What to know:
- Arbitrum RWA Protocol Ostium has lost close to $23.75 million following a compromised oracle permissions-based exploit that manipulated price reports.
- Attacker converted USDC to 12,084 ETH, with most of the funds being transferred through Tornado Cash to obfuscate the transactions.
- Ostium paused the platform’s trading activities within one hour after the exploit window, which lasted only for five minutes from 14:18 – 14:23 UTC.

The Arbitrum RWA Protocol Ostium suffered a major security breach after an attacker exploited compromised oracle permissions, resulting in losses of approximately $23.75 million. According to blockchain security companies, the manipulation of the price feed allowed the attacker to make false profits and withdraw funds from the protocol’s liquidity vault.
On July 15, 2026, blockchain security firm Blockaid discovered the hack. According to the report, the attack consisted of the use of PriceUpKeep Forwarder along with a future-dated authorized Oracle report. Later, PeckShield calculated the exact sum of funds withdrawn from the protocol, totaling nearly $24 million, following the flow of the entire chain of transactions.
Also Read | Bitcoin Price Targets $65,600 After CPI Rally as Bullish Momentum Builds
Compromised Oracle Permissions Enabled the Attack
Blockaid noted that the exploit was not caused by a vulnerability in Ostium’s core smart contracts. Instead, the attacker supposedly acquired access to the oracle signer key, enabling the authorization of the fraudulent oracle report with a future date. As the protocol accepted this manipulated information, it paid off the perpetual positions that supposedly showed profitability, leading to the withdrawal of funds from the Arbitrum RWA Protocol public OLP liquidity vault, even though there were no legitimate gains in the market.
Kaledora, Ostium founder, confirmed the exploit happened during the five minutes starting from 14:18 and ending at 14:23 UTC. The Ostium team managed to detect the unusual activity shortly after the hack and paused all trading contracts within one hour. Arbitrum RWA Protocol is now investigating the incident together with blockchain security specialists and relevant authorities, evaluating the impact on their users and the protocol itself.
Stolen Funds Routed Through Tornado Cash After Arbitrum RWA Protocol Exploit
Blockchain researchers identified the wallet used by the attacker. It was allegedly funded by 1 ETH each from ChangeNOW and Bybit before the exploit. After hacking the protocol’s liquidity vault, the attacker transferred the stolen USDC into about 12,084 ETH and routed the majority of the stolen funds through Tornado Cash, a cryptocurrency mixing protocol.
The exploit reveals the increasing threats that decentralized finance protocols relying on external oracle services face. Industry experts point out that although the audits of smart contracts are vital, compromised infrastructure around the price feed can result in significant losses. The exploit in the Arbitrum RWA Protocol is likely to trigger discussions about oracle security, multi-layer authentication, and real-time monitoring in further expansion of DeFi into the tokenized real-world asset market.
Also Read | BitMine Earns $45.7M From Ethereum Staking as Revenue Jumps Over 22X





Be the first to comment