Summer Finance hit by $6M exploit; LazyVault APY display spikes to 2.08M%
AI Market Summary
Summer Finance reported an exploit in which an attacker drained about $6M in DAI, while the affected LVUSDC vault's displayed APY briefly spiked to 2.08M% due to manipulated accounting rather than real yield. The protocol paused all vaults and is investigating. The incident reinforces smart-contract and liquidity-manipulation risk in DeFi and can pressure near-term risk appetite across crypto, especially for yield products.
Impact level
● Medium
Affected assets
BTC/USDT-0.39%
AI Insight · BTC/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Summer Finance has reported an exploit in which an attacker drained about $6 million worth of DAI, according to PeckShieldAlert. The incident primarily affected the LazyVault LowerRisk USDC vault (LVUSDC), where the vault's displayed APY briefly surged to 2.08 million%.
Market observers noted the figure was not a realizable yield for users, but an artificially inflated APY likely stemming from the exploit and/or manipulated vault accounting. PeckShieldAlert flagged the event on July 6, 2026.
Summer Finance later confirmed it was investigating the reported exploit and said protocol guardians were pausing all vaults across the Lazy Summer Protocol. The team said it would provide updates as more information becomes available.
On-chain data cited in the report indicates the largest current holder of the affected vault is address "0x874…4130," which is reportedly linked to UDHC's Torben Jorgensen and holds a cumulative deposit of nearly 8.6 million USDC. The incident has fueled concerns about systemic risk and potential manipulation in DeFi, as the LVUSDC vault's abnormal yield display could mislead users into believing returns were legitimate.
PeckShieldAlert said such APY anomalies often serve as warning signs of contract-level vulnerabilities or liquidity manipulation. The situation is further complicated by Summer.fi's risk-management partner, Block Analitica. Analysts said the exploit underscores the need for stronger safeguards, including improved audits, contingency planning, and real-time monitoring to reduce the risk of catastrophic losses.