TechFlow reports, July 8, according to official announcements, Summer.fi released a post-mortem stating that attackers on July 6 manipulated the share prices of two Lazy Summer USDC vaults by injecting Silo tokens with distorted valuations into decommissioned Arks that were still included in NAV, and extracted approximately $6.04 million in a single atomic transaction.
The project team stated that this incident was not due to private key leakage or admin privilege abuse, but rather because the decommissioning process was incomplete, causing the compromised Ark to still be included in valuation. Following the incident, the protocol has paused all vaults and set the deposit cap to 0, with the DAO subsequently deciding on unfreezing, handling the affected vaults, and whether to provide compensation.




