The exploit wiped out nearly a third of the protocol’s $63 million in total value locked, highlighting persistent DeFi security risks.
Decentralized perpetuals exchange Ostium lost $18 million in USDC after attackers compromised an oracle signer key, submitting falsified price reports to drain liquidity. The breach occurred Wednesday, exploiting a registered PriceUpKeep forwarder to generate artificial trading profits paid out from Ostium’s vaults.
The protocol held approximately $63 million in total value locked prior to the attack, meaning the exploit removed nearly one-third of its liquidity. Ostium, built on Arbitrum, offers perpetual futures tied to real-world assets and operates without user identity verification.
Ostium paused all trading and confirmed the investigation is ongoing. The incident follows a surge in DeFi exploits this year, raising concerns over oracle security and protocol vulnerabilities.