DeFi-protocol Summer fi was hacked for $6 million through asset accounting vulnerability

7/6/2026, 11:45 AMЕвгения Слив

DeFi-protocol Summer fi was hacked on July 6, 2026 with estimated damages of around $6 million. The attacker exploited a vulnerability in the asset-sharing mechanism by misrepresenting totalAssets() in FleetCommander smart contracts. The project team suspended all Lazy Summer Protocol repositories and began investigating the incident.

According to CertiK and Cyvers, the attacker took a $65.4 million flash credit to temporarily increase the amount of funds in the protocol and initiate a withdrawal of about $70.9 million. After price manipulation, the hacker exchanged the stolen funds for DAI stablecoins and transferred them to his own address. The vulnerability also affected the Ark contract, which linked the protocol to external node services.

Summer fi did not disclose the technical details of the attack, but confirmed work to resolve the issue. The incident occurred amid a decline in total crypto damage in June to $75.9 million, although the number of outbreaks in the second quarter reached an historic high of 83 cases.

Popular news