$6M Summer.fi DeFi Exploit Traced Back to Months-Long Preparation
A DeFi exploit on Summer.fi's Lazy Summer Protocol has drained two USDC vaults of $6.04 million. The attack was not a flash loan exploit, but rather months-long preparation by the attacker.
The protocol's report claims that the attacker spent three months accumulating assets to manipulate the protocol. This included funding multiple wallets and gradually accumulating stale-valued Silo vault tokens.
The exploit occurred on July 6 when the attacker manipulated the net asset value of two USDC vaults, artificially inflating their share price. The attacker then withdrew approximately $5.64 million from the Lower Risk USDC Vault and roughly $400,000 from the Higher Risk USDC Vault.




