Copy
Trading Bots
Events
More

Ostium on Arbitrum hacked for $18M via oracle key leak

2026/07/15 23:27Browse 0

Ostium, a decentralized perpetual contract platform focused on real-world assets (RWA) on Arbitrum, suffered a security breach on July 15, 2026, resulting in a loss of approximately $18 million in USDC from its liquidity vault. The attack exploited a leaked oracle signer private key, allowing the hacker to manipulate price feeds and drain about 35% of the vault's funds.

Oracle Key Leak Enables Price Manipulation

According to blockchain security firms including Blockaid, the breach did not stem from a smart contract code vulnerability but from poor oracle key management. The attacker obtained the private key of an oracle signer, bypassing system validation to submit fraudulent price data. Using a registered PriceUpKeep forwarder, the hacker submitted authorized oracle reports with future dates to fabricate favorable asset prices.

The attacker opened a small long position on Bitcoin (BTC) with USDC, submitted a low-price report to enter, then a high-price report to exit, triggering the platform's maximum 900% profit cap. This cycle was repeated roughly 20 times through delegated actions, siphoning funds from the liquidity vault.

$18M Loss and Fund Diversion

On-chain data from Arbiscan shows the main liquidity vault lost between $11.86 million and $18 million in USDC, representing about 35% of Ostium's total vault size, which exceeded $34 million. The hacker has since converted some of the stolen funds into Ethereum (ETH) and distributed them across multiple wallet addresses to evade tracking.

Platform Background and Response

Ostium is a decentralized perpetual exchange specializing in non-crypto assets such as stocks, commodities, forex, and indices, with over 95% of its open interest in these assets. It uses oracle services like Stork Network. The platform has processed over $50 billion in cumulative trading volume and raised $27.8 million from top venture firms including General Catalyst, Jump Crypto, and Coinbase Ventures.

As of press time, the Ostium team is conducting a full investigation and has not released a formal post-mortem. They urge users to monitor official channels on X and Discord for withdrawal guidance and security updates. The incident underscores the critical importance of oracle key management and real-time monitoring in DeFi and RWA protocols.

Disclaimer: This page may contain third-party information and does not necessarily reflect BYDFi's views or opinions. This content is for general reference only and does not constitute any representation, warranty, financial advice, or investment advice. BYDFi is not responsible for any errors, omissions, or any results arising from the use of such information. Virtual asset investments involve risks. Please carefully evaluate the risks of the product and your risk tolerance based on your financial situation. For more information, please refer to our Terms of Use and Risk Disclosure.