Security firm Blockaid has detected an ongoing exploit targeting Summer Finance, with roughly $6 million drained at the time the alert was published. Cointelegraph flagged the detection at 06:40 UTC on July 6, 2026, and described the attack as still in progress. That framing matters: unlike most exploit coverage, which arrives after the damage is done, this one landed while funds were still moving.
The $6 million figure is a floor, not a final tally. Live exploits often escalate as attackers iterate on the same vulnerability across contracts or chains, and loss estimates published mid-incident have a habit of growing. Summer Finance had not published an official statement at the time of writing, and neither Blockaid nor Cointelegraph had identified the specific contract or attack method in the initial alert.
An Attack Caught Mid-Flight
Blockaid runs onchain threat detection for some of the largest consumer platforms in crypto, including wallets such as MetaMask, and its monitoring systems watch for anomalous contract interactions in real time. That is how this incident surfaced: not through a post-mortem, but through automated detection while the drain was underway.
Mid-incident alerts put affected users in an unusual position. There is a window, sometimes minutes, sometimes hours, in which withdrawing funds or revoking contract approvals can make the difference between losing a position and keeping it. The standard playbook applies here: users with deposits in Summer Finance vaults should check the protocol's official channels for guidance, consider withdrawing to a wallet they control, and review token approvals granted to the protocol's contracts.
The counterweight is that acting on incomplete information carries its own risk. Phishing crews reliably exploit incidents like this one, spinning up fake "emergency withdrawal" sites within hours of a real exploit alert. Any link promising to help users rescue funds from Summer Finance should be treated as hostile unless it comes from the protocol's verified accounts.
Summer Finance Carries a Long DeFi Pedigree
Summer Finance is not an anonymous fork. The project grew out of Oasis.app, the original front end for MakerDAO's vault system, and rebranded to Summer.fi before launching the Lazy Summer Protocol, a set of automated yield vaults that rebalance user deposits across lending markets. Its lineage runs through some of the oldest infrastructure in Ethereum DeFi.
That history cuts both ways. Established protocols tend to have audited contracts and experienced teams, but they also accumulate years of deployed code, admin functions, and integrations, each one a potential entry point. Recent months have followed this pattern: the Conduit incident in April drained roughly $6.6 million through a compromised admin account, and Wasabi Protocol lost about $5 million the same month after a deployer key was compromised. Mature codebases have not translated into immunity.
Markets Shrugged, Depositors Should Not
The broader market showed no reaction to the alert. ETH traded at $1,768 as of July 6, up 0.3% over 24 hours, with the Fear and Greed index sitting at 27. A $6 million drain is not a systemic event, and traders have learned to price protocol-level incidents as isolated unless contagion appears.
For depositors, the calculus is different. Yield vaults concentrate smart contract risk by design: users hand over funds to automated strategies precisely so they do not have to monitor positions themselves. That convenience means most affected users learn about an exploit from a headline rather than from their own dashboards. Incidents like this one are the recurring argument for keeping spending balances and long-term holdings in wallets you control rather than parked in yield strategies indefinitely.
The next 24 to 48 hours should bring clarity: a statement from the Summer Finance team, a technical breakdown from Blockaid or independent researchers, and a firmer loss figure. Until then, the confirmed facts are narrow. An exploit was live as of early July 6, roughly $6 million was gone, and the attack had not been declared contained.
Overview
Blockaid detected an ongoing exploit on Summer Finance on July 6, 2026, with approximately $6 million drained when Cointelegraph published the alert at 06:40 UTC. The attack was still active at the time, so the final loss may be higher. Summer Finance, the protocol formerly known as Oasis.app, had not issued a statement at the time of writing, and the attack vector had not been identified publicly. Users with funds in the protocol should watch official channels, be wary of fake rescue sites, and consider reviewing their exposure and token approvals. Markets were unmoved, with ETH at $1,768 and sentiment in Fear territory at 27.



