BTC $62,908.87 -1.36%
ETH $1,752.19 -2.17%
BNB $570.98 -2.05%
XRP $1.09 -3.79%
SOL $78.95 -3.50%
TRX $0.3298 +0.10%
DOGE $0.0727 -4.27%
ADA $0.1719 -6.29%
BCH $237.31 -1.62%
LINK $7.71 -3.32%
HYPE $67.86 -4.44%
AAVE $88.18 -4.76%
SUI $0.7163 -3.85%
XLM $0.1853 -6.56%
ZEC $476.45 +5.03%
BTC $62,908.87 -1.36%
ETH $1,752.19 -2.17%
BNB $570.98 -2.05%
XRP $1.09 -3.79%
SOL $78.95 -3.50%
TRX $0.3298 +0.10%
DOGE $0.0727 -4.27%
ADA $0.1719 -6.29%
BCH $237.31 -1.62%
LINK $7.71 -3.32%
HYPE $67.86 -4.44%
AAVE $88.18 -4.76%
SUI $0.7163 -3.85%
XLM $0.1853 -6.56%
ZEC $476.45 +5.03%

rac

All
Article
Flash

Summer.fi Lazy Summer attack is not a contract vulnerability, but rather an exploitation of the NAV mechanism

Summer.fi released an analysis report on the Lazy Summer Protocol USDC treasury attack incident. The attacker manipulated the prices of two USDC treasury shares in a single atomic transaction, extracting approximately $6.04 million of depositor funds. The core of the attack lies in the calculation method of the treasury's net asset value (NAV).The attacker donated tokens that still retained the old valuation to a Silo Ark that had been suspended after the incident in November 2025 but had not yet been completely removed, resulting in an inflated total asset value of approximately 9.5%, raising the share price, which was then redeemed at an inflated price and withdrawn from the treasury's actual liquidity. The report emphasizes that this attack was not due to a contract code vulnerability, but rather a missing link in the treasury's offline process—the deposit limit for that Ark had been set to zero, yet it was still counted in the NAV of active assets.The attacker premeditatedly accumulated the required tokens three months in advance through multiple wallets and transferred part of the profits via Tornado Cash. After the incident, Guardian Multisig has suspended all on-chain treasuries and set the deposit limit to zero. The Lazy Summer DAO will discuss compensation plans for affected users and the treasury restart plan in the coming days.

Kingsoft Cloud accelerates GPU computing power construction, securing a budget of 10 billion from Xiaomi and a long-term contract worth billions from Alibaba

According to reports from Jiemian News, Kingsoft Cloud will accelerate the construction of GPU computing clusters in the second half of the year to meet the explosive growth in computing power demand from major clients. Among them, Xiaomi's demand for Kingsoft Cloud's GPU computing power has upgraded from a ten-thousand-card cluster, with the related budget significantly increasing from nearly 4 billion yuan to over 10 billion yuan. In addition, Alibaba's large model team has signed a 5-year computing power leasing contract with Kingsoft Cloud, involving more than 3,000 eight-card GPU servers. Based on the contracted price, the annualized revenue after full delivery will exceed 4 billion yuan.To meet the surging customer demand, Kingsoft Cloud's capital expenditure plan for 2026 has been raised to 15 billion yuan, with an annual revenue target of 12.5 billion to 13.5 billion yuan. It is reported that due to tight upstream supply, Kingsoft Cloud is currently only accepting long-term contracts from clients for 3 to 5 years, and some orders are facing delivery delays. Due to concerns about the risk of impairment of high-level card assets, Kingsoft Cloud is currently pausing aggressive hardware expansion, anticipating that the prices of computing hardware may reach a turning point for decline in the third quarter of this year.
app_icon
ChainCatcher Building the Web3 world with innovations.