Ostium DEX hit with $18M oracle exploit on Arbitrum

The tl;dr
Ostium, a decentralized perpetuals exchange on Arbitrum, halted trading after a hacker exploited its price oracle to drain roughly $18 million. The attacker compromised an oracle signer key and submitted falsified price data to generate fake trading profits, then converted the stolen funds to Ethereum and dispersed them across multiple wallets.
Markets in this story
30-day · delayedKey points
- An attacker compromised Ostium's oracle signer key, which is a critical component that validates price feeds used for trading decisions
- The hacker submitted future-dated, falsified oracle data to artificially inflate their trading positions and trigger a fraudulent $18 million payout from the protocol
- Ostium immediately paused trading and instructed users to revoke contract approvals as a precautionary measure to prevent further exploitation
- The attacker converted the stolen USDC stablecoin into Ethereum and dispersed it across multiple wallets to obscure the trail
- The exploit highlights ongoing security risks in decentralized finance, where price oracle manipulation remains a common attack vector
By the numbers
Ostium, an Arbitrum-based decentralized exchange for perpetuals trading, ground to a halt after an attacker successfully exploited a vulnerability in its price-reporting system. By compromising an oracle signer key, the hacker was able to submit false price data that manipulated how the protocol valued assets, allowing them to generate fake trading profits and extract roughly $18 million from Ostium’s liquidity vault.
The attack unfolded through a manipulation of Ostium’s oracle infrastructure, which normally serves as the reliable source of truth for market prices across the platform. Instead of reflecting real prices, the attacker fed future-dated price information that made losing positions appear profitable, triggering the protocol to pay out funds that should never have left the system. Once successful, they immediately began converting the proceeds from USDC into Ethereum and moving it across multiple wallets to obscure its origin.
Ostium responded quickly by shutting down all trading and asking users to revoke their contract approvals as a precautionary measure. Security firms are investigating the incident further, though losses are confirmed at approximately $18 million. This marks another chapter in a recurring pattern: DeFi protocols remain vulnerable to attacks that target the oracles they depend on, which makes securing these price-reporting systems a critical but challenging task.
Oracle attacks are a recurring vulnerability in DeFi platforms that can drain millions in minutes, and users of similar protocols need to understand these risks when depositing funds.
Read the full story
We summarised these sources. Click through to read them in full.
Topics
- ostium
- oracle exploit
- defi
- arbitrum
- blockchain security
This summary is AI-generated from the sources above and may contain errors, so always verify with the original reporting. It's general information only, not financial, investment, or trading advice, and not a recommendation to buy or sell anything. Markets carry risk; do your own research. See our full disclaimer.


