Ostium Perp DEX Hit for $18 Million in Brutal Oracle Exploit

Share:
Ostium, an Arbitrum-based RWA perpetual DEX, lost roughly $11.86M–$18M USDC (about 28% of its $63M TVL) on July 15, 2026 after attackers used a compromised oracle signer private key to submit future-dated prices and execute around 20 looped delegated trades. The verifiable exploit highlights critical oracle and key-management security risks for DeFi and RWA protocols despite Ostium’s $27.8M fundraising from General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute and GSR, and is under active investigation.
In Brief
- Ostium DEX drained $18M USDC via compromised oracle key on Arbitrum.
- Attacker used future-dated prices to loop profitable trades and empty vault.
- Major RWA perp protocol hit despite $27.8M funding from top VCs.
Arbitrum’s RWA perpetual platform Ostium lost nearly $18 million USDC today after attackers compromised an oracle signer key and manipulated prices.
The root cause was a compromised oracle signer private key. This allowed the attacker to bypass verification checks and submit favorable future prices. They executed around 20 looped trades through delegated actions, instantly profiting at the protocol’s expense without genuine market exposure.
Exploit Drains One-Third of Vault in Hours
Security firm Blockaid first flagged the incident, indicating that the attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to generate artificial trading profits. This triggered repeated open-and-close loops that drained funds from Ostium’s main liquidity vault.
🚨 Blockaid detected an @Ostium Vault exploit on Arbitrum.An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault.More details in 🧵
— Blockaid (@blockaid_) July 15, 2026
Follow us on X to get the latest news as it happens
On-chain data shows roughly $11.86M–$18M USDC extracted from the vault, representing about 28% of its $63 million TVL at the time of the attack. The primary exploit transaction is publicly verifiable on Arbiscan.
Ostium is a leading decentralized perpetuals exchange focused on real-world assets, including equities, commodities, forex, and indices, built on Arbitrum.
Major Backing Meets Major Setback
The protocol had raised approximately $27.8 million from top-tier investors including General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute, and GSR.
Despite strong institutional support and multiple audits, the incident exposes persistent risks in oracle-dependent RWA infrastructure.
The exploit is under active investigation. Users should monitor official channels for withdrawal guidance and security updates. The event highlights the need for hardened oracle key management and real-time monitoring in hybrid DeFi protocols.
As the RWA perpetuals sector grows rapidly, this breach serves as a timely reminder: even well-funded projects remain vulnerable to private-key and oracle attacks.
Read the article at BeInCryptoRead More











