Ostium, a decentralized perpetuals exchange on Arbitrum, lost nearly $18 million USDC today after attackers compromised an oracle signer key and manipulated prices. The root cause was a compromised oracle signer private key, allowing the attacker to bypass verification checks and submit favorable future prices. They executed around 20 looped trades through delegated actions, instantly profiting at the protocol’s expense without genuine market exposure.
Exploit Details
Security firm Blockaid first flagged the incident on July 15, 2026. The attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to generate artificial trading profits. This triggered repeated open-and-close loops that drained funds from Ostium’s main liquidity vault. On-chain data shows roughly $11.86M-$18M USDC extracted from the vault, representing about 32-35% of its ~$34M TVL at the time of the attack.
Background and Impact
Ostium is a leading decentralized perpetuals exchange focused on real-world assets, built on Arbitrum. The protocol had raised approximately $27.8 million from top-tier investors including General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute, and GSR. Despite strong institutional support and multiple audits, the incident exposes persistent risks in oracle-dependent RWA infrastructure. The exploit is under active investigation, and users should monitor official channels for withdrawal guidance and security updates
Based on reporting from crypto.news.



