Loading prices…
🩸BEARISH

Ostium oracle exploit drains $18M from Arbitrum RWA protocol

The attacker weaponized a registered forwarder and future-dated oracle reports to mint artificial trading profits, draining the OLP Vault before the team froze trading.

Ostium, a real-world-asset perpetual trading protocol on Arbitrum, lost roughly $18 million in USDC after an attacker exploited its oracle update flow, according to security firm Blockaid.

The attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to manufacture artificial trading profits, triggering the $18M payout from the protocol's OLP Vault. Blockaid disclosed the exploit transaction and the attacker address; the incident is still under investigation. Ostium acknowledged the issue, paused all trading, and said it is investigating the vault.

Why it matters

Ostium runs perps on equities, commodities, and forex, so its oracle layer is the trust boundary between TradFi price feeds and onchain collateral. Bypassing it with future-dated reports does not require a private key or a contract bug in the usual sense; the attacker stayed inside authorized roles and still drained the vault. That is the failure mode institutional underwriters will flag first.

Market impact

The protocol had raised about $27.8M from General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute, and GSR, so the loss is a material share of the treasury it brought to mainnet. A confirmed oracle-level exploit on an RWA venue also ripples across the broader RWA-perps category, where pricing integrity is the entire pitch. Watch for a post-mortem, treasury coverage, and whether OLP Vault depositors are made whole from team funds or through a governance vote.

Related tokens
$USDC

Frequently asked questions

  1. What happened in the Ostium exploit?

    An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trading profits, draining roughly $18M in USDC from the OLP Vault on Arbitrum. Ostium paused all trading while investigating.

  2. Who detected the Ostium exploit?

    Security firm Blockaid said it detected the exploit, disclosed the exploit transaction, and published the attacker address. Ostium acknowledged the issue and paused trading pending investigation.

  3. How did the attacker drain the vault without a private key?

    The attacker stayed inside authorized roles, using a registered PriceUpKeep forwarder and future-dated oracle reports to manufacture profitable trades that the vault honored as legitimate.

  4. What is Ostium and how much has it raised?

    Ostium is a real-world-asset perpetual trading protocol on Arbitrum offering perps on equities, commodities, and forex. It has raised about $27.8M from General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute, and GSR.

  5. What happens next for OLP Vault depositors?

    Ostium paused trading and is investigating. Whether depositors are made whole from team funds, the treasury, or a governance vote will depend on the post-mortem, which the team has not yet published.

Source attribution
Aggregated from WuBlockchain · Verified · Last refreshed 1h ago
Open original →