Ostium Suspends Trading After Oracle Manipulation Drains Up to $18M

AI Market Summary
Ostium halted trading on Arbitrum after an oracle/keeper manipulation reportedly drained ~$12M–$18M USDC from its liquidity vault, a material hit versus ~$63M TVL. The incident reinforces persistent DeFi infrastructure risk around trusted price delivery mechanisms, especially for real-world-asset perpetuals, and may weigh on risk appetite toward Arbitrum-based derivatives venues and similar oracle-dependent protocols until loss accounting and remediation are clarified.
Impact level
● Medium
Affected assets
BTC/USDT+0.73%
AI Insight · BTC/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Ostium, an Arbitrum-based perpetuals exchange focused on real-world asset markets, halted all trading on Wednesday after an attacker exploited its oracle workflow and drained as much as $18 million in USDC from the protocol's liquidity vault. Blockaid, an on-chain security firm, said the attacker "used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault." Blockaid published the exploit transaction and the attacker's address on Arbitrum. The transaction referenced, 0x359f8c05...d4870e0, is visible on-chain. Ostium has raised about $27.8 million from investors including General Catalyst and Jump Crypto. Estimates of the loss vary. Blockaid put the payout at about $18 million, while independent on-chain observers suggested a smaller figure, with some estimates near $11.86 million. Ostium has not released its own accounting. The protocol had roughly $63.3 million in total value locked shortly before the incident, according to DefiLlama data, making even the lower estimate a significant hit relative to vault balances. The incident adds to a string of DeFi attacks targeting automated "keeper" systems and oracle mechanisms used to move real-world prices on-chain. Summer.fi reported a loss of about $6.04 million from share-price manipulation on July 6. In April 2025, KiloEx lost roughly $7.5 million across three chains after an attacker impersonated a trusted keeper to feed false prices, a structure Blockaid said resembled the setup exploited at Ostium. Ostium acknowledged the issue and paused markets. "We are aware of the issue with the OLP vault. We have paused all trading. The team is investigating," the protocol posted on X. Ostium allows users to trade perpetual contracts on assets including gold, oil, equity indices and FX directly from a crypto wallet, settling in USDC on Arbitrum, a Layer 2 network. The protocol says its OLP vault has supported more than $33 billion in cumulative trading volume across 50-plus markets. Blockaid said the exploited component sat within a trust boundary Ostium had instructed security researchers to treat as safe. Ostium's bug bounty scope states that all registered keepers, including PriceUpKeep, "and their forwarders are assumed to be trusted and operating correctly," and that reports requiring a compromised or malicious keeper are out of scope. The attack mechanics and the top-end loss figure reflect Blockaid's findings and have not been independently reconciled. Blockaid's write-up references a "registered forwarder" and "future-dated authorized oracle reports" but does not state that a private key was compromised, though some accounts have described the incident that way. Ostium has not explained how the attacker obtained the ability to submit the reports and has not published an official loss figure.