TLDR
- Ostium lost about $18M in USDC from its liquidity vault.
- The attacker used future-dated oracle reports to fake trading profits.
- Ostium paused all trading while its team investigates the exploit.
- Blockaid linked the attack to Ostium’s PriceUpKeep forwarder system.
- The exploit follows a wider wave of oracle attacks across DeFi.
Ostium paused trading after an attacker drained about $18 million in USDC from its liquidity vault on Arbitrum, using manipulated oracle reports to create fake trading profits.
Ostium Pauses Trading After $18M USDC Drain
Ostium, a decentralized perpetuals exchange on Arbitrum, suffered an oracle manipulation attack that removed about $18 million in USDC from its liquidity vault. Blockchain security firm Blockaid said the attacker used a registered PriceUpKeep forwarder linked to Ostium’s own price-reporting setup.
Source: X
The attacker submitted future-dated oracle reports that made losing positions appear profitable. Those false reports triggered a large payout from the protocol’s vault, creating one of the latest major DeFi losses tied to price-feed systems.
Ostium confirmed the issue in a post on X, stating, “We are aware of the issue with the OLP vault.” The team added,
“We have paused all trading. The team is investigating.”
Before the exploit, Ostium held about $63 million in total value locked. The $18 million loss represented close to one-third of the protocol’s listed liquidity at the time of the attack.
Oracle System Used Against the Protocol
Ostium allows users to trade real-world assets, including commodities, forex pairs, stock indices, and equities, with leverage of up to 200x. The protocol settles trades in USDC and depends on price feeds to execute positions.
The exchange uses a custom price-feed system, while Gelato helps push pricing data onchain when trade execution requires updates. PriceUpKeep sits at the center of that process by triggering the writing of updated price data to the blockchain.
Blockaid said the attacker exploited that structure by using authorized reports with manipulated timestamps. The false timing helped create artificial profits, which then allowed the attacker to drain funds from the vault.
The attack matches a broader pattern across DeFi, where hackers target oracle systems, keeper roles, and privileged automation tools. Similar weaknesses have appeared in other recent exploits, including a $6 million attack on Summer.fi last week.
DeFi Security Concerns Grow in 2026
The Ostium exploit comes during a difficult year for decentralized finance security. More than $840 million was stolen from DeFi protocols in the first five months of 2026, including large losses tied to KelpDAO and Drift Protocol.
Ostium had raised $27.8 million in total funding before the attack. Its backers included General Catalyst and Jump Crypto, which co-led a $24 million Series A round in late 2025.
Security experts have also warned that artificial intelligence tools may help attackers identify code weaknesses faster. ThreatLocker CEO Danny Jenkins said,
“AI is far better at reviewing code than most people and finding potential vulnerabilities in it.”
In a later update, Ostium said all trader funds and open positions are currently preserved as-is and frozen. The protocol also said funds in the trading storage contract remain paused while the team works with relevant security experts. Ostium said it will provide further updates as the investigation continues.






Be the first to comment