Copy
Trading Bots
Events
More

Ostium halts trading after $18M oracle key exploit

2026/07/16 04:32Browse 0

Blockchain security firm Blockaid has uncovered an exploit that drained up to $18 million USDC from Ostium's liquidity vault, forcing the decentralized trading protocol to halt all trading. The attack, which occurred on Arbitrum, was tied to a compromised oracle signer key that allowed the attacker to submit manipulated price reports.

How the exploit worked

According to Blockaid, the attacker gained control of an oracle signer private key, enabling them to bypass Ostium's verification process and submit future-dated price reports that favored their trades. Using a registered PriceUpKeep forwarder, the attacker repeatedly opened and closed positions through delegated actions, extracting profits without taking genuine market risk. The exploit triggered around 20 trading loops that steadily drained funds from Ostium's main vault.

On-chain records show the attacker withdrew between $11.86 million and $18 million USDC, equal to roughly 28% of the protocol's $63 million total value locked at the time of the incident. Instead of exploiting a flaw in smart contract code, the attacker abused trusted oracle infrastructure after obtaining a valid signer key. Blockaid noted that the manipulated oracle reports allowed favorable prices to pass protocol checks, making each trade appear legitimate while transferring losses to the liquidity vault.

Institutional backing and broader implications

Before the exploit, Ostium had raised about $27.8 million from investors including General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute and GSR. The incident occurred despite the project's institutional backing and multiple security audits, highlighting that infrastructure outside audited smart contracts can still become a critical point of failure.

The attack adds to a series of recent security incidents affecting crypto platforms. Earlier this month, Ctrl Wallet announced it would permanently shut down after a separate security exploit affecting some Cardano wallets. The company gave users until Aug. 3 to move their crypto assets before wallet functions are disabled.

Elsewhere in the Arbitrum ecosystem, Secret Network recently proposed migrating its SCRT token from Cosmos to Arbitrum, citing security concerns, weaker liquidity and aging code on its current network. The proposal includes a one-time Sept. 1 snapshot that would distribute a new ERC-20 SCRT token on Arbitrum to eligible native and staked SCRT holders.

The protocol has since paused trading while the investigation continues. Users have been advised to follow Ostium's official communication channels for updates on withdrawals and any further recovery measures. As projects continue expanding onto Arbitrum, the Ostium exploit demonstrates that securing oracle infrastructure remains as important as auditing smart contracts.

Disclaimer: This page may contain third-party information and does not necessarily reflect BYDFi's views or opinions. This content is for general reference only and does not constitute any representation, warranty, financial advice, or investment advice. BYDFi is not responsible for any errors, omissions, or any results arising from the use of such information. Virtual asset investments involve risks. Please carefully evaluate the risks of the product and your risk tolerance based on your financial situation. For more information, please refer to our Terms of Use and Risk Disclosure.