Decentralized finance protocol Summer time.fi has paused its Lazy Summer time vaults after an exploit that drained about $6 million from the Ethereum-based yield platform, in keeping with the mission and a number of other blockchain safety corporations.
Lazy Summer time is an automatic yield platform that routes deposits throughout lending markets comparable to Aave and Morpho searching for larger returns whereas dealing with rebalancing on behalf of customers.
The incident was first flagged by blockchain safety agency Blockaid, with PeckShield and CertiK additionally reporting suspicious exercise. Summer time.fi later confirmed it was investigating the assault and stated protocol guardians had paused affected vaults to forestall further losses.
Early analyses recommend the attacker leveraged a big flash mortgage assault, reportedly sourced by Morpho, to control the accounting logic of Lazy Summer time’s automated USDC vaults.
DeFi safety researcher Bhari famous that the exploit took benefit of a flaw within the code to inflate whole belongings, which they had been then allowed to redeem for a internet revenue. The stolen funds had been apparently transformed to DAI on Curve earlier than being transferred to the attacker’s pockets.
The protocol had $22 million in whole worth locked earlier than the exploit, in keeping with DeFiLlama information. The protocol’s SUMR token misplaced greater than 18% of its worth after the exploit was uncovered.

