CoinDesk

Ostium suffers $18 million exploit as oracle attack wave continues to hit DeFi

Ostium suffers $18 million exploit as oracle attack wave continues to hit DeFi

A hacker used Ostium's own price-reporting infrastructure against the protocol, submitting falsified future-dated oracle data to manufacture fake trading profits and trigger an $18 million payout.

An attacker exploited a registered component of Ostium's price-feed automation system, submitting oracle reports with manipulated future timestamps to make losing trades appear profitable - triggering an $18 million USDC payout from the protocol's vault.

The attack follows a string of similar keeper and oracle exploits in DeFi, including a $6 million drain from Summer.fi last week, highlighting persistent vulnerabilities in the automated infrastructure protocols rely on to bring real-world price data onchain.

Ostium, a perpetuals exchange on Arbitrum focused on real-world assets like gold, forex, and equity indices, had raised $27.8 million in funding and processed over $50 billion in trading volume before the incident.

An attacker drained approximately $18 million in USDC from Ostium's liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, onchain data shows. According to Blockaid's alert, the attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium's automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable trades, which triggered an $18 million USDC payout from the vault.

How the exploit worked

Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade real-world assets including commodities, forex, and equity indices, with up to 200x leverage, settling in USDC. Ostium uses a custom price-feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices onchain at the right moments. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes the latest price data to the blockchain whenever a trade needs to be executed.

The attack is consistent with a pattern of oracle and keeper-system exploits seen across DeFi in recent years, the most recent of which saw $6 million drained from Summer.fi last week. The exploit involves attackers gaining access to privileged roles and manipulating the timing or content of price data to extract funds from liquidity pools.

Background on Ostium

Ostium had raised $27.8 million in total funding, including a $24 million Series A co-led by General Catalyst and Jump Crypto in late 2025, and had processed over $50 billion in cumulative trading volume.

Market context

CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

Why it matters: CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

Comments

No comments yet. Start the discussion.