Loading prices…
🩸BEARISH

Ostium Exploited for $18M in Arbitrum Oracle Attack

The attacker used Ostium's own Gelato-run price automation against it, forging future-dated oracle reads to extract an $18M USDC payout. It is the second major oracle hit in a week.

Ostium Exploited for $18M in Arbitrum Oracle Attack
Ostium Exploited for $18M in Arbitrum Oracle Attack
Ostium Exploited for $18M in Arbitrum Oracle Attack
Ostium Exploited for $18M in Arbitrum Oracle Attack

An attacker drained approximately $18 million in USDC from Ostium's liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, according to onchain data. The attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium's automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports made losing positions look profitable, which triggered the $18 million USDC payout from the vault.

Ostium is a decentralized perpetuals exchange on Arbitrum that lets users trade real-world assets including commodities, forex, and equity indices with up to 200x leverage, settling in USDC. The protocol runs a custom price-feed system to track those offchain prices, with third-party automation network Gelato responsible for pushing the latest prints onchain at the right moments. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes price data whenever a trade needs to execute. The attacker compromised that pipeline, not an outside price feed.

Why it matters

The exploit follows a string of oracle and keeper-system attacks across DeFi, most recently a $6 million drain from Summer.fi last week using a similar pattern of gaining access to privileged roles and manipulating the timing or content of price data to extract funds from liquidity pools. The repeat pattern is the story: keeper networks and automated price infrastructure remain a soft underbelly, and protocols that rely on them to bring real-world asset prices onchain inherit that risk.

Market impact

Ostium had raised $27.8 million in total funding, including a $24 million Series A co-led by General Catalyst and Jump Crypto in late 2025, and had processed more than $50 billion in cumulative trading volume. An $18 million loss is a material chunk of that war chest for a protocol in a still-nascent RWA perps vertical, and the incident lands as centralized venues reported record RWA perpetual volumes of $311 billion in June, a contrast that highlights how onchain RWA perps remain a higher-trust surface than the centralized alternative.

Related tokens
$USDC

Frequently asked questions

  1. How did the attacker drain $18M from Ostium?

    The attacker used a registered PriceUpKeep forwarder, part of Ostium's Gelato-run price automation on Arbitrum, to submit oracle price reports with future-dated timestamps. The manipulated reads made losing trades appear profitable and triggered an $18 million USDC payout from the protocol's vault.

  2. What is Ostium and what does it trade?

    Ostium is a decentralized perpetuals exchange on Arbitrum that lets users trade real-world assets including commodities, forex, and equity indices with up to 200x leverage, settling in USDC.

  3. Who flagged the Ostium exploit?

    Blockchain security firm Blockaid detected the exploit and published the alert, with the onchain drain confirmed by onchain data.

  4. How does this compare to the Summer.fi exploit?

    The Summer.fi attack last week drained $6 million using a similar pattern of gaining access to privileged roles and manipulating the timing or content of price data to extract funds from liquidity pools.

  5. How much had Ostium raised before the exploit?

    Ostium had raised $27.8 million in total funding, including a $24 million Series A co-led by General Catalyst and Jump Crypto in late 2025, and had processed more than $50 billion in cumulative trading volume.

Source attribution
Aggregated from CoinDesk · Verified · Last refreshed 1h ago
Open original →