Ostium Pauses Trading After $18M Exploit – Here Is Why DeFi Security Is Back in Focus

7 hours ago 12
  • Ostium has halted trading after an attacker drained approximately $18 million in USDC from its OLP vault on Arbitrum.
  • Security researchers say the exploit involved manipulated oracle reports that generated artificial trading profits.
  • The stolen funds are already being converted into Ethereum and distributed across multiple wallets.

Onchain perpetuals exchange Ostium has suspended trading after suffering an exploit that drained roughly $18 million in USDC from its OLP vault on the Arbitrum network.

Blockchain security firm Blockaid identified the attack and said the exploiter used a combination of a registered PriceUpKeep forwarder and future-dated authorized oracle reports to generate artificial trading profits before triggering a massive payout from the protocol’s vault.

Following the incident, Ostium confirmed it had paused all trading while its team investigates the exploit.

Oracle Manipulation Led to the Attack

According to Blockaid’s preliminary analysis, the attacker was able to exploit the protocol’s pricing infrastructure rather than directly compromising user wallets.

By leveraging future-dated oracle reports, the attacker allegedly created artificial profits that allowed approximately $18 million in USDC to be withdrawn from the OLP vault.

The exact technical details remain under investigation, but early findings suggest the exploit targeted the protocol’s oracle and trade settlement mechanisms rather than a vulnerability in the Arbitrum blockchain itself.

Stolen Funds Are Already Moving

Blockchain data reviewed by security researchers shows the attacker has already begun laundering portions of the stolen funds.

According to onchain activity, significant amounts of the stolen USDC have been swapped into Ethereum (ETH) through Kyber Network before being distributed across multiple wallets.

Moving assets through decentralized exchanges and splitting funds among multiple addresses is a common tactic used by attackers to make tracing and recovery more difficult.

Ostium Had Recently Expanded Its Business

The exploit comes only weeks after Ostium announced a partnership with Nasdaq to support equity perpetual products using licensed market data.

At the time, the exchange said it had surpassed $50 billion in cumulative trading volume, highlighting its rapid growth within the decentralized derivatives market.

Founded by Harvard alumni Kaledora Kiernan-Linn and Marco Antonio Ribeiro, Ostium has raised approximately $27.8 million in funding. Its investors include General Catalyst, Jump Crypto, LocalGlobe, Susquehanna, and Alliance DAO.

DeFi Security Remains a Major Challenge

The latest exploit serves as another reminder that decentralized finance protocols remain attractive targets for sophisticated attackers, particularly those exploiting oracle systems and smart contract logic.

While Ostium investigates the incident and works toward a resolution, traders will be watching closely for further updates regarding the stolen funds, any potential recovery efforts, and whether affected users or liquidity providers will be compensated.

Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.

Read Entire Article