On Monday, July 6, the DeFi protocol Summer Finance was hit by a sophisticated flash loan and price manipulation attack, resulting in an estimated loss of $6 million.
Key Takeaways
On Monday, July 6, 2026, an attacker used a $65.4 million flash loan to steal $6 million from Summer Finance.The attack pushed total DeFi ecosystem losses past $840 million in 2026, keeping the space on high alert.Protocol guardians paused all Lazy Summer Protocol vaults while the core dev team completes a full patch.“We are aware of the reported exploit a little earlier today and are investigating the root cause. The protocol guardians are currently pausing all Vaults across the Lazy Summer Protocol. We will provide more updates as we have them.”
By exploiting a vulnerability in the Fleet Commander contract’s asset accounting logic, the attacker artificially skewed how the system calculated token value. After depositing roughly $64.8 million into the manipulated ecosystem, the actor executed an arbitrage maneuver to redeem $70.9 million in assets.
Experts also advised participants to verify all communications exclusively through official project channels to avoid phishing attacks, and to consider moving digital assets out of online “hot” wallets into offline cold storage until the core development teams patch the underlying protocols.




















