Ostium loses $18 million in oracle attack that gamed its own price-feed infrastructure

Share This Post

An attacker drained approximately $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, onchain data shows.

According to Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium’s automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable trades, which triggered an $18 million USDC payout from the vault.

Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade real-world assets including commodities, forex, and equity indices, with up to 200x leverage, settling in USDC.

Ostium uses a custom price-feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices onchain at the right moments. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes the latest price data to the blockchain whenever a trade needs to be executed.

Related Posts

AMLA Warns Customer Migration Could Strain Compliance at Licensed CASPs

Mass user migration following the end of the Markets...

Is Robinhood Chain’s Success Bullish or Bearish for ETH?

Robinhood Chain’s explosive launch this month has reignited one...

Bitcoin Gets Second Inflation Boost as US PPI Sparks Three-Week Highs

Bitcoin (BTC) saw three-week highs on Wednesday as US...

The privacy paradox of protecting kids online

In Utah, which passed State-Endorsed Digital Identity (SEDI) legislation,...