Decrypt.Co
Ostium Exchange Halts Trading After $18M Oracle Exploit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Ostium, a decentralized perpetual trading exchange on Arbitrum, suspended trading after an attacker exploited its oracle system, draining approximately $18 million in USDC from its liquidity vault. The attacker manipulated price data using a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trading profits. Blockaid, a blockchain security firm, reported that the exploit involved no conventional smart contract vulnerabilities, instead leveraging trusted components in an unintended manner. At the time of the attack, Ostium had about $63 million in total value locked, meaning the exploit drained nearly one-third of its liquidity. Ostium confirmed the incident and is currently investigating the breach. This incident highlights ongoing vulnerabilities in DeFi protocols, particularly those relying heavily on external data sources. The attack is part of a broader trend, with over $840 million stolen from DeFi protocols in the first half of 2026 alone.
Key Points: • Ostium lost approximately $18 million due to an oracle exploit. • The attacker manipulated price data using legitimate protocol components. • The incident reflects ongoing vulnerabilities in DeFi systems relying on external data.