2,000,000% APY Trap: $6 Million Drained in Ethereum DeFi Exploit

CN
U.today
Follow
8 hours ago

On Monday morning, major multichain protocol Summer.fi, formerly Oasis.app, was hit by a sophisticated hacker attack. The attacker managed to drain the project's automated vaults and withdraw about $6 million in DAI stablecoins. The incident was quickly detected by leading security firms Blockaid, PeckShield and CertiK.


The 2,000,000% trap


This hack stood out because of its abnormal mechanics. The hacker used a massive flash loan worth $65.4 million to artificially distort liquidity inside the "LazyVault_LowerRisk_USDC" pool. This vault had been positioned by developers as a lower-risk instrument, while its security was overseen by Block Analitica.


At the moment of the manipulation, the pool's algorithms suffered a critical failure, causing the displayed yield, or APY, of the conservative vault to briefly jump to an absurd 2,080,000%. It was through this window of distorted pricing that the hacker was able to instantly withdraw user funds.


HOT Stories XRP Keeps Dominating ETF Inflows XRP, Shiba Inu (SHIB), Bitcoin and Dogecoin (DOGE) Price Analysis for July 6: First Breakout Attempt Shut Down

#PeckShieldAlert Main affected vault: @summerfinance_ LazyVault_LowerRisk_USDC (LVUSDC), risk-managed by @BlockAnalitica.

LVUSDC’s displayed APY briefly spiked to ~2.08M%.

The largest current holder is 0x8741e8f...4130, which appears to be associated with Torben Jorgensen… pic.twitter.com/jscIC554Ee

— PeckShieldAlert (@PeckShieldAlert) July 6, 2026

For Summer.fi, this incident continued a series of problems inside its multichain infrastructure, which spans Ethereum, Base and Arbitrum. Over the past year alone, the protocol had already faced frozen withdrawals because of the USDX stablecoin depeg, narrowly avoided an attack through the rsETH project, and blocked a malicious governance proposal at the last moment after it exploited old access permissions.



You Might Also Like
Mon, 07/06/2026 - 00:01 XRP, Shiba Inu (SHIB), Bitcoin and Dogecoin (DOGE) Price Analysis for July 6: First Breakout Attempt Shut DownByArman Shirinyan

The new hack occurred against the backdrop of a difficult year for the entire Web3 industry. According to analysts, by the start of Q3 2026, total DeFi-sector losses from cyberattacks had already exceeded $840 million, with the main blow coming in a record April that accounted for more than $640 million.


The exploit mainly affected large players. According to on-chain intelligence, the biggest loss was suffered by a wallet linked to Torben Jorgensen, co-founder of Web3 company UDHC, who had deposited about 8.6 million USDC into the affected pool shortly before the attack. All stolen DAI was quickly converted through Uniswap V3 pools.


At the time of writing, the Summer.fi team has temporarily paused all compromised contracts, but no official statements about compensation have been released yet.


免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink