Wu learned that Summer fi released a post-mortem report on the attack on the Lazy Summer Protocol USDC Vault, stating that the attacker exploited a flaw in the net asset value (NAV) calculation mechanism of two Ethereum USDC Vaults on July 6. In a single atomic transaction, they manipulated the share price through a flash loan, stealing approximately $6.04 million in assets. Among them, the LowerRisk USDC Vault lost about $5.64 million, and the HigherRisk USDC Vault lost about $400k. The report stated that the issue was not a contract code vulnerability or a private key leak, but rather the injection of overvalued assets into the Ark strategy, which had been discontinued but still counted toward the NAV, causing an artificial increase in vault share prices and enabling arbitrage. After the incident, the protocol paused all Vaults and set the deposit limit to zero. The team is collaborating with SEAL 911, Blockaid, CertiK, PeckShield, Cyvers, and others to trace the flow of funds. The compensation plan will be determined by the Lazy Summer DAO governance.

USDC0.01%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned