Summer Finance Loses $6M in Flash Loan Attack Despite Detection
Summer Finance Loses $6M in Flash Loan Attack Despite Detection
🚨 Flash loan heist

Summer Finance suffered a $6M exploit through flash loan manipulation on July 6, 2026.
Attack mechanics:
- Attacker borrowed $65.4M via flash loan
- Manipulated liquidity pools to extract profit
- Forta Firewall detected the attack in real-time
Key limitation: While Firewall flagged the attack, it could only block execution on Firewall-protected chains. Summer Finance's chain lacked this protection layer.
This incident follows a pattern of flash loan exploits in recent weeks, including attacks on Edel Finance ($400K) and DLMC Token ($226K).
$1.58M gone from Aragon DAO's $TOP token 🚨 The attacker exploited lopsided governance permissions to auto-execute a mint and dump in a single block. Forta Firewall caught it as it happened 🪝
Two exploits flagged today 🚨 $99K drained from #ONTR on Ethereum via an uninitialized owner vulnerability, and $85.5K from #Legendary MON NFT on BSC. Forta Firewall caught both in real time 👇
~$400K lost on @edeldotfinance to an oracle manipulation attack 🚨 The price source read share value straight from an ERC4626 vault with no TWAP or donation protection, so the attacker donated assets via direct transfer to inflate the price, then drained the pool. Forta flagged
.@summerfinance_ was hit for ~$6M 🚨 The attacker used a ~$65.4M flash loan to manipulate liquidity and walked away with the profit. Firewall flagged it. On Firewall-protected chains, attacks like this are blocked before they ever execute. 👇
$226K drained from DLMC Token on BNB Chain via a flash loan oracle manipulation 🚨 The attacker inflated the USDT reserve to push price ~250x, abused the referral bonus to mint near-free tokens, then dumped them at the peak before repaying the loan. Firewall flagged this one.
$1.11M drained from the $LABUBU pool on BNB Chain 🚨 Fee-on-transfer mechanic abused to skew reserves and drain the pool via skim() loops. Forta Firewall flagged it in real time. Chains running Firewall have the signal to act before the damage is done.
$30M drained from identity protocol @Humanityprot 🚨 A compromised private key gave the attacker admin access, they upgraded the contract, minted 100M $H tokens and swapped them for $BNB and $ETH. Forta Firewall flagged it in real time. Chains running Firewall see it coming 🚔
$110K exploit on @ambient_finance 🚨 A logic error in surplus collateral accounting let an attacker drain 83.72 ETH via a flash loan and 14 cycled swap operations. Forta Firewall flagged the transaction in real time. Chains running Firewall see it coming 👀
$2.1M exploit on @ThetanutsFi, a division truncation bug enabled unlimited free minting once the vault's totalSupply hit near-zero 🚨 A whitehat stepped in and rescued ~$2M. Forta Firewall caught it.
BNB Chain Pool Exploited for $198K via Burn-Based Price Defense Manipulation

**Attack Details** An attacker drained approximately $198,000 from the BFB/WBNB liquidity pool on BNB Chain by exploiting a burn-based price defense mechanism. **How It Worked** - The attacker used zero-value self-transfers to manipulate the system - This caused the BFB reserve to collapse - Once depleted, minimal amounts (dust) could be swapped for the pool's entire WBNB holdings **Detection** Forta Firewall successfully flagged the suspicious activity in real-time. **Pattern Recognition** This follows a similar attack on June 22, where $1.11M was drained from the LABUBU pool using a different but related exploit involving fee-on-transfer mechanics.
IoTeX Bridge Loses $8M in 90 Minutes Through Compromised Private Key

**IoTeX Bridge Exploit: $8M Drained** The @iotex_io Bridge suffered a major security breach on February 28, 2026, losing $4.3M initially and escalating to $8M within 90 minutes. The attack was executed through a single compromised private key. **Key Details:** - Attack vector: Compromised private key - Timeline: $4.3M → $8M in 90 minutes - Detection: Forta Firewall caught the attacker's mainnet movements in real-time **Recent Context:** Just two days earlier, a @FOOMCASH lottery-contract exploit put $1.8M at risk. Forta Firewall flagged the attack in real-time and successfully blocked it on Firewall-enabled chains. This incident highlights the ongoing security challenges in cross-chain infrastructure and the critical importance of private key management in blockchain systems. Real-time detection systems like Forta Firewall are proving essential for identifying threats, though prevention remains dependent on proper security practices. Learn more about Forta Firewall: [Introducing Forta Firewall](https://forta.org/blog/introducing-forta-firewall/)
Forta Firewall Featured in Messari's State of AI Report
**AI-powered blockchain security gains recognition** as Forta Firewall appears in Messari's latest State of AI report. The inclusion highlights how **artificial intelligence is becoming integral** to onchain security infrastructure. Forta's AI-driven transaction screening technology represents the evolution of blockchain defense mechanisms. - AI-powered attackers require AI-powered defenders - Real-time transaction screening at scale - Growing integration across multiple blockchain networks With **290M+ transactions already screened**, Forta Firewall demonstrates practical AI implementation in blockchain security, moving beyond theoretical applications to active threat detection.
🚨 Yearn Finance Loses $9M

**Yearn Finance suffered a $9M exploit** on mainnet through a sophisticated price manipulation attack. **How the attack worked:** - Attacker drained liquidity pools - Broke pricing mechanisms - Minted cheap yETH tokens - Sold them for regular ETH at inflated prices **Detection vs Prevention:** Forta Firewall **flagged the exploit in real time** but couldn't stop it. The attack happened so fast that only real-time detection was possible. **Key insight:** Pre-execution screening could have **prevented this attack entirely** rather than just detecting it after the damage was done. This follows a pattern of recent price manipulation exploits, including attacks on DRLVaultV3 (~$100K) and RWB (~$180K), highlighting the critical need for **proactive security measures** in DeFi protocols.