HomeEverythingEducationTV
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Ostium exploited for $18 million in USDC via oracle manipulation

Created at 15 Jul · 3:36 PM1 source↑ Market-relevant
IN SHORT

Decentralized exchange Ostium lost approximately $18 million in USDC due to an oracle manipulation exploit. The attacker manipulated future timestamps in price reports, triggering fraudulent profitable trades and draining the protocol's liquidity vault.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

$18 millionUSDC drained from Ostium's vault
$6 millionUSDC drained from Summer.fi in a prior exploit
$27.8 millionTotal funding raised by Ostium
$50 billionCumulative trading volume processed by Ostium
200xMaximum leverage offered by Ostium

Who's Involved

Ostium
Decentralized perpetuals exchange on Arbitrum
Blockaid
Blockchain security firm that detected the exploit
Gelato
Third-party automation network used by Ostium
Summer.fi
DeFi protocol previously exploited for $6 million
Ostium exploited for $18 million in USDC via oracle manipulation

↳ Why This Matters

This exploit underscores persistent security vulnerabilities in DeFi's reliance on oracles and automation systems, leading to significant financial losses and eroding trust in protocols that manage real-world assets.

Key facts

  • Ostium lost approximately $18 million in USDC due to an oracle manipulation exploit.
  • The attacker manipulated future timestamps in price reports submitted by Ostium's automation system.
  • This created the appearance of profitable trades, triggering the payout from the protocol's vault.
  • Ostium is a decentralized perpetuals exchange on Arbitrum focused on real-world assets.
  • The exploit follows a recent $6 million drain from Summer.fi due to similar vulnerabilities.

An attacker has drained approximately $18 million in USDC from the liquidity vault of Ostium, a decentralized perpetuals exchange operating on the Arbitrum network. The exploit, detected by blockchain security firm Blockaid, involved manipulating oracle price reports with future-dated timestamps. This manipulation created the illusion of profitable trades, which then triggered the large USDC payout from Ostium's vault.

Ostium specializes in enabling users to trade real-world assets like gold, forex, and equity indices with up to 200x leverage, settling trades in USDC. The protocol utilizes a custom price-feed system, with the automation network Gelato responsible for pushing real-world asset prices on-chain. A smart contract named PriceUpKeep acts as the trigger for updating price data during trade executions.

This incident is the latest in a series of similar exploits targeting oracle and keeper systems within decentralized finance. Last week, Summer.fi suffered a $6 million drain due to comparable vulnerabilities. These attacks highlight ongoing security challenges in the automated infrastructure that DeFi protocols depend on for integrating real-world data.

Prior to this exploit, Ostium had successfully raised $27.8 million in total funding, including a $24 million Series A round in late 2025. The platform had also processed over $50 billion in cumulative trading volume.

Frequently asked questions

Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade real-world assets with high leverage, settling in USDC.

The attacker manipulated future timestamps in oracle price reports, making fake trades appear profitable and triggering a large payout from the protocol's vault.

It's a type of attack where hackers manipulate the price data provided by oracles (which feed real-world data to blockchains) to profit unfairly.

Yes, similar exploits targeting oracle and keeper systems have occurred recently, including a $6 million drain from Summer.fi last week.

What Happens Next

01Ostium is expected to provide further details on the exploit and its remediation efforts.
02The broader DeFi community will likely reassess security protocols for oracles and automation networks.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

An attacker exploited Ostium's price-feed automation system.
The attacker submitted oracle reports with manipulated future timestamps.
This triggered an $18 million USDC payout from Ostium's vault.
The exploit is part of a continuing wave of oracle and keeper system hacks in DeFi.
Summer.fi was drained of $6 million in a similar exploit last week.

Sources

T1
Ostium suffers $18 million exploit as oracle attack wave continues to hit DeFiCoinDesk

Related Stories

Avalanche RWA Value Surges 60% to $2.1B, Entering Top 5 Tokenization Networks
14 Jul · 9:16 PM
US Freezes $131M in Iran-Linked Crypto Amid Middle East Tensions
15 Jul · 3:26 AM
Open USD poses biggest threat yet to Circle's USDC, CoinShares says
15 Jul · 2:11 PM
Aave V4 Launches on Avalanche, Targeting Tokenized Real-World Assets
15 Jul · 4:16 PM
Crypto Surges on Cooler Inflation Data; Fed Chair Warsh Cautions Optimism
15 Jul · 12:31 PM