Summer Finance has become the latest decentralized finance protocol to suffer a major security incident. So far, $6 million has been drained in the ongoing exploit, according to blockchain security firm Blockaid.
However, the project has yet to release an official statement.
Pseudonymous crypto trader Crypto Jargon said the attacker borrowed the funds through a flash loan, manipulated liquidity across Curve’s DAI/USDC pools and Morpho, extracted about $6 million in profit, and repaid the loan within the same transaction. The trader said that flash loan attacks remain difficult to prevent and explained,
“The attacker doesn’t need to own the money they’re manipulating with; they borrow $65M for a few seconds, temporarily distort a price or liquidity ratio, extract the difference, and return the loan before the transaction even finalizes. If any single step reverts, the whole thing undoes itself, so they only ever risk gas fees.”
Phylax Systems founder Odysseas Lamtzidis also shared a technical analysis, suggesting that the exploit was caused by flaws in Summer Finance’s same-transaction vault accounting and liquidity assumptions, rather than compromised keys or abuse of admin privileges. He added that the attacker used an unverified contract to orchestrate the exploit, while the vulnerable protocol components themselves were verified.
The incident comes amid a sharp rise in attacks targeting DeFi protocols this year. According to crypto market tracker CryptoRank, the sector has recorded 121 DeFi hacks in 2026, which resulted in almost $942 million in losses.
Most of this year’s attacks happened in the second quarter, when hackers carried out 85 exploits and stole around $775 million. CryptoRank found that DeFi’s total value locked (TVL) has declined every month this year after falling from about $115 billion in January to $70 billion by late June as investor confidence weakened.
While Q2 recorded the highest number of exploits, the firm said most losses stemmed from two major attacks in April. Drift Protocol and KelpDAO together lost about $590 million, which represented more than half of all DeFi losses this year.
TRM Labs and Chainalysis linked both attacks to North Korea-backed hacking groups. Their investigations found that the attackers used social engineering, compromised infrastructure, and manipulated cross-chain verification systems to carry out the large-scale thefts.
The post 📌 推荐交易所
欧意 | Binance | Bybit | Bitget | Gate.io
小靓分析:
🦊 小靓解读
Summer Finance 遭闪电贷流动性操纵攻击,损失 600 万美元,攻击者利用 Curve 和 Morpho 的流动性池进行瞬时价格扭曲套利,再次暴露 DeFi 跨池依赖中的漏洞。
📊 市场影响
短期可能引发对 Curve 池和 Morpho 协议安全性的重新评估,相关代币如 CRV 和 MORPHO 面临抛压;但影响范围有限,不会引发系统性风险。
💡 操作建议
建议避开近期被攻击协议的相关代币,避免追高;同时关注 Curve 和 Morpho 官方后续是否发布补偿方案,可考虑在恐慌情绪释放后轻仓布局。
风险提示:
该资讯来源于公开渠道,仅供参考。Traceless 无痕智盈平台不对此信息准确性做任何保证。