Ostium loses $18 million in Oracle exploit as DeFi attack wave continues


Set as Google's preferred sourceFollow on Google News

TLDR

  • Ostium lost about $18 million in USDC from its liquidity vault.
  • The attacker used future-dated Oracle reports to fake trading profits.
  • Ostium has temporarily suspended all trading while its team investigates the exploit.
  • Blockaid linked the attack to Ostium’s PriceUpKeep freight forwarder system.
  • This exploit follows a broader wave of oracle attacks across DeFi.

Ostium temporarily halted trading after an attacker drained approximately $18 million in USDC from its liquidity vault at Arbitrum, using manipulated oracle reports to generate fake trading profits.

Ostium has temporarily halted trading after draining $18 million worth of USDC

Ostium, a decentralized permanent exchange on Arbitrum, suffer An oracle tampering attack removed approximately $18 million from the USD liquidity treasury. Blockchain security firm Blockaid said the attacker used a registered PriceUpKeep forwarder linked to Ostium’s price reporting.

image
source: X

The attacker provided oracle reports with a future date that made losing positions appear profitable. These false reports led to a large payout from the protocol vault, resulting in one of the latest major DeFi losses associated with price-feeding systems.

Ostium confirmed the issue in a post on X, saying: “We are aware of the issue with the OLP vault.” The team added

“We have temporarily suspended all trading operations. The team is investigating.”

Prior to this exploit, Ostium had a total value of approximately $63 million. The $18 million loss represented nearly a third of the liquidity listed in the protocol at the time of the attack.

Oracle system is used against the protocol

Ostium allows users to trade real-world assets, including commodities, forex pairs, stock indices and stocks, with leverage of up to 200x. The protocol settles trades in USDC and relies on price feeds to execute positions.


I was


The exchange uses a custom price-feeding system, while Gelato helps push pricing data on-chain when trade execution requires updates. PriceUpKeep is at the heart of this process by incentivizing the writing of updated price data to the blockchain.

The siege said Attacker exploitation This structure uses approved reports with manipulated timestamps. The wrong timing helped generate artificial profits, allowing the attacker to drain money from the treasury.

The attack matches a broader pattern across DeFi, with hackers targeting oracle systems, custodian roles, and distinct automation tools. Similar vulnerabilities have appeared in other recent exploits, including a $6 million attack on Summer.fi last week.

Security concerns grow about DeFi in 2026

Ostium exploited This comes during a difficult year for decentralized financial security. More than $840 million was stolen from DeFi protocols in the first five months of 2026, including significant losses linked to KelpDAO and Drift Protocol.

Ostium had raised $27.8 million in total funding before the attack. Its backers included General Catalyst and Jump Crypto, which co-led a $24 million Series A round in late 2025.

Security experts have also warned that AI tools may help attackers identify vulnerabilities in code faster. Danny Jenkins, CEO of ThreatLocker, said:

“AI is much better at reviewing code than most people and finding potential vulnerabilities in it.”

In a later update, Ostium He said All traders’ funds and open positions are currently kept intact and frozen. The protocol also stated that the funds in the trading storage contract remain temporarily suspended while the team works with relevant security experts. Ostium said it will provide further updates as the investigation continues.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *