Ostium Vault Suffers $18 Million Exploit on Arbitrum via Oracle Attack - Coin Edition

Ostium Vault Suffers $18 Million Exploit on Arbitrum via Oracle Attack

Last Updated:
Ostium Vault Suffers $18 Million Exploit on Arbitrum via Oracle Attack
  • Blockaid detected an Ostium exploit involving future-dated oracle price reports.
  • The attacker used Ostium’s PriceUpKeep forwarder to trigger artificial trading profits.
  • Approximately $18 million USDC was drained from the protocol’s liquidity vault.

Ostium, a decentralized perpetual exchange on Arbitrum, experienced a major security breach that resulted in the loss of approximately $18 million USDC. Blockchain security firm Blockaid flagged the incident on 15 July 2026, stating that a registered component of Ostium’s price-feed automation system was exploited.

According to Blockaid, the attack leveraged the PriceUpKeep forwarder, a smart contract used to update oracle price data on-chain when trades are executed. The attacker submitted reports with future-dated timestamps, which artificially created the appearance of profitable trades and triggered the substantial payout from the vault.

Ostium’s Price-Feed System Exploited

Ostium allows trading of real-world assets, including commodities, forex, and equity indices, with leverage up to 200x, settling trades in USDC. The platform relies on a custom price-feed system. Gelato, a third-party automation provider, posts asset prices on-chain at scheduled intervals, while the PriceUpKeep smart contract triggers updates for trade execution.

The attacker used this infrastructure to manipulate the timing and content of price data. Blockaid noted that such exploits are consistent with a pattern of oracle and keeper-system attacks across DeFi, with similar events affecting platforms like Summer.fi, which lost $6.1 million last week.

On-Chain Impact and Protocol Overview

On-chain data shows that the attacker successfully drained approximately $18 million USDC from Ostium’s liquidity vault. The platform has processed over $50 billion in cumulative trading volume since its launch. Ostium had raised $27.8 million in total funding, including a $24 million Series A co-led by General Catalyst and Jump Crypto in late 2025.

Ostium enables users to trade tokenized derivatives and perpetual contracts on Arbitrum. According to Blockaid, the exploit highlights vulnerabilities in automated oracle systems that rely on future-dated reports or privileged roles. 

Investors are advised to monitor official updates from Ostium and Blockaid for verified information regarding recovery measures and asset management.

Related: Top countries that updated virtual asset regulations shaping crypto in 2026

Blockaid’s Report and Industry Context

Blockaid’s alert underlined that the incident involved the misuse of Ostium’s registered PriceUpKeep forwarder. The manipulated oracle reports created false profitable trade signals, allowing the attacker to trigger the payout.

The event is the latest in a series of DeFi oracle attacks, emphasizing the ongoing risk associated with decentralized price-feed mechanisms.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.