On July 6, blockchain security firm Blockaid flagged an active exploit targeting Summer.fi, with approximately $6 million in DAI drained from the platform’s contracts on Ethereum.

What the on-chain data shows

Blockaid identified three affected contracts on Ethereum: 0x98C49e13bf99D7CAd8069faa2A370933EC9EcF17, 0xA9ca4909700505585B1aD2a1579dA3b670FFA9c4, and 0xE9cDA459bED6dcfb8AC61CD8cE08E2D52370cB06.

The exploiter’s address, 0x7BF716167B48CF527725722C6d79494b45B3BDCa, and an example transaction hash, 0x0db528c44f23fc7fa4544684a2fab81096450a14aae8bc89f42cd0592d43da12, were both published, giving independent researchers an immediate starting point to trace fund flows.

Summer.fi had not issued a comprehensive public response at the time Blockaid published its findings.