A vault connected to Summer.fi suffered an estimated $6 million loss after exposure to a failed DeFi lending market on Arbitrum, reigniting concerns about risks in automated yield strategies. The loss was not due to a direct exploit of Summer.fi or its vault smart contracts, but rather a cascade of failures that began with the Balancer V2 Composable Stable Pool exploit on November 3, which drained roughly $94.8 million from multiple pools.
The affected product was the Lazy Summer Arbitrum USDC Vault, which had allocated funds into Silo Finance’s Swaap Lend susdx 127 USDC market. The Balancer attack contributed to stress on Stables Labs’ USDX stablecoin, which lost its peg on November 6. This devaluation spread to the Silo lending market, where the vault’s position was held. However, Silo’s market continued to report inflated collateral values, creating a mismatch between the real economic value and on-chain pricing.
Because the loss was not immediately reflected, early withdrawers could exit the vault at overvalued prices, leaving the remaining depositors to absorb the shortfall when the true impairment became apparent. Summer.fi blocked new deposits into the vault on November 6 and took a user snapshot the same day. The team later began building recovery-monitoring contracts to reclaim any accessible liquidity from Silo.
The incident prompted a governance response: the Lazy Summer DAO passed proposal SIP2.39 on November 21 to remove the affected Silo market from its strategy set. The DAO is exploring emergency controls, a rebuilt Arbitrum strategy with no USDX exposure, enhanced risk disclosures, and possible compensation. Meanwhile, security firm Blockaid flagged the event as an active attack, noting the $6 million drain and underscoring the ongoing DeFi security challenges.
The Summer.fi-linked loss is a stark reminder that even when vault smart contracts function correctly, failures in external protocols—lending markets, oracle feeds, collateral assets—can silently propagate through yield stacks. It raises critical questions about risk monitoring, depeg detection, and whether vaults should halt withdrawals when underlying reported values become unreliable.