Ostium halts trading after $18M exploit via oracle manipulation
A decentralized perpetuals exchange focused on real-world assets lost millions after an attacker submitted fraudulent future-dated oracle reports on Arbitrum
Ostium, the decentralized perpetuals exchange that lets traders go long on S&P futures and gold with up to 200x leverage, just learned the hard way that custom oracle systems are only as strong as their weakest keeper contract. An attacker drained roughly $18 million in USDC from the protocol’s liquidity vault on July 15 by manipulating Ostium’s price-feed infrastructure on Arbitrum.
Trading was halted immediately.
How the exploit worked
The attack targeted Ostium’s PriceUpKeep forwarder, the component responsible for pushing oracle price updates on-chain. Instead of submitting legitimate market data, the attacker injected fraudulent future-dated reports into the system.
Those fake price feeds allowed the attacker to open and close positions at artificial prices, extracting value directly from Ostium’s USDC liquidity vault. The vault is the pool where liquidity providers deposit funds that serve as the counterparty for all trades on the platform.
Blockchain security firm Blockaid confirmed the incident shortly after detection. According to their analysis, the attacker moved quickly post-theft, converting a portion of the stolen USDC into ETH through the Kyber Network and then dispersing the funds across multiple wallets.
A well-funded protocol caught off guard
Ostium had raised $27.8 million in total funding, including a $24 million Series A round in December 2025 led by General Catalyst and Jump Crypto.
The protocol had also racked up over $50 billion in cumulative trading volume. It had even established a partnership with Nasdaq for equity perpetuals data, positioning itself as a bridge between traditional financial markets and DeFi infrastructure.
Ostium offered leverage of up to 200x on assets like US equities, gold, and forex pairs, all settling in USDC.
A growing pattern in DeFi exploits
The Ostium hack doesn’t exist in a vacuum. Just the prior week, Summer.fi suffered a $6 million drain through a similar oracle and keeper exploit.
For Ostium specifically, the immediate question is whether affected liquidity providers will be made whole. The protocol’s $27.8 million in funding provides some financial cushion, but an $18 million loss represents a massive chunk of that runway. The team hasn’t yet announced a compensation plan.