Ostium suffers $18 million exploit as oracle attack wave continues to hit DeFi
A hacker used Ostium’s own price-reporting infrastructure against the protocol, submitting falsified future-dated oracle data to manufacture fake trading profits and trigger an $18 million payout.
Make preferred on
Share this article
Summary
- An attacker exploited a registered component of Ostium’s price-feed automation system, submitting oracle reports with manipulated future timestamps to make losing trades appear profitable — triggering an $18 million USDC payout from the protocol’s vault.
- The attack follows a string of similar keeper and oracle exploits in DeFi, including a $6 million drain from Summer.fi last week, highlighting persistent vulnerabilities in the automated infrastructure protocols rely on to bring real-world price data onchain.
- Ostium, a perpetuals exchange on Arbitrum focused on real-world assets like gold, forex, and equity indices, had raised $27.8 million in funding and processed over $50 billion in trading volume before the incident.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.
CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.
Why it matters:
CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

