in 2026. According to CryptoRank, 121 hacks have been recorded in the DeFi sector so far this year, with losses approaching $942 million.

The second quarter was the setting for 85 exploits and approximately $775 million in damages, although the bulk of the losses are attributed to two massive attacks in April: Drift Protocol and KelpDAO together lost nearly $590 million in funds, both linked by TRM Labs and Chainalysis to North Korea-backed hacker groups.