Blockaid Flags Active Exploit on Summer.fi After Roughly $6M in DAI Drained
AI Market Summary
Blockaid reported an active exploit on Summer.fi, with roughly $6M in DAI drained from multiple Ethereum contracts. The incident raises near-term counterparty and smart-contract risk concerns for DeFi automation and vault-routing platforms, where complexity amplifies attack surface across integrated protocols. Absent a detailed response from Summer.fi, risk-off positioning may extend to adjacent DeFi venues and Ethereum-based yield strategies.
Impact level
● Medium
Affected assets
ETH/USDT+0.20%
AI Insight · ETH/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Blockchain security firm Blockaid reported an active exploit targeting Summer.fi on July 6, saying onchain activity shows about $6 million in DAI was drained from the platform's Ethereum contracts.
Blockaid pointed to three impacted contracts: 0x98C49e13bf99D7CAd8069faa2A370933EC9EcF17, 0xA9ca4909700505585B1aD2a1579dA3b670FFA9c4, and 0xE9cDA459bED6dcfb8AC61CD8cE08E2D52370cB06. It also published the suspected exploiter's address, 0x7BF716167B48CF527725722C6d79494b45B3BDCa, along with an example transaction hash, 0x0db528c44f23fc7fa4544684a2fab81096450a14aae8bc89f42cd0592d43da12, giving independent analysts immediate leads to trace the flow of funds.
At the time of Blockaid's disclosure, Summer.fi had not released a full public statement.
Summer.fi traces its roots to Oasis.app, launched in 2019 as a MakerDAO-focused interface for managing DAI borrowing and vault functions. The project rebranded to Summer.fi around 2023 and broadened support beyond MakerDAO to other DeFi protocols including Aave and Morpho. In early 2026, it shifted toward the Lazy Summer Protocol, positioning itself as an AI-powered automated yield-optimization layer built around a noncustodial, permissionless vault model aimed at institutional-grade yield infrastructure.
No major prior exploits involving Summer.fi appear in available records, making this incident a first for its security history.
Blockaid said its detection system surfaced the incident in real time, identifying the affected contracts, the exploiter wallet and an example transaction onchain. The firm has previously flagged exploits across multiple DeFi protocols and is viewed by many market participants as a reliable early-warning signal.
For DeFi investors, the episode underscores the compounded smart-contract risk in platforms that automatically route user capital across multiple protocols. Each protocol in the routing path can become an attack surface, and added automation complexity tends to widen that surface.