Ostium on Arbitrum Hit by Oracle Exploit, About $18M USDC Drained

AI Market Summary
Ostium, a perpetuals platform on Arbitrum, suffered an oracle signing-key compromise that enabled fabricated price reports and drained about $18M USDC, forcing a trading halt and triggering roughly one-third liquidity outflows. The incident reinforces elevated DeFi exploit risk, adding near-term pressure to on-chain derivatives activity and liquidity conditions on Arbitrum. It also highlights persistent oracle and key-management vulnerabilities amid rising 2026 protocol losses.
Impact level
● Medium
Affected assets
ARB/USDT-3.08%
AI Insight · ARB/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
CoinDesk reports that Ostium, a decentralized perpetuals platform on Arbitrum, was hit by an oracle attack that drained roughly $18 million in USDC from the protocol's liquidity vault. Security firm Blockaid said the attacker forged price reports to manufacture profits and then withdrew funds. The incident centered on a compromised signing key: Blockaid said the attacker obtained control of the oracle's signing key and used a registered PriceUpKeep relayer to submit future-dated price reports carrying valid signatures, manipulating Ostium's price feed. As a result, the protocol calculated and paid out large amounts of USDC tied to profit positions that did not exist. Ostium said on X that the team detected an anomaly in the OLP treasury, paused all trading, and is investigating. About one-third of liquidity has flowed out. Ostium offers perpetual contracts linked to real-world assets including stocks, commodities, FX, and indices. At the time of the incident, total value locked was about $63 million, putting the loss at close to one-third of available liquidity. The outflowing asset was Circle's USDC. Trading remains suspended. DeFi security losses continue to climb. The report said DeFi protocols lost more than $840 million to thefts in the first five months of 2026, including about $292 million at KelpDAO and about $285 million at Drift Protocol. In June, Resolv Labs was also attacked for more than $25 million. Some researchers say AI tools are accelerating vulnerability discovery; in May, researchers using Anthropic's Claude Opus model identified a four-year-old forgery flaw in Zcash.