|

Summer.fi Suffers $6M DeFi Exploit After Alleged Flash Loan Manipulates Vault Accounting

Summer.fi Suffers $6M DeFi Exploit After Alleged Flash Loan Manipulates Vault Accounting
Summer.fi Suffers $6M DeFi Exploit After Alleged Flash Loan Manipulates Vault Accounting

Web3 safety platform Blockaid reported an ongoing exploit focusing on DeFi platform Summer.fi, with roughly $6 million in belongings drained up to now. 

According to Blockaid, the assault affected the platform’s Lazy Summer sensible contracts. Security researchers stated a pockets funded via FixedFloat on the Base community initiated a suspicious transaction on Ethereum.

Preliminary evaluation signifies the attacker exploited a vulnerability within the vault’s share accounting mechanism by manipulating asset costs. The stolen funds had been subsequently transformed into DAI and transferred to an tackle managed by the attacker.

Blockchain safety agency PeckShield recognized the first affected vault as LazyVault_LowerRisk_USDC (LVUSDC), which is managed by Block Analitica. During the incident, the vault’s displayed annual proportion yield (APY) briefly surged to round 2.08 million, reflecting the irregular state of the protocol. PeckShield additionally famous that one of many vault’s largest holders, a pockets believed to be related to Torben Jorgensen (UDHC), had deposited roughly 8.6 million USDC into the affected vault.

Flash Loan Attack Suspected as Cause of Exploit

Separately, CertiK pointed to a suspicious transaction per a flash mortgage assault. According to the agency’s evaluation, the attacker obtained a flash mortgage price roughly $65.4 million and used the borrowed funds to control liquidity throughout Curve’s DAI/USDC swimming pools and Morpho V2 vaults. The exploit is believed to have abused the vault deallocation mechanism, enabling the attacker to control share accounting earlier than extracting $6 million in revenue. The flash mortgage was repaid inside the similar blockchain transaction, which means the attacker didn’t have to commit their very own capital past transaction charges.

Flash mortgage assaults stay tough to stop as a result of they permit giant quantities of capital to be borrowed and repaid inside a single transaction, making it doable to briefly distort liquidity or pricing situations with out long-term monetary publicity.

Summer.fi offers yield aggregation and automatic vault administration companies, providing institutional-focused infrastructure for DeFi customers. It allows customers to borrow stablecoins, handle leveraged positions, and earn yield via integrations with a number of DeFi protocols. The venture had not publicly commented on the incident on the time of publication.

The publish Summer.fi Suffers $6M DeFi Exploit After Alleged Flash Loan Manipulates Vault Accounting appeared first on Metaverse Post.

Similar Posts