Summerfi releases analysis of Lazy Summer protocol attack involving $6.04 million in funding
AiCoin|Jul 08, 2026 00:20
Summerfi releases analysis report on Lazy Summer Protocol USDC vault attack. On July 6th, the attacker manipulated the prices of two USDC vault shares in a single atomic transaction, extracting approximately $6.04 million in depositor funds. The attack originated from the net asset value (NAV) calculation mechanism of the vault. The attacker donated tokens to a temporarily suspended but not completely removed Silo Ark, resulting in a virtual increase of about 9.5% in the total assets of the vault and an increase in share prices. Subsequently, the attacker redeemed and withdrew from the liquidity of the vault at the inflated price. The report points out that the attack was not a contract code vulnerability, but rather caused by a missing link in the offline process of the vault. Although the deposit limit of the Ark was set to zero, it was still included in the NAV in the active asset concentration.
Share To
HotFlash
APP
X
Telegram
CopyLink