Summer.fi's $6M Vault Exploit Is a Playbook for Donation-Based Share Manipulation
A three-month-old attacker wallet used a $65M flash loan and a donation to a strategy adapter pending removal to skew vault share pricing, draining $6.04M from two Lazy Summer USDC vaults before guardians could react.
Key Takeaways
- Attackers used a ~$65.4M flash loan to donate overvalued Silo "Varlamore" tokens into a Summer.fi strategy adapter (Ark) that was capped but still active, inflating reported vault assets by roughly 9.5% without adding real liquidity.
- They then redeemed shares at the inflated price, extracting $6.04M — $5.64M from the LazyVault_LowerRisk_USDC vault and $0.40M from LazyVault_HigherRisk_USDC — in a single atomic transaction.
- The attacker had pre-positioned funds roughly three months earlier, in April 2026, and accumulated the Silo tokens gradually — this was planned, not opportunistic.
- Summer.fi's 6-of-8 guardian multisig can only pause vaults and zero out deposit caps, not claw back funds; full response took over five hours from detection to a full pause across chains.
On 6 July 2026, Blockaid flagged an active exploit against Summer.fi's Lazy Summer Protocol at 05:36 UTC — roughly 19 minutes after the attack transaction executed. By the time guardians had paused every vault across Ethereum, Base, Arbitrum, and Sonic, an attacker had already extracted $6.04M from two USDC vaults. Summer.fi published a post-mortem the same day; independent reporting from The Block and crypto.news corroborates the core mechanics.
How the exploit worked
Lazy Summer's vaults are coordinated by a FleetCommander contract, which allocates deposited capital across multiple Ark strategy adapters — each Ark connecting the vault to an underlying lending or yield protocol. One of those Arks pointed at a Silo "Varlamore USDC Growth" vault that was capped and pending removal, but still counted toward FleetCommander's totalAssets() calculation.
Using a flash loan of roughly $65.4M, the attacker first deposited USDC into the vault at an honest share price (~1.0665). They then transferred overvalued Silo Varlamore tokens directly into the pending Ark — a donation, not a deposit through normal accounting paths — which inflated the Ark's reported assets by about 9.5% without adding any withdrawable liquidity. FleetCommander's share price recalculated against this inflated total, and the attacker redeemed at the new price (~1.1678), pulling out $70.9M against a $64.8M deposit. The $6M difference was paid from other depositors' liquid capital sitting in buffers and functioning Arks, then converted to DAI and moved off-chain, complicated by mixer use.
Why the guardian response was slow relative to the exploit
The attack itself was a single atomic transaction — there was no window to intervene mid-exploit. What took time was containment afterward: deposit caps on the affected vaults were zeroed at 06:42 UTC, Ethereum vaults were paused as the critical priority at 10:25 UTC, and Base, Arbitrum, and Sonic vaults followed. That is roughly five hours from detection to full multi-chain containment. Summer.fi's guardian multisig (6-of-8) is deliberately scoped to pause and cap functions only — it cannot move user funds, which limits blast radius from a compromised or coerced guardian but also means it cannot claw back a completed exploit.
What this means for teams running vault aggregators
The root cause is a familiar class of bug dressed in new packaging: an asset-accounting function trusting a value that could be manipulated by an unprivileged actor within a single transaction. What made this instance notable is the vector — not a price-oracle spot manipulation, but a direct token donation into an adapter that was already flagged for removal yet still contributed to totalAssets(). Any protocol that aggregates multiple sub-strategies behind a shared share price should treat "pending removal" or "capped" components as still fully adversarial until they are actually excluded from accounting, and should validate that deposits/donations into strategy adapters can't move share price within the same transaction they're redeemed against.
The three-month pre-positioning is also worth noting operationally: on-chain monitoring that only watches for anomalous transaction patterns at execution time will miss an attacker who patiently accumulates a legitimate-looking position well in advance.
What's still unresolved
As of the post-mortem, vaults remain paused pending a governance decision on unpause strategy, and Lazy Summer DAO governance will separately decide whether to exclude the attacker's shares from any snapshot and how — or whether — depositors are compensated. Fund recovery is ongoing with security firms and SEAL 911 but complicated by mixer use.
FAQ
Frequently Asked Questions
What caused the Summer.fi (Lazy Summer Protocol) exploit?
An attacker used a ~$65.4M flash loan and donated overvalued Silo "Varlamore USDC Growth" tokens into a Summer.fi Ark strategy adapter that was capped but still counted in the FleetCommander vault's total-assets calculation, inflating the share price by about 9.5% before redeeming at the inflated rate.
How much was stolen and from which vaults?
Roughly $6.04M in total: about $5.64M from the LazyVault_LowerRisk_USDC vault and $0.40M from LazyVault_HigherRisk_USDC, extracted in a single atomic transaction on 6 July 2026.
Can Summer.fi's guardians recover the stolen funds?
No. The 6-of-8 guardian multisig can only pause vaults and zero deposit caps — it has no ability to move user funds or reverse the transaction. Recovery now depends on off-chain tracing with security firms, complicated by the attacker's use of a mixer.