{"id":21659,"date":"2026-07-15T20:43:14","date_gmt":"2026-07-15T20:43:14","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/07\/15\/blockaid-uncovers-18m-exploit-that-forces-ostium-trading-halt\/"},"modified":"2026-07-15T20:43:14","modified_gmt":"2026-07-15T20:43:14","slug":"blockaid-uncovers-18m-exploit-that-forces-ostium-trading-halt","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/07\/15\/blockaid-uncovers-18m-exploit-that-forces-ostium-trading-halt\/","title":{"rendered":"Blockaid uncovers $18M exploit that forces Ostium trading halt"},"content":{"rendered":"<p> <br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/media.crypto.news\/2023\/10\/crypto-news-Platypus-regains-90-of-funds-from-exploit02.webp\" \/><\/p>\n<div>\n<p class=\"is-style-lead\">Ostium has halted trading after an exploit tied to a compromised oracle signer key drained nearly $18 million USDC from its liquidity vault, according to blockchain security firm Blockaid.<\/p>\n<div id=\"cn-block-summary-block_e9b5a5f3a5dab2664e7cbecb4ddc209c\" class=\"cn-block-summary\">\n<p>\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/p>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Blockaid linked Ostium\u2019s $18 million exploit to a compromised oracle signer key.<\/li>\n<li>The attacker drained up to 28% of the protocol\u2019s $63 million liquidity vault.<\/li>\n<li>Ostium halted trading as investigators probe the oracle-based attack.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Blockaid reported that the attacker gained control of an oracle signer private key, allowing them to bypass the protocol\u2019s verification process and submit future-dated price reports that favored their trades. Using a registered PriceUpKeep forwarder, the attacker repeatedly opened and closed positions through delegated actions, extracting profits without taking genuine market risk.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 Blockaid detected an <a rel=\"nofollow\" href=\"https:\/\/x.com\/Ostium?ref_src=twsrc%5Etfw\">@Ostium<\/a> Vault exploit on Arbitrum.<\/p>\n<p>An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault.<br \/>More details in \ud83e\uddf5<\/p>\n<p>\u2014 Blockaid (@blockaid_) <a rel=\"nofollow\" href=\"https:\/\/x.com\/blockaid_\/status\/2077405527428989363?ref_src=twsrc%5Etfw\">July 15, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The security firm said the exploit triggered around 20 trading loops that steadily drained funds from Ostium\u2019s main vault. On-chain records show the attacker withdrew between $11.86 million and $18 million USDC, equal to roughly 28% of the protocol\u2019s $63 million total value locked at the time of the incident. The primary exploit transaction can be verified on <a href=\"https:\/\/arbiscan.io\/tx\/0x359f8c05b86a4409d60cfba02084334313fd94b19f74a294fb7fc4ea7d4870e0\" target=\"_blank\" rel=\"nofollow\">Arbiscan<\/a>.<\/p>\n<p>Ostium, which operates on Arbitrum, offers decentralized perpetual trading for tokenized real-world assets, including equities, commodities, foreign exchange markets and stock indices.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\">Oracle key compromise enabled repeated profit extraction<\/h2>\n<p>Instead of exploiting a flaw in smart contract code, the attacker abused trusted oracle infrastructure after obtaining a valid signer key. According to Blockaid, the manipulated oracle reports allowed favorable prices to pass protocol checks, making each trade appear legitimate while transferring losses to the liquidity vault.<\/p>\n<p>The incident has renewed attention on oracle security as decentralized finance protocols increasingly depend on external data feeds for pricing. Blockaid attributed the exploit to compromised signing credentials rather than a pricing error or market manipulation through normal trading activity.<\/p>\n<p>The protocol has since paused trading while the investigation continues. Users have been advised to follow Ostium\u2019s official communication channels for updates on withdrawals and any further recovery measures.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Update: All trader funds and open positions are currently preserved as-is (frozen). Funds in the trading storage contract are paused. The team is actively investigating with relevant security experts. We will provide updates as they come. <a rel=\"nofollow\" href=\"https:\/\/t.co\/zDe8gapmS3\">https:\/\/t.co\/zDe8gapmS3<\/a><\/p>\n<p>\u2014 Ostium (@Ostium) <a rel=\"nofollow\" href=\"https:\/\/x.com\/Ostium\/status\/2077438120354603396?ref_src=twsrc%5Etfw\">July 15, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\">Institutional backing failed to prevent another security setback<\/h2>\n<p>Before the exploit, Ostium had raised about $27.8 million from investors including General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute and GSR. The incident occurred despite the project\u2019s institutional backing and multiple security audits, highlighting that infrastructure outside audited smart contracts can still become a critical point of failure.<\/p>\n<p>The attack also adds to a series of recent security incidents affecting crypto platforms. Earlier this month, crypto.news reported that Ctrl Wallet <a href=\"https:\/\/crypto.news\/ctrl-wallet-shuts-down-after-exploit-urges-move-funds\/\" target=\"_blank\">announced<\/a> it would permanently shut down after a separate security exploit affecting some Cardano wallets.<\/p>\n<p>The company gave users until Aug. 3 to move their crypto assets before wallet functions, including sending, receiving and swapping, are disabled, leaving only recovery phrase exports available.<\/p>\n<p>Elsewhere in the Arbitrum ecosystem, Secret Network recently <a href=\"https:\/\/crypto.news\/secret-network-may-leave-cosmos-for-arbitrum-after-bridge-exploit\/\" target=\"_blank\">proposed migrating<\/a> its SCRT token from Cosmos to Arbitrum, citing security concerns, weaker liquidity and aging code on its current network. The proposal includes a one-time Sept. 1 snapshot that would distribute a new ERC-20 SCRT token on Arbitrum to eligible native and staked SCRT holders.<\/p>\n<p>As projects continue expanding onto Arbitrum, the Ostium exploit demonstrates that securing oracle infrastructure remains as important as auditing smart contracts. According to Blockaid\u2019s findings, a single compromised signer key was enough to bypass trusted price verification and inflict multimillion-dollar losses within hours.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/crypto.news\/blockaid-uncovers-18m-exploit-that-forces-ostium-halt\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ostium has halted trading after an exploit tied to a compromised oracle signer key drained nearly $18 million USDC from its liquidity vault, according to blockchain security firm Blockaid. Summary Blockaid linked Ostium\u2019s $18 million exploit to a compromised oracle signer key. The attacker drained up to 28% of the protocol\u2019s $63 million liquidity vault. [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":21660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[23],"tags":[],"kronos_expire_date":[],"class_list":["post-21659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crypto"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/21659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=21659"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/21659\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/21660"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=21659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=21659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=21659"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=21659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}