Crypto World
DeFi platform Summer Finance loses $6M in vault exploit
DeFi platform Summer Finance, which offers “institutional DeFi Vault infrastructure for everyone” has been hacked for approximately $6 million.
The sum was drained from its Lazy Summer USDC vault, managed by risk advisor Block Analitica. Summer Finance confirmed the exploit and has paused vaults while investigating the cause of the loss.
Read more: DeFi drama: ENS governance battle, EF cuts and Gnosis reboot
According to blockchain security auditor BlockSec, the loss was caused by a price manipulation attack. The hacker first “accumulated a large amount of deprecated vgUSDC, likely at negligible cost” before using the tokens to carry out a “share-price distortion” and withdrawing USDC from the vault.
The hack represents just over a quarter of Lazy Summer’s pre-exploit TVL, according to DeFiLlama data. The team has sent an on-chain message to the exploiter, requesting they get in touch.
A $2M slippage slip-up, and a $70B bullet dodged
Elsewhere, an unlucky user appears to have lost approximately $2 million when their trade was routed through an illiquid Uniswap v3 pool.
According to Decurity, which flagged the transaction, the majority of the back-running MEV bot ($1.8 million) was paid as a tip to TitanBuilder.
In better news, blockchain security firm Hexens disclosed a bug on Aptos on Sunday, which it estimates “put up to $70 billion at systemic risk.”
Read more: MEV bot JaredFromSubway.eth loses $7.5M to approvals honeypot
Highlighting the find, Polygon CTO Mudit Gupta called it “the worst kind of bug possible.” He explains that the “arbitrary state write bug” puts “most assets across all chain[s]” at risk.
Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
You must be logged in to post a comment Login