|

$6 Million Gone: Summer Finance Hit by Sophisticated Flash Loan Liquidity Manipulation

Summer Finance has turn into the newest decentralized finance protocol to endure a serious safety incident. So far, $6 million has been drained within the ongoing exploit, in response to blockchain safety agency Blockaid.

However, the undertaking has but to launch an official assertion.

Flash Loan Attack

Pseudonymous crypto dealer Crypto Jargon stated the attacker borrowed the funds by way of a flash mortgage, manipulated liquidity throughout Curve’s DAI/USDC swimming pools and Morpho, extracted about $6 million in revenue, and repaid the mortgage throughout the identical transaction. The dealer stated that flash mortgage assaults stay troublesome to forestall and explained,

“The attacker doesn’t have to personal the cash they’re manipulating with; they borrow $65M for just a few seconds, briefly distort a worth or liquidity ratio, extract the distinction, and return the mortgage earlier than the transaction even finalizes. If any single step reverts, the entire thing undoes itself, in order that they solely ever threat gasoline charges.”

Phylax Systems founder Odysseas Lamtzidis additionally shared a technical evaluation, suggesting that the exploit was induced by flaws in Summer Finance’s same-transaction vault accounting and liquidity assumptions, reasonably than compromised keys or abuse of admin privileges. He added that the attacker used an unverified contract to orchestrate the exploit, whereas the weak protocol parts themselves have been verified.

2026 DeFi Losses

The incident comes amid a pointy rise in assaults focusing on DeFi protocols this yr. According to crypto market tracker CryptoRank, the sector has recorded 121 DeFi hacks in 2026, which resulted in virtually $942 million in losses.

Most of this yr’s assaults occurred within the second quarter, when hackers carried out 85 exploits and stole round $775 million. CryptoRank discovered that DeFi’s complete worth locked (TVL) has declined each month this yr after falling from about $115 billion in January to $70 billion by late June as investor confidence weakened.

While Q2 recorded the best variety of exploits, the agency stated most losses stemmed from two main assaults in April. Drift Protocol and KelpDAO collectively misplaced about $590 million, which represented greater than half of all DeFi losses this yr.

TRM Labs and Chainalysis linked each assaults to North Korea-backed hacking teams. Their investigations discovered that the attackers used social engineering, compromised infrastructure, and manipulated cross-chain verification programs to hold out the large-scale thefts.

The submit $6 Million Gone: Summer Finance Hit by Sophisticated Flash Loan Liquidity Manipulation appeared first on CryptoPotato.

Similar Posts