2,000,000% APY Trap: $6 Million Drained in Ethereu
#World Cup Predictions: 100,000 USDT Daily #BTC Prophet: 20-Day 380 Million HTX Challenge #BTC Prophet: 20-Day 380 Million HTX Challenge 2,000,000% APY Trap: $6 Million Drained in Ethereum DeFi ExploitOn Monday morning, major multichain protocol Summer.fi, formerly Oasis.app, was hit by a sophisticated hacker attack. The attacker managed to drain the project's automated vaults and withdraw about $6 million in $DAI stablecoins. The incident was quickly detected by leading security firms Blockaid, PeckShield and CertiK.
The 2,000,000% trap
This hack stood out because of its abnormal mechanics. The hacker used a massive flash loan worth $65.4 million to artificially distort liquidity inside the "LazyVault_LowerRisk_$USDC" pool. This vault had been positioned by developers as a lower-risk instrument, while its security was overseen by Block Analitica.
At the moment of the manipulation, the pool's algorithms suffered a critical failure, causing the displayed yield, or APY, of the conservative vault to briefly jump to an absurd 2,080,000%. It was through this window of distorted pricing that the hacker was able to instantly withdraw user funds.
#PeckShieldAlert Main affected vault: @summerfinance_ LazyVault_LowerRisk_$USDC (LVUSDC), risk-managed by @BlockAnalitica.
LVUSDC’s displayed APY briefly spiked to ~2.08M%.
The largest current holder is 0x8741e8f...4130, which appears to be associated with Torben Jorgensen… pic.twitter.com/jscIC554Ee
— PeckShieldAlert (@PeckShieldAlert) July 6, 2026
For Summer.fi, this incident continued a series of problems inside its multichain infrastructure, which spans Ethereum, Base and Arbitrum. Over the past year alone, the protocol had already faced frozen withdrawals because of the USDX stablecoin depeg, narrowly avoided an attack through the rsETH project, and blocked a malicious governance proposal at the last moment after it exploited old access permissions.
Todos los comentarios0Lo más recientePopular