Ostium, the Arbitrum‑based decentralized perpetuals exchange, suffered a $18 million USDC drain after an attacker exploited its oracle system, as identified by blockchain security firm Blockaid.
Attack Mechanics
The intruder leveraged a registered PriceUpKeep forwarder, a component of Ostium’s automated pricing framework, to submit oracle reports stamped with future dates. These falsified entries created the illusion of profitable trades, prompting the liquidity vault to release $18 million USDC to the attacker.
Ostium’s custom price‑feed relies on Gelato’s automation network, which pushes price data on‑chain when trades are executed. The PriceUpKeep contract acts as the trigger that records the latest price, and its compromised use allowed the malicious actor to manipulate the timing of price updates.
DeFi Exploit Landscape
This incident mirrors a series of recent oracle and keeper‑system breaches across the crypto sector, including a $6 million USDC theft from Summer.fi just last week. Attackers typically gain privileged access to manipulate price data, extracting funds from liquidity pools by skewing market information.
Such exploits underscore the persistent vulnerability of decentralized finance protocols that depend on external price feeds and automated keepers, prompting heightened scrutiny from investors and security auditors.
Ostium’s Market Position and Funding
Offering traders up to 200× leverage on real‑world assets such as commodities, forex, and equity indices, Ostium settles all positions in USDC on the Arbitrum blockchain. The platform has attracted $27.8 million in total funding, reflecting strong investor confidence despite recent security setbacks.
Moving forward, Ostium and its backers are expected to reinforce oracle resilience and reassess keeper permissions to protect the broader crypto market from similar attacks.
