The roughly $6.04 million drained from Lazy Summer Protocol’s USDC vaults on July 6 was not the result of a coding bug or a stolen key, according to a confirmed post-mortem. It was a delayed act of contagion, made possible by tokens that November’s Stream Finance collapse had left mispriced on the blockchain for eight months.
A confirmed exploit, powered by a ghost
The incident saw an attacker extract about $6.04 million from two vaults on Ethereum in a single atomic transaction — roughly $5.64 million from the lower-risk USDC vault and $0.40 million from the higher-risk one. The Lazy Summer Foundation and Summer.fi, the protocol’s front end, have since published a detailed post-mortem whose on-chain analysis was independently reproduced by multiple contributors against the transaction trace and contract source.
The mechanism was net-asset-value manipulation. Lazy Summer’s automated vaults derive their share price from the total value reported by a set of underlying strategy adapters called “Arks.” Crucially, an Ark credits any tokens transferred directly into it at its own valuation.
The attacker exploited that by donating a badly overvalued token into an Ark that was still counted in the vault’s price—inflating the vault’s reported value by about 9.5% with nothing real behind it—then redeeming their shares at the inflated price, with the payout assembled from the vault’s genuinely liquid assets, meaning other depositors’ capital. The protocol’s own contracts, the post-mortem stresses, were verified and behaved exactly as written. The failure was not in the code but in a process: an impaired market had been left priced into the vault while it awaited removal.
The Stream Finance thread
The over-valued token at the center of it all is where the story reaches back in time. The asset the attacker donated was a Silo “Varlamore USDC Growth” vault token, and those tokens had been carrying a stale on-chain value ever since the November 2025 collapse of Stream Finance. That failure, triggered by a $93 million loss disclosed by an external fund manager, crashed Stream’s xUSD token by 77% and exposed an estimated $285 million in interconnected debt across protocols including Euler, Silo, and Morpho.
In the wreckage, certain Silo market tokens tied to that ecosystem were left reporting a value that was never marked down to reflect reality, even as interest kept accruing on stranded USDC.
That stale valuation was the load-bearing condition for the entire exploit. Because the tokens still registered near their original worth while being worth a fraction of it, an attacker who accumulated them held an asset the vault’s accounting would drastically overvalue.
The post-mortem describes an operation planned at least three months in advance, with wallets funded through a common path in early April and used over subsequent weeks to build the stale-token position across multiple addresses to obscure the buildup. This was deliberate and patient, not opportunistic—the flash loan that supplied roughly $65 million of stablecoin liquidity for the final transaction was merely the trigger on a weapon assembled over months.
The specific gap the attacker slipped through is a subtle but instructive one. The compromised Ark had already had its deposit cap set to zero as part of an offboarding process meant to retire it after the 2025 turmoil. But zeroing the cap only blocks new inflows; it does not remove the Ark from the set of markets counted in the vault’s price. That left the impaired, manipulable market still influencing the share price during the window between deactivation and full removal—the exposure the post-mortem identifies as the true root cause.
Response, recovery, and the lesson
The protocol’s emergency machinery worked as designed, even if it could not undo an attack that completed in one transaction. The incident marked the first live-exploit use of Lazy Summer’s Guardian Module, a narrowly scoped, community-controlled multisig that can only pause vaults, zero deposit caps, and cancel risky governance proposals—it cannot move user funds.
Working from the security alerts, the Guardians paused every vault across Ethereum, Base, Arbitrum, and Sonic as a precaution, while Block Analitica froze deposits and the incident-response collective SEAL 911 was engaged to trace the funds. The Foundation later swept the stale donated tokens out of the affected vault to stop them from distorting the displayed price. The response was swift and, per the post-mortem notes, prevented copycat attacks on other vaults—but it came after the damage was done.
Recovery now looks difficult. The attacker swapped the proceeds into DAI and routed a portion through Tornado Cash, the on-chain mixer, a move the team reads as signaling limited intent to return the funds and one that breaks direct tracing. The protocol has published the attacker’s addresses so exchanges can flag associated activity. Roughly $4 million in depositor capital remains outstanding in the vaults, much of it now illiquid, and how or whether affected users are made whole is now a matter for Lazy Summer’s DAO, which must vote on unpausing the vaults, returning the remaining capital, and whether to exclude the exploiter’s shares from any settlement.
Compensation, the postmortem is clear, is an undecided governance question. The protocol’s SUMR token traded near $0.00193 in the aftermath, down about 5.3%.
The broader lesson transcends one protocol. The exploit is a reminder that in composable DeFi, a collapse is never fully over: the mispriced debris it leaves behind can sit dormant on-chain for months, waiting for someone patient enough to turn it into a weapon. The fix Lazy Summer points to is procedural—never leave an impaired market priced into a vault longer than necessary—but the deeper exposure is systemic, and it belongs to every protocol still carrying the ghosts of last year’s failures on its books.
Also Read: ATM Token Exploit Drains $243K Through Hidden Swap Loophole
