Ostium RWA perpetual DEX suffers $18M exploit - AltcoinDaily.co
featured-image

An attacker has drained 18 million in USDC from the Ostium vault on Arbitrum. Security firm Blockaid flagged the incident on X, blaming the attack on a manipulation of Ostium’s price feed. 

According to the security firm, the attacker used a registered PriceUpKeep forwarder and submitted authorized oracle reports dated into the future. That allowed the attacker to book trade profits that did not exist, and the vault paid them out in USDC. 

Blockaid put the payout at about $18 million.

What happened to Ostium?

Security firm ExVul wrote on X, “The attack stems from a Private Key Compromise (Oracle Signer) resulting in price manipulation.”

Defimon Alerts reached a similar conclusion, labeling the event a private-key compromise of a privileged oracle signer that led to price manipulation. Both descriptions point to Ostium’s oracle layer as the weak link.

However, there is full consensus on the total amount lost in the exploit. Blockaid says that the exploit triggered “~$18M USDC payout from the vault.” 

ExVul reported that $11.86 million in USDC left the vault, adding that it amounted to about 32% of Ostium’s $34.3 million in total value locked (TVL). Defimon Alerts logged an even higher figure, stating that Ostium lost approximately $20 million. However, it also mentioned that 11,862,445 USDC was drained from the vault.

Ostium is a perpetual exchange built on Arbitrum that lets people trade leveraged positions on assets like foreign exchange, commodities, metals, and equities directly from a self-custody wallet. It was one of the first DeFi venues to bring that kind of traditional-market exposure on-chain.

Ostium recently announced institutional backing and platform upgrade 

In late April, Ostium rolled out what it called a decentralized execution layer, a system that routes on-chain orders to off-chain institutional partners for hedging. The reason for this, per co-founder and CTO Marco Antonio Ribeiro, was to connect smart contracts to institutional messaging systems with sub-100-millisecond latency.

Ostium closed a $20 million Series A in December 2025 co-led by General Catalyst and Jump, according to DefiLlama’s funding records, which also list Coinbase Ventures, Wintermute Ventures, and GSR among the backers. Other reports put the company’s total raised at $27.8 million.

DefiLlama’s dashboard currently shows Ostium holding $63.33 million in total value locked, all on Arbitrum, with more than $60 billion in cumulative perpetual volume since launch. 

Another addition to a brutal stretch for crypto security

Now Ostium has joined the growing list of companies that have suffered a breach in 2026.

The second quarter of 2026 closed as the most attack-heavy quarter on record by incident count, with roughly 83 separate exploits through late June.

It is already halfway into July, and the list keeps on growing. Compromised administrator credentials and fake price manipulation accounted for about 37% of those losses, and private-key theft for another 5.7%. 

An oracle-signer compromise of the kind described at Ostium sits squarely inside that trend of attacks aimed at privileged access.

Ostium has acknowledged the exploit, writing on X, “We are aware of the issue with the OLP vault. We have paused all trading. The team is investigating.” So far, it has not released any statement that addresses the size of the loss.

If you’re reading this, you’re already ahead. Stay there with our newsletter.