Summer season Finance has develop into the most recent decentralized finance protocol to endure a serious safety incident. Up to now, $6 million has been drained within the ongoing exploit, in line with blockchain safety agency Blockaid.
Nonetheless, the venture has but to launch an official assertion.
Flash Mortgage Assault
Pseudonymous crypto dealer Crypto Jargon stated the attacker borrowed the funds via a flash mortgage, manipulated liquidity throughout Curve’s DAI/USDC swimming pools and Morpho, extracted about $6 million in revenue, and repaid the mortgage throughout the identical transaction. The dealer stated that flash mortgage assaults stay tough to stop and defined,
“The attacker doesn’t have to personal the cash they’re manipulating with; they borrow $65M for a couple of seconds, quickly distort a worth or liquidity ratio, extract the distinction, and return the mortgage earlier than the transaction even finalizes. If any single step reverts, the entire thing undoes itself, in order that they solely ever danger fuel charges.”
Phylax Techniques founder Odysseas Lamtzidis additionally shared a technical evaluation, suggesting that the exploit was brought on by flaws in Summer season Finance’s same-transaction vault accounting and liquidity assumptions, somewhat than compromised keys or abuse of admin privileges. He added that the attacker used an unverified contract to orchestrate the exploit, whereas the weak protocol elements themselves have been verified.
2026 DeFi Losses
The incident comes amid a pointy rise in assaults concentrating on DeFi protocols this 12 months. In line with crypto market tracker CryptoRank, the sector has recorded 121 DeFi hacks in 2026, which resulted in virtually $942 million in losses.
Most of this 12 months’s assaults occurred within the second quarter, when hackers carried out 85 exploits and stole round $775 million. CryptoRank discovered that DeFi’s complete worth locked (TVL) has declined each month this 12 months after falling from about $115 billion in January to $70 billion by late June as investor confidence weakened.
Whereas Q2 recorded the very best variety of exploits, the agency stated most losses stemmed from two main assaults in April. Drift Protocol and KelpDAO collectively misplaced about $590 million, which represented greater than half of all DeFi losses this 12 months.
TRM Labs and Chainalysis linked each assaults to North Korea-backed hacking teams. Their investigations discovered that the attackers used social engineering, compromised infrastructure, and manipulated cross-chain verification techniques to hold out the large-scale thefts.
The publish $6 Million Gone: Summer season Finance Hit by Subtle Flash Mortgage Liquidity Manipulation appeared first on CryptoPotato.

