Attackers Exploit Summer.fi Lazy Summer Protocol NAV Mechanism, Withdraw $6.04M on July 6

According to PANews, on July 6, attackers exploited the Lazy Summer Protocol USDC vault's net asset value (NAV) calculation mechanism in a single atomic transaction, withdrawing approximately $6.04 million in depositor funds. The attack was not caused by contract code flaws but by gaps in vault decommissioning—an inactive Silo Ark component retained outdated token valuations, inflating total vault assets by 9.5%, enabling attackers to redeem at artificially inflated share prices and extract real liquidity. Guardian Multisig has paused all on-chain vaults and set deposit caps to zero; Lazy Summer DAO plans to discuss compensation for affected users and vault restart timelines.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments