00:00
Money for You
Money for You
USD/RUB
EUR/RUB
Cryptocurrency

Ostium halts trading after $18M oracle exploit

A compromised oracle signer key allowed an attacker to drain nearly $18 million in USDC from the Ostium liquidity vault on Arbitrum. By submitting fraudulent, future-dated price reports, the perpetrator bypassed the protocol’s verification mechanisms to execute a series of artificial, risk-free trades that depleted 28% of the platform’s assets.

Ostium halts trading after $18M oracle exploit

The security firm Blockaid identified that the attacker utilized a registered PriceUpKeep forwarder to manipulate the decentralized perpetual exchange. Rather than targeting flaws within the smart contract code, the breach relied on high-level access to trusted data feeds. The actor performed roughly 20 trading loops, effectively shifting losses to the vault while extracting value under the guise of legitimate market activity. Records on Arbiscan confirm the drained amount fluctuates between $11.86 million and $18 million.

Ostium has suspended all trading operations while the team works with security experts to assess the state of frozen funds and open positions. The incident underscores a persistent vulnerability in decentralized finance: even projects backed by institutional investors like General Catalyst, Jump Crypto, and Coinbase Ventures remain susceptible when the infrastructure surrounding audited code is compromised. Despite multiple security audits, the project could not prevent the failure of its oracle authentication, a critical point of exposure that allowed the attacker to manipulate price inputs without triggering standard protocol safeguards.

Share

Comments (0)

Leave a comment

No comments yet. Be the first!