Ostium loses $18 million in oracle attack that gamed its own price-feed infrastructure

Share This Post

An attacker drained approximately $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, onchain data shows.

According to Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium’s automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable trades, which triggered an $18 million USDC payout from the vault.

Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade real-world assets including commodities, forex, and equity indices, with up to 200x leverage, settling in USDC.

Ostium uses a custom price-feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices onchain at the right moments. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes the latest price data to the blockchain whenever a trade needs to be executed.

Related Posts

US Senator Blasts AG Nominee for ‘Dismantling’ DOJ Crypto Unit, Trump’s CZ Pardon

Acting US Attorney General Todd Blanche faced backlash Wednesday...

Ostium Pauses Trading After Apparent Oracle Exploit Targets OLP Vault

Decentralized trading protocol Ostium paused trading Wednesday after blockchain...

Cantor and Securitize collaborate on blockchain-based IPOs

Investment giant Cantor Fitzgerald and cryptocurrency-focused broker-dealer Securitize (SECZ),...

AMLA Warns Customer Migration Could Strain Compliance at Licensed CASPs

Mass user migration following the end of the Markets...

Is Robinhood Chain’s Success Bullish or Bearish for ETH?

Robinhood Chain’s explosive launch this month has reignited one...