
How a $65M Loan With No Collateral Drained a Protocol for $6M in One Transaction
On July 6, 2026, DeFi protocol Summer Finance lost $6 million after an attacker used a $65.4 million flash loan to distort how the protocol's vault valued its assets, redeeming $70.9 million — of which $6 million was never recovered, The Block reports.
What a flash loan actually is: a loan with no collateral, for any amount, that must be repaid within the same blockchain transaction it was taken in. If it isn't repaid, the entire transaction simply reverts, as if it never happened, and the attacker loses nothing but gas fees. That's exactly why anyone can attempt this kind of scheme without owning millions of dollars themselves, news.bitcoin.com explains.
In Summer Finance's case, the attacker borrowed $65.4 million, deposited it into the protocol, exploited a bug in the Fleet Commander contract's asset-pricing logic to redeem more than was deposited, then repaid the loan within the same transaction, keeping the difference, CryptoTimes notes. The protocol team paused all vaults while a fix is completed.
What this means in practice: attacks like this keep happening across DeFi — industry-wide losses from exploits have already topped $840 million in 2026 — and it isn't a rare one-off, it's a systemic risk for any protocol that reads asset price data from within the same block a trade executes in.
This article is for informational purposes only and does not constitute investment advice.

Author
Mike RobinsonNews feed editor
I'm constantly writing about crypto, Bitcoin, and altcoins. I cover a variety of topics related to the virtual currency market.
Comments (0)
No comments yet — be the first!
Related news

More Than a Year After Trump's Order, the US Bitcoin Reserve Still Isn't Running — Treasury and Commerce Can't Agree Who's in Charge

Dogecoin Is Being Prepped for Smart Contracts — via Tech the Meme Coin Never Had
