DeFi protocol Summer.fi shuts down forever: $6 million hack proves fatal
The DeFi ecosystem Summer.fi has announced a complete shutdown following a catastrophic hack in which attackers drained $6.04 million from the Lazy Summer protocol. This event was the last straw for the project, which had been operating since 2019.
On July 6, hackers attacked two protocol pools on Ethereum, manipulating the price of shares in USDC vaults. Nearly 5.64 million USDC was stolen from the LazyVault_LowerRisk_USDC pool, and another approximately 0.4 million USDC from LazyVault_HigherRisk_USDC. The attack was devastating because these pools held a significant portion of the development team's own funds, leaving them unable to recover the assets.
Reasons for closure: a blow to reserves and the overall DeFi downturn
In its statement, the Summer.fi team explained that the decision to close was made after a thorough analysis of all alternatives. In addition to the July hack, the project was negatively impacted by the overall downturn in the DeFi sector, exacerbated by the Stream Finance incident in October 2025. The developers acknowledged that stopping the project was "the only way out, albeit a very difficult one."
It is important to note that Summer.fi was not an isolated case. In June 2025, the Radiant Capital protocol shut down after a $50 million theft, and in February of the same year, Step Finance ceased to exist due to a treasury hack. These examples clearly demonstrate the vulnerability of DeFi protocols, which, despite their innovation, often lack sufficient reserves to recover from serious attacks.
Next steps and fund withdrawals
Despite the closure, the Summer.fi team and Lazy Summer DAO are working on restoring the withdrawal and redemption process for affected users. The application will remain accessible until August 31 to allow all holders to complete their operations. Once the process is finished, full access to the pools will be reopened through the Summer.fi interface.
My analysis: This story is yet another stark reminder that in the world of DeFi, even mature projects can be destroyed by a single successful attack. The lack of insurance reserves and reliance on the team's own funds make protocols extremely fragile. Investors should view such incidents not as coincidences but as systemic risks requiring diversification and thorough protocol security checks.