Another DeFi Exploit: Perp DEX Ostium Loses $18 Million in Oracle Attack

Summary

Ostium lost about $18 million after an attacker compromised an oracle signer key and manipulated the decentralized perpetuals exchange’s price feed to fabricate trading profits. The exploit used a registered PriceUpKeep forwarder and future-dated authorized oracle reports, which triggered a large USDC payout from Ostium’s liquidity vault. Ostium paused all trading and said it was investigating the OLP vault issue. Built on Arbitrum, Ostium offers perpetual futures on real-world assets such as stocks, commodities, forex, and indices. At the time, it held about $63 million in total value locked, so the drain removed nearly one-third of its liquidity. The incident reflects a broader surge in DeFi attacks, with more than $840 million stolen in the first five months of 2026.